| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Use "LDB_FREE" for such free operations and in addition wipe also the casefolded
DN out.
|
|
when the components change
|
|
Cosmetic
|
|
upwards and use "LDB_FREE" for freeing "dn->components"
Mostly cosmetic - no behaviour change
|
|
|
|
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
It's meaningless and could end in DNs as "cn=child,".
|
|
|
|
We can have some special (bad) messages which contain multiple message elements
for the same attribute. The AD password change ones are such an example.
|
|
|
|
with length 0
|
|
--controls=local_oid:1.3.6.1.4.1.7165.4.3.7:1
To specify the DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control as critical.
metze
|
|
|
|
This could if the 'base' dn is special for example.
|
|
Check on modify if we are RODC and return referral.
On the ldap backend side now we pass context and ldb_modify_default_callback
to propagate the referral error to the client.
|
|
when one of the strings was not valid UTF8, we would try to
dereference NULL
|
|
|
|
sscanf can return also on short reads, in this case an invalid escape
sequence like '\1k' would be accepted, returning 1 as value and swallowing the
'k'. Use an auxiliar function to validate and convert hex escapes.
|
|
To count LDB objects use variables of type "unsigned (int)" or "long long int"
on binary or downto searches.
To count characters in strings use "size_t".
To calculate differences between pointers use "ptrdiff_t".
|
|
|
|
metze
|
|
metze
|
|
metze
|
|
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
|
|
It's not fully clear what this ":dn" part means for us. What we know is that
older AD implementations (Windows Server 2000, 2003) need it to have extended
matches working in the expected way.
To be able to interoperate with s3's winbind and other tools I and gd decided
to transform this into a warning until we know what to do.
This should fix bug #6511.
|
|
LDAP only knowns about signed integers, so let
ldb_msg_find_attr_as_uint() and ldb_msg_find_attr_as_uint64() cope
with it.
metze
|
|
metze
|
|
It has been a common bug to get the first two arguments the wrong way
around
|
|
|
|
The samldb module overrides the error code for some returns when
handling primaryGroupID. We need to take the error from the async
callback to allow this to work reliably
|
|
|
|
This is intended as a replacement for ldb_string_to_time() for ldb_val
inputs. This ensures it is length limited and includes additional
validity checks
|
|
This is needed to support DSDB_FLAG_OWN_MODULE
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This is used to udpate just the DN components of a ldb_dn, leaving the
other extended fields alone. It is needed to prevent linked attribute
updates from removing other extended components.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This canonicalise avoids a problem with an add that has multiple
elements with the same el->name. That is allowed by MS servers, and by
ldb, but it breaks things like the tdb backend and the repl_meta_data
RPMD handling.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when a prepare commit fails, we need to give a cancel to all modules,
not a commit!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
We need to be able to filter out components that should not be exposed
to users
|
|
This control will allow inspection of internal ldb values, which would
normally be stripped before being presented to users. The first use
will be stripping linked attribute meta data extended components.
|
|
This will make life easier when handling deleted linked attributes
|
|
The first bug was that setting a component twice could cause it to
appear twice in the DN.
The second bug was that using an existing ldb_val from a previous call
of ldb_dn_get_extended_component() as an argument to
ldb_dn_set_extended_component() would cause a valgrind error (as the
array the val pointed into will change).
|
|
|
|
(as objectClass will always be a case insensitive ascii string, we can
make a much simpler match function here than for the general case).
Andrew Bartlett
|
|
|
|
this makes the usage clearer
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
We were testing for valid DNs in ldbrename in the command line
tool. This hid a bug in the ldb library where we caught a bad DN in
the objectclass module rather than in the main ldb code. It is better
to do validation of the DNs passed on the command line in the library
code, as this gives us more consistent error handling between the
programming APIs for ldb and the command line.
|
|
ldap_backend used to filter out ldap controls on modify. Also, modified
python binding for ldap_modify to allow writing tests for such controls.
|
