Age | Commit message (Collapse) | Author | Files | Lines |
|
This must be available to the OpenLDAP backend, to set the GUID values
in some situations. We need a proper ACL mechanism to control the use
or abuse of this control.
This reverts commit 10adee89367cee9add993869280542418fb3d370.
|
|
This makes our LDAP much more secure and less error-prone.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 16 19:43:36 UTC 2010 on sn-devel-104
|
|
This makes it easier to read
|
|
this function takes the operator being invoked, which will allow
schema functions to provide more fine grained control over
comparisons.
The key bug this was introduced to fix is the incorrect handling of
the LDB_OP_PRESENT test for deleted linked attributes. The backends
are unaware of the deleted state of these links, so they cannot do a
LDB_OP_PRESENT test on their own.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
It is the same as ldb_request_add_control, except it will replace
an existing control.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 19:00:38 UTC 2010 on sn-devel-104
|
|
this is used to help debug async ldb requests. The ldb request handle
now contains a location string and the parent request pointer. This
allows us to print a backtrace of ldb requests in the dsdb modules.
|
|
This ensures that internal bits for the element flags in add/modify
requests are not set via the ldb API
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
The flags field of message elements is part of a set of flags. We had
LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely
being used (only 1 call used it correctly). This adds
LDB_FLAG_MOD_MASK() to make it more obvious what is going on.
This will allow us to use some of the other flags bits for internal
markers on elements
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a
user object.
There is some 'interesting' interaction with the rangeLower and
rangeUpper attributes and this add. We don't implementat
rangeLower/rangeUpper yet, but when we do we'll need an override for
this control (or be careful about module ordering).
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
They are not quite safe to use (requires caller to steal
resulting message in own context) and may lead to holding
memory for too long.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Previos implementation from ldb_msg_canonicalize()
was moved into this function and now ldb_msg_canonicalize()
is based on ldb_msg_normalize()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
from client
Old implementation from ldb_msg_diff() was moved into
this this function but with changed interface
so that a memory context may be passed.
ldb_msg_diff() function is now based on ldb_msg_difference(),
which fixes a hidden leak - internal ldb_msg object
(returned from ldb_msg_canonicalize) wasn't freed
and stays attached to ldb_context for the connection lifetime.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
This makes it easier to understand which standard specifies which control.
|
|
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
|
|
Check on modify if we are RODC and return referral.
On the ldap backend side now we pass context and ldb_modify_default_callback
to propagate the referral error to the client.
|
|
|
|
Like TYPESAFE_QSORT() but for the ldb_qsort() function
|
|
|
|
operations.
|
|
|
|
|
|
This control will allow inspection of internal ldb values, which would
normally be stripped before being presented to users. The first use
will be stripping linked attribute meta data extended components.
|
|
this makes the usage clearer
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
ldap_backend used to filter out ldap controls on modify. Also, modified
python binding for ldap_modify to allow writing tests for such controls.
|
|
a helper function to a DN element to an ldb_msg using ldb_msg_add_string.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This will be used to allow cancelling of transactions in a child after
a fork()
|
|
|
|
Also enhance some other comments.
|
|
|
|
This allows this control to be specified as critical. We support the
control because we choose to always be durable in our transactions.
We really, really need a 'duplicate request' API, as at the
moment we can't do this without a large, error-prone set of code that
cannot cope with new request fields or types.
Andrew Bartlett
|
|
|
|
AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a
binary blob. We need to support those in order to give correctly
formatted binary blobs for things like wellKnownObjects
This implementation is not ideal, as it allows for binary blobs on all
DNs, whereas it should only allow them on those with a syntax of
2.5.5.7. We should clean this up in the future, but meanwhile this
implementation at least gets us a working DC join of w2k8 to s4.
This patch also uses a static function for marking DNs as invalid,
which is very useful when debugging this code, as you can break on it
in gdb.
|
|
|
|
This is currently only triggered via Samba4's schema code.
|
|
When LDB_FLG_ENABLE_TRACING is set ldb will send full traces
of all operations and results
|
|
metze
|
|
It is useful to be able to control the 2 phase commit from application
code (s4 replication uses it)
|
|
|
|
This add --show-binary to ldbsearch. When this flag is set, binary
blobs will be shown as-is, instead of base64 encoded. This is useful
for some XML encoded attributes, and will also be used as part of some
NDR print formatting for attributes like repsTo.
|
|
|
|
This function provides a easy function for displaying a ldb_message
structure in a human readable format. It is especially useful for
calling in gdb.
|
|
This allows us to turn a python LdbMessage back into a string.
Andrew Bartlett
|
|
LDB_CONTROL_SHOW_RECYCLED_OID 1.2.840.113556.1.4.2064
LDB_CONTROL_SHOW_DEACTIVATED_LINK_OID 1.2.840.113556.1.4.2065
metze
|
|
When a attribute is marked as LDB_ATTR_FLAG_UNIQUE_INDEX then attempts
to add a 2nd record that has the same attribute value for this
attribute as another record will fail.
This provides a much more efficient mechanism for ensuring that
attributes like objectGUID are unique
|
|
This is all working towards supporting the full WSPP schema without a
major performance penalty.
We now use binary searches when looking up classes and attributes. We
also avoid the loop loading the attributes into ldb, by adding a hook
to override the ldb attribute search function in a module. The
attributes can thus be loaded once, and then saved as part of the
global schema.
Also added support for a few more key attribute syntaxes, as needed
for the full schema.
|
|
|