summaryrefslogtreecommitdiff
path: root/source4/libcli/ldap
AgeCommit message (Collapse)AuthorFilesLines
2010-10-27s4-ldb: Changes the aclread module to use LDB_HANDLE_FLAG_UNTRUSTED to ↵Nadezhda Ivanova1-2/+0
determine the source of the request The aclread module used to use a control to make sure the request comes from the ldap server, but now the rootdse filters out any unregistered controls comming from ldap, so the control is lost. Using the LDB_HANDLE_FLAG_UNTRUSTED is a much more elegant solution. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Oct 27 11:55:11 UTC 2010 on sn-devel-104
2010-10-26waf: Stop automaticaly changing dashes to underscores in library names.Jelmer Vernooij1-1/+1
2010-10-26waf: Remove lib prefix from libraries manually.Jelmer Vernooij1-1/+1
2010-10-26s4: Drop duplicate 'lib' prefix for private libraries.Jelmer Vernooij1-1/+1
2010-10-24s4: Rename LIBCLI_LDAP to libcli_ldap.Jelmer Vernooij1-1/+1
2010-10-24s4: Rename LIBSAMBA-* to libsamba-*Jelmer Vernooij1-1/+1
2010-10-23s4/ldb:introduce the LDB_CONTROL_PROVISION_OID controlMatthias Dieter Wallnöfer1-0/+2
This control is exactly thought for the actions which previously were performed using the RELAX one. We agreed that the RELAX control will only remain for interactions with OpenLDAP.
2010-10-23ldb:rename LDB_CONTROL_BYPASSOPERATIONAL_OID into ↵Matthias Dieter Wallnöfer1-2/+2
LDB_CONTROL_BYPASS_OPERATIONAL_OID It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
2010-10-21s4-libcli: make LIBCLI_LDAP a private libraryAndrew Tridgell1-7/+8
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-18Revert "s4:dsdb - make the RELAX control private"Andrew Bartlett1-2/+1
This must be available to the OpenLDAP backend, to set the GUID values in some situations. We need a proper ACL mechanism to control the use or abuse of this control. This reverts commit 10adee89367cee9add993869280542418fb3d370.
2010-10-16s4:dsdb - make the RELAX control privateMatthias Dieter Wallnöfer1-1/+2
This makes our LDAP much more secure and less error-prone. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 16 19:43:36 UTC 2010 on sn-devel-104
2010-10-16s4:libcli/ldap/ldap_controls.c - fix up the controls listMatthias Dieter Wallnöfer1-29/+49
- add missing private controls and comments - use control defines rather than hardcoded values -> easier to comprehend - reorder controls
2010-09-28s4-ildap: two more places that need talloc_reparent()Andrew Tridgell1-1/+1
these contexts can have references Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Sep 28 00:04:03 UTC 2010 on sn-devel-104
2010-09-27s4-ildap: fixed a talloc_steal with references errorAndrew Tridgell1-1/+1
We need talloc_reparent() instead Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 27 20:38:00 UTC 2010 on sn-devel-104
2010-09-27s4:libcli/ldap: fix sending oneway requestsStefan Metzmacher1-18/+26
metze
2010-09-26s4-ldap: Added a control to apply the access checks on read via LDAPNadezhda Ivanova1-0/+2
2010-09-10s4/ldap: use time_mono for reconnect timeoutBjörn Jacke1-2/+2
2010-08-17s4-dsdb: added support for LDB_CONTROL_RODC_DCPROMO_OIDAndrew Tridgell1-0/+1
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a user object. There is some 'interesting' interaction with the rangeLower and rangeUpper attributes and this add. We don't implementat rangeLower/rangeUpper yet, but when we do we'll need an override for this control (or be careful about module ordering). Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-ldap: use common functions for ldap flag controls encode/decodeAndrew Tridgell1-163/+11
many controls are simple present/not-present flags, and don't need their own parsers Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell2-5/+5
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-28s4/libcli: Register LDB_CONTROL_REVEAL_INTERNALS and ↵Endi S. Dewata1-0/+4
DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID controls. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-06-20ldb:controls - add the "TREE_DELETE" control for allowing subtree deletesMatthias Dieter Wallnöfer1-0/+20
2010-06-20s4:ldap_controls.c - remove encoding functions for private recalculate SD ↵Matthias Dieter Wallnöfer1-19/+0
control
2010-06-07s4: Remove an uselessly exposed controlMatthieu Patou1-1/+0
2010-05-21s4:libcli/ldap Update headermap.txt (autotools build) and wscript_build for ↵Andrew Bartlett1-1/+1
libcli_ldap.h It took a little while to find where to update this... Andrew Bartlett
2010-05-21s4:libcli/ldap Rename ldap.h to libcli_ldap.hAndrew Bartlett6-5/+5
It is a problem if a samba header is called ldap.h if we also want to use OpenLDAP's ldap.h Andrew Bartlett
2010-04-06s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell1-0/+2
them
2010-04-06s4-waf: install the rest of the headersAndrew Tridgell1-5/+1
2010-04-06build: commit all the waf build files in the treeAndrew Tridgell1-0/+12
2010-03-02s4-libcli: Added NULL handlers for DSDB_CONTROL_DN_STORAGE_FORMAT_OID and ↵Endi S. Dewata1-0/+4
LDB_CONTROL_AS_SYSTEM_OID Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-17s4/ldap: Refactor the fix for ldap nested searchesKamen Mazdrashki1-4/+0
Current implementation synchronizes processing for all types of LDAP request, not only LDAP_Search ones. Synchronization for ldap replies processing is done locally in ldb_ildap module as this concerns only ildb_callback() function. Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-01-29s4/ldap: Fix nested searches SEGFAULT bugKamen Mazdrashki1-0/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-28s4: fix SD update and password change in upgrade scriptMatthieu Patou1-0/+20
- reserve a new Samba OID for recalculate SD control - fix the update SD function - fix handling of kvno in the update_machine_account_password function - fix handling of handles in RPC winreg server Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-19s4:ldbcli - Added encoder/decoder for relax control.Endi S. Dewata1-2/+20
2009-11-12s4:libcli/ldap Add 'relax' OID to known network representationsAndrew Bartlett1-0/+2
This patch, inspired by a patche by Endi S. Dewata <edewata@redhat.com>, allows this control to be passed to the LDAP backend. Andrew Bartlett
2009-10-14s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where neededMatthias Dieter Wallnöfer1-1/+3
For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way.
2009-10-02s4: fix various warnings (not "const" related ones)Matthias Dieter Wallnöfer2-3/+2
2009-08-17s4:libcli/ldap Explain why we set a hostname for ldapi:// connectionsAndrew Bartlett1-1/+3
It is a pretty odd thing to do, and it's only because of the restrictions of DIGEST-MD5 in Cyrus SASL that we do it. Andrew Bartlett
2009-07-31s4:libcli/ldap: the tls code steals the original socket on its own nowStefan Metzmacher1-3/+0
metze
2009-07-23s4:libcli/ldap: add support for new Recycle Bin Feature LDAP ControlsStefan Metzmacher1-0/+40
LDAP_SERVER_SHOW_RECYCLED_OID 1.2.840.113556.1.4.2064 LDAP_SERVER_SHOW_DEACTIVATED_LINK_OID 1.2.840.113556.1.4.2065 metze
2009-06-10fixed the encoding/decoding of the reverse attribute for server side sortAndrew Tridgell1-3/+10
2009-02-24libcli/ldap: move generic ldap control encoding code to ldap_message.cStefan Metzmacher2-129/+6
As they can we static there, we pass the specific handlers as parameter where we need to support controls. metze
2009-02-24s4:libcli/ldap: don't use 'void **out' as arguments as the behavior is not ↵Stefan Metzmacher1-17/+32
defined in C. metze
2009-02-24libcli/ldap: move ldap_ndr from source4/ to toplevelStefan Metzmacher3-114/+1
metze
2009-02-24libcli/ldap: move ldap_errors.h to the toplevel and install itStefan Metzmacher1-66/+0
metze
2009-02-24libcli/ldap: move ldap_message.[ch] from source4/ to the toplevelStefan Metzmacher4-1701/+1
metze
2009-02-24s4:libcli/ldap: remove reference to DEBUG()Stefan Metzmacher1-1/+0
This prepares using ldap_message.c in source3/ later metze
2009-02-24s4:libcli: split out LIBCLI_LDAP_MESSAGE subsystemStefan Metzmacher5-287/+300
metze
2009-02-18Worked around a problem with select/poll/epoll and gnutls Andrew Tridgell1-0/+4
Our packet layer relies on the event system reliably telling us when a packet is available. When we are using a socket layer like TLS then things get a bit trickier, as there may be bytes in the encryption buffer which could be read even if there are no bytes at the socket level. The GNUTLS library is supposed to prevent this happening by always leaving some data at the socket level when there is data to be processed in its buffers, but it seems that this is not always reliable. To work around this I have added a new packet option packet_set_unreliable_select() which tells the packet layer to not assume that the socket layer has a reliable select, and to instead keep trying to read from the socket until it gets back no data. This option is set for the ldap client and server when TLS is negotiated. This seems to fix the problems with the ldaps tests.
2009-02-13s4:libcli/ldap: use const char * const *attributes as in all other placesStefan Metzmacher2-2/+2
metze