| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
We need to be able to filter out components that should not be exposed
to users
|
|
This control will allow inspection of internal ldb values, which would
normally be stripped before being presented to users. The first use
will be stripping linked attribute meta data extended components.
|
|
This will make life easier when handling deleted linked attributes
|
|
allowedChildClassesEffective.
Behavior as documented in WSPP and tested. Needs optimisation though.
|
|
The first bug was that setting a component twice could cause it to
appear twice in the DN.
The second bug was that using an existing ldb_val from a previous call
of ldb_dn_get_extended_component() as an argument to
ldb_dn_set_extended_component() would cause a valgrind error (as the
array the val pointed into will change).
|
|
|
|
We need to keep a search count in ltdb to allow for nesting
of searches inside a module
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
We need to delete the deepest DNs first
|
|
Hopefully this will ensure we don't get an older version from the system.
|
|
(as objectClass will always be a case insensitive ascii string, we can
make a much simpler match function here than for the general case).
Andrew Bartlett
|
|
This tries to show that the domain object should not have a
primaryGroupToken, for example. (This passes against the old and new
code, as the failure case requires an object with an objectSid, and
exactly one group in it's subtree. Sadly I don't know of a valid structure
that I can construct to test this).
Andrew Bartlett
|
|
|
|
The '1' form gives GUIDs and SIDs in the ascii form as normally used
for display.
|
|
Tridge found that the partitions.c module was being initialised twice,
and setting the partitions into the rootDSE twice.
Andrew Bartlett
|
|
Includes the following verifications for the constructed parentGUID:
- Checks if it returns nothing when there is no parent object
- Ensures that attributes mentioned after the parentGUID
are returned correctly (this avoid a bug pointed out by Tridge
during sync constructed parentGUID development)
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
this makes the usage clearer
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This comes from a tip from Howard Chu. Apparently some clients
will send a -ve page size value.
|
|
|
|
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
We were trying to open $SERVER:3268 regardless, which could result in
creating a file called "localdc1:3268", which led to subsequent test
failures
|
|
We were testing for valid DNs in ldbrename in the command line
tool. This hid a bug in the ldb library where we caught a bad DN in
the objectclass module rather than in the main ldb code. It is better
to do validation of the DNs passed on the command line in the library
code, as this gives us more consistent error handling between the
programming APIs for ldb and the command line.
|
|
|
|
(Deny creation of entries with operational attributes specified)
|
|
Apparently Windows Server (2003) doesn't like the comma delimiter here. I got
always error 16 ("LDB_NO_SUCH_ATTRIBUTE"). With this change the test works
again.
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
I've forgotten to add this when checking in the reworked SAMLDB module
|
|
|
|
metze
|
|
|
|
ldap_backend used to filter out ldap controls on modify. Also, modified
python binding for ldap_modify to allow writing tests for such controls.
|
|
ldb_msg_add_dn does not copy the dn linearized string
|
|
a helper function to a DN element to an ldb_msg using ldb_msg_add_string.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
- The outside API contains "DN" string arguments: Bad. Since in this way we
fully rely on the outside calls regarding the right DN format. Solution: Use
always a "struct ldb_dn" entry. Since this one is interchangeable and we can
handle it in our preferred way.
|
|
- DN comparison: The function doesn't seem that efficient. I "upgraded" it a bit
to be more powerful (added a second length check and do both before the string
comparison)
|
|
This tests the fix for double rename/add and indexing
|
|
This is useful for speed tests with large numbers of records.
|
|
this prevents output being buffered when redirected to a file. Useful
for larger ldb command line operations
|
|
When we rename or modify a record, we need to update the indexes at
the same time. It is important that we use the DN of the actual
message that is stored in the database to do this, not the DN that was
passed in by the user. If the two differ in case then the index
records needs to use the 'real' record DN, as index handling is
currently case sensitive.
|
|
This makes it much easier to debug (as you can break in the ldb
modules by running gdb on /usr/bin/python)
|
|
When ildap created a new message to forward, it only copied controls for ldb_search
requests. This caused controls for add and modify to be lost in transition
and tests for them could not be implemented.
|
|
Fixed some expected owners and groups.
Signed-off-by: Nadezhda Ivanova <nadezhda.ivanova@postpath.com>
|
|
So the converted DN will be freed after usage.
|
|
Don't add only a new objectclass but also a new attribute. Plus let now the
server itself calculate the "lDAPDisplayName" attribute and compare the result.
|
|
I think those parts should be deactivated since they're result set checks for
lookups which are commented out already.
|
|
The DN escape function was using the form \c where c is any
character. The unescape function was using \XX where XX is a 2 digit
hex number. The asymmetry led to quite a few problems when we start to
deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The
result was a DN that was not accessible.
This patch changes the escaping to follow RFC2253 much more
closely. We accept either type of escape, and produce the two types of
escape, depending on the character being escaped
|
|
(These are deliberately there in DRS replication).
Andrew Bartlett
|
|
|
|
|
