Age | Commit message (Collapse) | Author | Files | Lines |
|
similar to what was done for rpc and cifs, we now retry once on logon
failure for ldap, allowing for a new ticket to be fetched when a
server password changes while we have a valid ticket for the old
password
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
A NULL string/expression returns the generic "(objectClass=*)" filter
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
This is preliminary in that it is implemented as a no-op for a start
just to be able to successfully answer the request, which seems to be
sufficient in order to e.g. survive the exchange schema extensions.
Signed-off-by: Matthieu Patou <mat@matws.net>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Apr 18 02:48:28 CEST 2012 on sn-devel-104
|
|
This avoids keeping the event context around on a the gensec_security
context structure long term.
In the Samba3 server, the event context we either supply is a NULL
pointer as no server-side modules currently use the event context.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
also remove all the duplicated comments
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
The startup and runtime functions that have no dependencies are moved
into the top level.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
Now that we don't allow the smb.conf to change the modules dir, many
functions that simply load modules or initialise a subsytem that may
load modules no longer need an lp_ctx.
Andrew Bartlett
|
|
This reduces symbol duplication
Andrew Bartlett
|
|
The DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID control has to data attached to it.
So we can allow it to be send over LDAP.
We'll accept this control over the privileged ldapi socket only.
metze
|
|
The new waf-based build system now has all the same functionality, and
the old build system has been broken for quite some time.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
|
|
determine the source of the request
The aclread module used to use a control to make sure the request comes from the ldap server,
but now the rootdse filters out any unregistered controls comming from ldap, so the control is
lost. Using the LDB_HANDLE_FLAG_UNTRUSTED is a much more elegant solution.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Oct 27 11:55:11 UTC 2010 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
This control is exactly thought for the actions which previously were performed
using the RELAX one.
We agreed that the RELAX control will only remain for interactions with OpenLDAP.
|
|
LDB_CONTROL_BYPASS_OPERATIONAL_OID
It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This must be available to the OpenLDAP backend, to set the GUID values
in some situations. We need a proper ACL mechanism to control the use
or abuse of this control.
This reverts commit 10adee89367cee9add993869280542418fb3d370.
|
|
This makes our LDAP much more secure and less error-prone.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 16 19:43:36 UTC 2010 on sn-devel-104
|
|
- add missing private controls and comments
- use control defines rather than hardcoded values -> easier to comprehend
- reorder controls
|
|
these contexts can have references
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Sep 28 00:04:03 UTC 2010 on sn-devel-104
|
|
We need talloc_reparent() instead
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 20:38:00 UTC 2010 on sn-devel-104
|
|
metze
|
|
|
|
|
|
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a
user object.
There is some 'interesting' interaction with the rangeLower and
rangeUpper attributes and this add. We don't implementat
rangeLower/rangeUpper yet, but when we do we'll need an override for
this control (or be careful about module ordering).
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
many controls are simple present/not-present flags, and don't need
their own parsers
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID controls.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
|
|
|
|
control
|
|
|
|
libcli_ldap.h
It took a little while to find where to update this...
Andrew Bartlett
|
|
It is a problem if a samba header is called ldap.h if we also want
to use OpenLDAP's ldap.h
Andrew Bartlett
|
|
them
|
|
|
|
|
|
LDB_CONTROL_AS_SYSTEM_OID
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Current implementation synchronizes processing for
all types of LDAP request, not only LDAP_Search ones.
Synchronization for ldap replies processing is done
locally in ldb_ildap module as this concerns only
ildb_callback() function.
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
This patch, inspired by a patche by Endi S. Dewata
<edewata@redhat.com>, allows this control to be passed to the LDAP
backend.
Andrew Bartlett
|
|
For KERBEROS applications the realm should be upcase (function "lp_realm") but
for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch
implements the use of both in the right way.
|
|
|
|
It is a pretty odd thing to do, and it's only because of the
restrictions of DIGEST-MD5 in Cyrus SASL that we do it.
Andrew Bartlett
|