Age | Commit message (Collapse) | Author | Files | Lines |
|
determine the source of the request
The aclread module used to use a control to make sure the request comes from the ldap server,
but now the rootdse filters out any unregistered controls comming from ldap, so the control is
lost. Using the LDB_HANDLE_FLAG_UNTRUSTED is a much more elegant solution.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Oct 27 11:55:11 UTC 2010 on sn-devel-104
|
|
this allows the rootdse module to filter unregistered controls
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 18 20:32:40 UTC 2010 on sn-devel-104
|
|
|
|
|
|
we need to pass the controls down to the add and rename ldb operations
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
WERROR codes
This is strictly needed by my recent passwords work, since I want to remove
most of the password change stuff in "samr_password.c". Since AD gives us
CONSTRAINT_VIOLATION on all change problems I cannot distinguish on the SAMR
level which the real cause was about. Therefore I need the extended WERROR codes
here.
|
|
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
the supportedSASLMechanisms opaque must live for at least as long as
the ldb, or we can crash when the first connection is torn down
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
operations
|
|
place in the code
Under the "add" and over the "delete" function.
|
|
|
|
behaviour on renames
|
|
"res" still set to "NULL"
|
|
"AddResponse")
|
|
This is needed to remove samba specifc symbols from the bundled
ldb, in order to get the ABI right.
metze
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
it exists
This message often contains suggestions how to fix issues.
|
|
It is a problem if a samba header is called ldap.h if we also want
to use OpenLDAP's ldap.h
Andrew Bartlett
|
|
Check on modify if we are RODC and return referral.
On the ldap backend side now we pass context and ldb_modify_default_callback
to propagate the referral error to the client.
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This is needed for my work regarding the referrals when the domain scope control
isn't specified.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
ldap_backend used to filter out ldap controls on modify. Also, modified
python binding for ldap_modify to allow writing tests for such controls.
|
|
Similarly to system_session(), this creates a static
samdb_credentials()
|
|
Those error cases should be handled by LDB itself to be available on all
connection methods and not only over LDAP.
|
|
The main problem is that the "rdn_name" module launches on a rename request also
a modification one with the "special attributes" which can't be changed directly.
An introduced flag helps to bypass the restriction.
|
|
The Microsoft testsuite tried to rename
cn=administrator,cn=users,... into "",cn=users... which didn't go so well.
Andrew Bartlett
|
|
|
|
|
|
This corrects commit 7a82aed71b74af8bc2a8a4381541adbb22452d20. The
steal did not set ent->attributes, so it was incorrect to assign to
ent->attributes.
Andrew Bartlett
|
|
This talloc_steal also conflicts with the ldb_map code, and like the
previous commit, is rudundent given the talloc_steal of the whole msg
above.
Andrew Bartlett
|
|
There may or may not be a need to take a reference to the 'name' in
the ldb_map code, but given we seal the whole msg just above here, it
makes no senst to steal the name, but not the values.
Andrew Bartlett
|
|
Guenther
|
|
Those error messages also include the WERROR code of the failed operation(s) in this
manner: <error code eight chars in HEX>: <further error message>
This also addresses bug #4949
|
|
|
|
This uses an early peek at the extended_dn_control (in the request) to see what output
format to use.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
There is no reason for these restrictions to be in the LDAP server -
they belong in the LDB layer. When accepting 'extended' or
'alternate' DNs we can't tell anyway.
Andrew Bartlett
|
|
|
|
|
|
|
|
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
|
|
This makes Samba4 behave much like Samba3 did, and use a single set of
administrative credentials for it's connection to LDAP.
Andrew Bartlett
(This used to be commit e396a59788d77aa2fbf3b523c3773fe0e5c976c0)
|
|
layer
metze
(This used to be commit 3da6f7f95d7c04cff49fa2312f94c059686d11e4)
|
|
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
|
|
This passes down the timeout more consistantly, and ensures that no
matter how the modules screw up, we don't free() the memory we are
going to write into the ASN1 packet until we actually write it out.
Andrew Bartlett
(This used to be commit eefd46289b90967ce6b4cd385fb1f7e1d6f9b343)
|
|
These small changes seem to fix some of the early issues in 'make
valgrindtest'
Previously, the subtree_delete code didn't pass on the timeout,
leaving it uninitialised.
The ldap_server/ldap_backend.c change tidies up the talloc hierarchy a
bit.
Andrew Bartlett
(This used to be commit 95314f29a9cf83db71d37e68728bfb5009fce60d)
|