Age | Commit message (Collapse) | Author | Files | Lines |
|
map_attr_find_local() always returns, which is exactly what we don't
want. Instead, rely on the overwrite behaviour.
Andrew Bartlett
(This used to be commit 9b9b7bae16a635d9a9ba72d21a4a4718d294c9b0)
|
|
attributes to backend (remote) attributes.
We can't do a reverse mapping safely where the remote attribute may be
a source for multiple local attributes. (We end up with the wrong
attributes returned).
In doing this, I've modified the samba3sam.js test to be more
realistic, and fixed some failures in the handling of primaryGroupID.
I've added a new (private) helper function ldb_msg_remove_element() to
avoid a double lookup of the element name.
I've also re-formatted many of the function headers, to fit into
standard editor widths.
Andrew Bartlett
(This used to be commit 186766e3095e71ba716c69e681592e217a3bc420)
|
|
(This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
|
|
Andrew Bartlett
(This used to be commit cf1b0cc19fc7aad2a44777929861e70497ccef7d)
|
|
libraries
works again now, by specifying --enable-dso to configure.
(This used to be commit 7a01235067a4800b07b8919a6a475954bfb0b04c)
|
|
argument.
This is a pointer to an element pointer. If it is not null it will be
filled with the pointer of the manipulated element.
Will avoid double searches on the elements list in some cases.
(This used to be commit 0fa5d4bc225b83e9f63ac6d75bffc4c08eb6b620)
|
|
(This used to be commit 4ad2eba2aa7711d480a844766e2dd3da938b3413)
|
|
(This used to be commit 05134a90e3ff0e4039dbd34c52f824bc666feb11)
|
|
(This used to be commit 3e0e2787c1da1c3831e21b163e1370001d725a3d)
|
|
the results where used.
Seem that el is hanging out of a request, and the target is put on the final results.
Still one to catch and fix, but this seem to cure most of them
(This used to be commit bfeaa08fde805439dbda974be6fcb692957b00f1)
|
|
(This used to be commit 6fad80bb09113a60689061a2de67711c9924708b)
|
|
(This used to be commit 7180f38e9e436ca7a7c49f2d4b315ec5eb9c7631)
|
|
This moves these attributes from objectguid into an optional backend
(objectguid), used by ltdb. For OpenLDAP, the entryUUID module
converts entryCSN into usnChanged.
This also changes the sequence number API, and uses 'time based'
sequence numbers, when an LDAP or similar backend is detected.
To assist this, we also store the last modified time in the TDB,
whenever we change a value.
Andrew Bartlett
(This used to be commit 72858f859483c0c532dddb2c146d6bd7b9be5072)
|
|
paged_searches module.
In particular, we must query the remote server to find out if paged
searches are supported, not the local ldb.
This patch also removes the ue of bool, and returns it to LDB error codes.
Andrew Bartlett
(This used to be commit d36d05858bb9b87802f5ffb83285ef12b9646741)
|
|
Fix logic error in paged_results
(This used to be commit 34ce1f8e1bab2debb508aa8bf478231389a77d42)
|
|
to mess with the values in these cases.
Where we do convert the values, try and convert substrings. This
isn't going to be perfect, but we should try rather than segfault.
This also avoids using the wrong arm of the union for the attribute
name
The change in the entryUUID module is to correct the case of
sAMAccountName, due to the case sensitive ldap.js test.
Andrew Bartlett
(This used to be commit 81d9a692c1e74ec9078bf718003eafdba85b4324)
|
|
This adds a list of attributes that are in our wildcard seaches, but
the remote server requires to be explicitly listed. This also cleans
up the handling of wildcards in ldb_map to be more consistant.
Also fix the partitions module to rebase the search, if on the GC
port, we do a subtree search. (Otherwise backends can rightly
complain that the search is not in their scope).
Andrew Bartlett
(This used to be commit bc58792b7102f086b19353635d5d5ef9d40a0aae)
|
|
exposed.
Unfortunately this generates a large number of type punning
warnings. We'll have to find some magic to hide those.
(This used to be commit 254cbf09dee5a1e20c47e47a298f1a8d172b41b9)
|
|
carefully. Most of them are OK, but a couple were not.
(This used to be commit b0de2838829d9750817c31f28c11c6b2be6e7b64)
|
|
appropriate.
Note that I also removed the error checks that were being done on the
result of talloc_steal(). They are pointless as talloc_steal() doesn't
have any failure modes that wouldn't cause a segv anyway, and they
tend to clutter the code
(This used to be commit c0d9e7d473b8e3eb2524a9fc29cf88680f994b36)
|
|
(This used to be commit 449fab2c264aa50601f9a2d3310f1910ba97706b)
|
|
(This used to be commit 41cb3a9258012e628a2d87959cc066f6c5d92255)
|
|
emacs compile mode (hint, paste to a file, and compile as "cat
filename").
This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
(This used to be commit eba6c84efff735bb0ca941ac4b755ce2b0591667)
|
|
metze
(This used to be commit c66cf31afd99d537b1f4dfc8ff1502dfa6accfd3)
|
|
we make searches before things are initialised. Cope with this.
Andrew Bartlett
(This used to be commit daa1a61891ede404bcce72affb7094e5c452c689)
|
|
pointer.
This only works when this is the only structure member, but when I
added a new context pointer, it failed.
Andrew Bartlett
(This used to be commit 5bcfa12cef0d9eba5d5d1f65f676e7852297667f)
|
|
modules to put private data.
Andrew Bartlett
(This used to be commit ba00f45357d113bf245c6622ef96701aa7c7026c)
|
|
This module has been created with the purpose of being used
for searches against ldap servers without the need to handle
the control manually
You can test it by passing -o modules:paged_searches to ldbsearch
The page search size is set to 500 objects.
Simo.
(This used to be commit 07d377f3c27966b40465bb5dc4f55746ba8489af)
|
|
(This used to be commit e9d101bc3c1e7c1e8b6560a1f7161e6eb270c7df)
|
|
(This used to be commit 403cbd335594112e0c58fd68d20f0e3faad7d186)
|
|
for objectClass=xyz. The code has been warning at me 'no
covert_operator set', and indeed this is the case. (It then proceeds to
strip this as a search expression)
In this commit, I have implemented a convert_operator for objectClass,
by pretending it is a simple MAP_CONVERT operator for the search
requests.
I also have changed the logic for when we should bail out. I can only
see reason to bail out on the search if we have both local and remote
trees. How can a remote-only search be un-splittable?
Andrew Bartlett
(This used to be commit 656e58672c357121647a080400fcab4e5d30b46b)
|
|
needs to be renamed (operation_add?).
This allows me to match the behaviour and substitute with the
entryUUID module for remote LDAP connections.
Andrew Bartlett
(This used to be commit af02b4d7c631bb15bf5a5f73f9fdc23075d50f60)
|
|
Martin Kühl
<mkhl@samba.org>.
Martin took over the work done last year by Jelmer, in last year's
SoC. This was a substanital task, as the the ldb modules API changed
significantly during the past year, with the addition of async calls.
This changeset reimplements and enables the ldb_map ldb module and
adapts the example module and test case, both named samba3sam, to the
implementation.
The ldb_map module supports splitting an ldb database into two parts
(called the "local" and "remote" part) and storing the data in one of
them (the remote database) in a different format while the other acts
as a fallback.
This allows ldb to e.g. store to and load data from a remote LDAP
server and present it according to the Samba4 schema while still
allowing the LDAP to present and modify its data separately.
A complex example of this is the samba3sam module (by Jelmer
Vernooij), which maps data between the samba3 and samba4 schemas.
A simpler example is given by the entryUUID module (by Andrew
Bartlett), which handles some of the differences between AD and
OpenLDAP in operational attributes. It principally maps objectGUID,
to and from entryUUID elements. This is also an example of a module
that doesn't use the local backend as fallback storage.
This merge also splits the ldb_map.c file into smaller, more
manageable parts.
(This used to be commit af2bece4d343a9f787b2e3628848b266cec2b9f0)
|
|
helper function to set them.
(This used to be commit 260868bae56194fcb98d55afc22fc66d96a303df)
|
|
(This used to be commit c6aa60c7e69abf1f83efc150b1c3ed02751c45fc)
|
|
Finally acknowledge that ldb is inherently async and does not have a dual personality anymore
Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply
to reflect the real function of this structure.
Simo.
(This used to be commit 25fc7354049d62efeba17681ef1cdd326bc3f2ef)
|
|
that it should handle the add without a search.
Now that I'm working on better behaviour with an LDAP backend, I've
fixed the module to do just that. For an ADD, and a MODIFY with the
REPLACE flag, we do not need the search step.
Andrew Bartlett
(This used to be commit 87573e2ee4a71168ea69182d2dc4ebf1779b7c02)
|
|
The function pointer was meant to be unused, this patch fixes
partition.c to use ldb_sequence_number(). (No backend provided the
pointer any more).
Set the flags onto the ldb structure, so that all backends opened by
the partitions module inherit the flags.
Set the read-ony flag when accessed as the global catalog
Modify the LDAP server to track that this query is for the global
catalog (by incoming port), and set a opqaue pointer.
Next step is to read that opaque pointer in the partitions module.
Andrew Bartlett
(This used to be commit a1161cb30e4ffa09657a89e03ca85dd6efd4feba)
|
|
easier to chase down what modules or application code gets wrong.
Ensure not to leave memory allocated on failure in ldb_search()
Andrew Bartlett
(This used to be commit 0828739951ed879640f8ed6e4700d8ca6b8221b8)
|
|
This required changes to the rootDSE module, to allow registration of
partitions. In doing so I renamed the 'register' operation to
'register_control' and 'register_partition', which changed a few more
modules.
Due to the behaviour of certain LDAP servers, we create the baseDN
entry in two parts: Firstly, we allow the admin to export a simple
LDIF file to add to their server. Then we perform a modify to add the
remaining attributes.
To delete all users in partitions, we must now search and delete all
objects in the partition, rather than a simple search from the root.
Against LDAP, this might not delete all objects, so we allow this to
fail.
In testing, we found that the 'Domain Controllers' container was
misnamed, and should be 'CN=', rather than 'OU='.
To avoid the Templates being found in default searches, they have been
moved to CN=Templates from CN=Templates,${BASEDN}.
Andrew Bartlett
(This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)
|
|
correct grammar
(This used to be commit 26a2fa97e4c819e630bc9b50e11c8d5328c7b8c8)
|
|
r15944.
Hey idra I think a better rename would be to keep the LDB_REQ suffix
here to remain consistent with the other enums (e.g ldb_reply_type,
ldb_async_wait_type and ldb_async_state).
(This used to be commit d44ee8c43bd8f6f978330a8ded8bf30ffad494d6)
|
|
cn=rootDSE entry.
(it was also crashing, as 'ac' wasn't initialised at this point)
Andrew Bartlett
(This used to be commit 8455aafb1547ae843b066db716a892fda14438b4)
|
|
Check timeouts are correctly verified.
Some minor fixed and removal of unused code.
(This used to be commit b52e5d6a0cb1a32e62759eaa49ce3e4cc804cc92)
|
|
Add a test to show that we need this, and to prove it works (for add
at least).
Andrew Bartlett
(This used to be commit f72079029abb594677bf8c2b63e40c07e910004f)
|
|
(This used to be commit 55d97ef88f377ef1dbf7b1774a15cf9035e2f320)
|
|
This means that some modules have been disabled as well as they
have not been ported to the async interface
One of them is the ugly objectclass module.
I hope that the change in samldb module will make the MMC happy
without the need of this crappy module, we need proper handling
in a decent schema module.
proxy and ldb_map have also been disabled
ldb_sqlite3 need to be ported as well (currenlty just broken).
(This used to be commit 51083de795bdcbf649de926e86969adc20239b6d)
|
|
They have never benn used and make little sense too imo
(This used to be commit f0c1d08d50f8a3e25650ac85b178ec7a43e433d9)
|
|
I was sick of jumping inot each module for each request,
even the ones not handle by that module.
(This used to be commit 7d65105e885a28584e8555453b90232c43a92bf7)
|
|
an async module
change asq.c to be more readble
(This used to be commit 9197187c4290847721432db09bdfb2f1d06e51ba)
|