summaryrefslogtreecommitdiff
path: root/source4/ldap_server
AgeCommit message (Collapse)AuthorFilesLines
2010-04-06build: commit all the waf build files in the treeAndrew Tridgell1-0/+12
2010-02-25s4:ldap_server - make it "signed-safe"Matthias Dieter Wallnöfer3-7/+8
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25s4:LDAP server - Enable support for returning referrals through itMatthias Dieter Wallnöfer1-0/+22
This is needed for my work regarding the referrals when the domain scope control isn't specified. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-18Added freeing a successful req so it doesnt croud the ldb contextNadezhda Ivanova1-2/+4
2009-12-15Removed ldb_modify_ctrl from ldb, implemented as a static in ldap_backend.Nadezhda Ivanova1-1/+43
2009-11-20Some changes to allow processing of ldap controls on modify requests.Nadezhda Ivanova1-1/+1
ldap_backend used to filter out ldap controls on modify. Also, modified python binding for ldap_modify to allow writing tests for such controls.
2009-10-25s4-samdb: reduce the number of samdb opens at startupAndrew Tridgell1-4/+2
Using common parameters means that the ldb_wrap code can return a reference rather than a new database
2009-10-23s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()Andrew Tridgell1-1/+1
This allows us to reuse a ldb context if it is open twice, instead of going through the expensive process of a full ldb open. We can reuse it if all of the parameters are the same. The change relies on callers using talloc_unlink() or free of a parent to close a ldb context.
2009-10-23s4-dsdb: add a static samdb_credentialsAndrew Tridgell1-2/+2
Similarly to system_session(), this creates a static samdb_credentials()
2009-10-23s4-dsdb: create a static system_session contextAndrew Tridgell1-1/+1
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
2009-10-08s4:ldap server - remove unused error handlingsMatthias Dieter Wallnöfer1-35/+0
Those error cases should be handled by LDB itself to be available on all connection methods and not only over LDAP.
2009-10-02s4:LDB/LDAP - Re-allow renamesMatthias Dieter Wallnöfer1-1/+1
The main problem is that the "rdn_name" module launches on a rename request also a modification one with the "special attributes" which can't be changed directly. An introduced flag helps to bypass the restriction.
2009-10-02s4:ldap_server Ensure we don't segfault when sent a NULL new RDNAndrew Bartlett1-4/+7
The Microsoft testsuite tried to rename cn=administrator,cn=users,... into "",cn=users... which didn't go so well. Andrew Bartlett
2009-09-28s4-ldap: fixed spellingAndrew Tridgell1-1/+1
2009-09-26gensec: Avoid exposing lp_ctx on the API level.Jelmer Vernooij1-1/+1
2009-09-18s4-server: kill main daemon if a task fails to initialiseAndrew Tridgell1-4/+6
When one of our core tasks fails to initialise it can now ask for the server as a whole to die, rather than limping along in a degraded state.
2009-08-14s4:ldap_server Correct removal of talloc_steal()Andrew Bartlett1-1/+0
This corrects commit 7a82aed71b74af8bc2a8a4381541adbb22452d20. The steal did not set ent->attributes, so it was incorrect to assign to ent->attributes. Andrew Bartlett
2009-08-14s4:ldap_server Remove another talloc_steal (with references)Andrew Bartlett1-1/+1
This talloc_steal also conflicts with the ldb_map code, and like the previous commit, is rudundent given the talloc_steal of the whole msg above. Andrew Bartlett
2009-08-14s4:ldap_server Don't talloc_steal (with references) in ldap_backendAndrew Bartlett1-1/+1
There may or may not be a need to take a reference to the 'name' in the ldb_map code, but given we seal the whole msg just above here, it makes no senst to steal the name, but not the values. Andrew Bartlett
2009-08-05s4:ldap_server: make sure we shutdown the tls socket before ↵Stefan Metzmacher1-0/+1
stream_terminate_connection() removes the fd event This fixes a crash bug where tls_destructor() relies on the fd event still being there. metze
2009-08-04s4-ldap_server: fix generated error string in map_ldb_error().Günther Deschner1-1/+1
Guenther
2009-07-31s4: Enhances the LDAP server to display error messages like Windows ServerMatthias Dieter Wallnöfer1-27/+178
Those error messages also include the WERROR code of the failed operation(s) in this manner: <error code eight chars in HEX>: <further error message> This also addresses bug #4949
2009-07-31s4:ldap_server: the tls code steals the original socket on its own nowStefan Metzmacher2-2/+2
metze
2009-07-01use a talloc_unlink() as ops may have a referenceAndrew Tridgell1-1/+1
2009-06-24Reenable the LDAPI socket for the merged buildVolker Lendecke1-2/+0
It seems that the samba4 part of the merged build does not pick up the DEVELOPER flag from the s3 configure. Jelmer, can you fix that properly? Thanks, Volker
2009-06-19Allow developers access the the privilaged ldapi socket for the momentAndrew Bartlett1-0/+4
This allows us some time to get the EXTERNAL bind working
2009-06-19s4:ldapsrv Place the 'privilaged' ldapi socket under an #ifdefAndrew Bartlett1-1/+11
This makes it clear to our users that this particular implementation isn't final (all parties are agreed that an EXTERNAL bind is the right way to do this, but it has not been implemented yet). Andrew Bartlett
2009-06-06Allow access as SYSTEM on a privileged ldapi connectionVolker Lendecke1-13/+83
This patch creates ldap_priv/ as a subdirectory under the private dir with the appropriate permissions to only allow the same access as the privileged winbind socket allows. Connecting to ldap_priv/ldapi gives SYSTEM access to the ldap database.
2009-05-29Fix some nonempty blank linesVolker Lendecke1-11/+11
2009-02-24libcli/ldap: move generic ldap control encoding code to ldap_message.cStefan Metzmacher1-2/+2
As they can we static there, we pass the specific handlers as parameter where we need to support controls. metze
2009-02-18Worked around a problem with select/poll/epoll and gnutls Andrew Tridgell2-0/+5
Our packet layer relies on the event system reliably telling us when a packet is available. When we are using a socket layer like TLS then things get a bit trickier, as there may be bytes in the encryption buffer which could be read even if there are no bytes at the socket level. The GNUTLS library is supposed to prevent this happening by always leaving some data at the socket level when there is data to be processed in its buffers, but it seems that this is not always reliable. To work around this I have added a new packet option packet_set_unreliable_select() which tells the packet layer to not assume that the socket layer has a reliable select, and to instead keep trying to read from the socket until it gets back no data. This option is set for the ldap client and server when TLS is negotiated. This seems to fix the problems with the ldaps tests.
2009-02-13Remove auth/ntlm as a dependency of GENSEC by means of function pointers.Andrew Bartlett1-9/+7
When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett
2009-02-02s4:service_stream: s/private/private_dataStefan Metzmacher1-4/+4
metze
2009-02-02s4:ldap_server: s/private/private_dataStefan Metzmacher3-12/+12
metze
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher2-7/+7
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-22s4: Fix subsystem for various services in samba daemon.Jelmer Vernooij1-1/+1
2008-12-17s4:ldap_server: return the extended dn to the LDAP client if availableAndrew Bartlett1-1/+16
This uses an early peek at the extended_dn_control (in the request) to see what output format to use. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-11-17Remove restrictions on number of DN components in LDAP serverAndrew Bartlett1-13/+9
There is no reason for these restrictions to be in the LDAP server - they belong in the LDB layer. When accepting 'extended' or 'alternate' DNs we can't tell anyway. Andrew Bartlett
2008-11-02Remove use of global_loadparm for disabled gensec backends.Jelmer Vernooij1-0/+3
2008-11-02Add gensec_settings structure. This wraps loadparm_context for now, butJelmer Vernooij1-1/+1
should in the future only contain some settings required for gensec.
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij3-4/+4
2008-09-29LDB ASYNC: misc changesSimo Sorce1-19/+16
2008-09-24Fix nasty bug that would come up only if a client connection to a remoteSimo Sorce1-0/+1
ldap server suddenly dies. We were creating a wrong talloc hierarchy, so the event.fde was not freed automatically as expected. This in turn made the event system call the ldap io handlers with a null packet structure, causing a segfault. Fix also the ordering in ldap_connection_dead() Thanks to Metze for the huge help in tracking down this one.
2008-09-24Rename smbd -> samba.Jelmer Vernooij1-1/+1
This reverts commit 05ea5e23cf4e70de0bd658b1c5c0ead133967091. Conflicts: source4/smbd/server.c
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce2-8/+4
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-09-22s4: allways initialize the process model before it's usedStefan Metzmacher1-1/+1
metze
2008-09-21Revert "Rename smbd -> samba."Jelmer Vernooij1-1/+1
This reverts commit 0e9008be35a5b334bd65e6417193d4b8f27bdc36.
2008-09-21Rename smbd -> samba.Jelmer Vernooij1-1/+1
2008-09-19LDAP Server: Don't create the SASL SECBLOB output object twiceMatthias Dieter Wallnöfer1-3/+0
Removes one "talloc" creation of the output object. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-07-16Don't keep an extra ldb around forever.Andrew Bartlett1-1/+5
We just open it to figure out if we need to be a Global Catalog server. Andrew Bartlett (This used to be commit f13572d9e9f1962b637cbd573588184d1459d252)