summaryrefslogtreecommitdiff
path: root/source4/libcli/ldap
AgeCommit message (Collapse)AuthorFilesLines
2013-09-18Prepare for SASL/EXTERNAL supportHoward Chu1-2/+11
Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-08-10auth/gensec: introduce gensec_internal.hStefan Metzmacher1-0/+1
We should treat most gensec related structures private. It's a long way, but this is a start. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-11-01s4-ldapclient: cope with logon failure retry in LDAPAndrew Tridgell1-37/+79
similar to what was done for rpc and cifs, we now retry once on logon failure for ldap, allowing for a new ticket to be fetched when a server password changes while we have a valid ticket for the old password Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-08-22s4:dsdb - always fail if a search filter could not be parsedMatthias Dieter Wallnöfer1-1/+5
A NULL string/expression returns the generic "(objectClass=*)" filter Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-06-22s4-ldap: handle VERIFY_NAME control encoding/decodingMatthieu Patou1-0/+96
2012-04-18s4:samdb:rootdse: implement the schemaUpgradeInProgress operation in ldap modifyMichael Adam1-0/+1
This is preliminary in that it is implemented as a no-op for a start just to be able to successfully answer the request, which seems to be sufficient in order to e.g. survive the exchange schema extensions. Signed-off-by: Matthieu Patou <mat@matws.net> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Wed Apr 18 02:48:28 CEST 2012 on sn-devel-104
2011-10-18gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett1-1/+1
This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-04s4-ldap: added DSDB_CONTROL_NO_GLOBAL_CATALOG to ldap encoding listAndrew Tridgell1-18/+7
also remove all the duplicated comments Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-03gensec: split GENSEC into mechanism-dependent and runtime functionsAndrew Bartlett1-0/+1
The startup and runtime functions that have no dependencies are moved into the top level. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-26cli_composite: Lowercase name.Jelmer Vernooij1-1/+1
2011-06-06s4-modules Remove lp_ctx from init functions that no longer need itAndrew Bartlett1-1/+1
Now that we don't allow the smb.conf to change the modules dir, many functions that simply load modules or initialise a subsytem that may load modules no longer need an lp_ctx. Andrew Bartlett
2011-04-13libcli/ldap pull LIBCLI_LDAP_MESSAGE and LIBCLI_LDAP_NDR into a libraryAndrew Bartlett1-1/+1
This reduces symbol duplication Andrew Bartlett
2010-12-13s4:ldap_controls: allow DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID over sockets.Stefan Metzmacher1-2/+2
The DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID control has to data attached to it. So we can allow it to be send over LDAP. We'll accept this control over the privileged ldapi socket only. metze
2010-10-31s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij1-12/+0
The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
2010-10-27s4-ldb: Changes the aclread module to use LDB_HANDLE_FLAG_UNTRUSTED to ↵Nadezhda Ivanova1-2/+0
determine the source of the request The aclread module used to use a control to make sure the request comes from the ldap server, but now the rootdse filters out any unregistered controls comming from ldap, so the control is lost. Using the LDB_HANDLE_FLAG_UNTRUSTED is a much more elegant solution. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Oct 27 11:55:11 UTC 2010 on sn-devel-104
2010-10-26waf: Stop automaticaly changing dashes to underscores in library names.Jelmer Vernooij1-1/+1
2010-10-26waf: Remove lib prefix from libraries manually.Jelmer Vernooij1-1/+1
2010-10-26s4: Drop duplicate 'lib' prefix for private libraries.Jelmer Vernooij1-1/+1
2010-10-24s4: Rename LIBCLI_LDAP to libcli_ldap.Jelmer Vernooij1-1/+1
2010-10-24s4: Rename LIBSAMBA-* to libsamba-*Jelmer Vernooij1-1/+1
2010-10-23s4/ldb:introduce the LDB_CONTROL_PROVISION_OID controlMatthias Dieter Wallnöfer1-0/+2
This control is exactly thought for the actions which previously were performed using the RELAX one. We agreed that the RELAX control will only remain for interactions with OpenLDAP.
2010-10-23ldb:rename LDB_CONTROL_BYPASSOPERATIONAL_OID into ↵Matthias Dieter Wallnöfer1-2/+2
LDB_CONTROL_BYPASS_OPERATIONAL_OID It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
2010-10-21s4-libcli: make LIBCLI_LDAP a private libraryAndrew Tridgell1-7/+8
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-18Revert "s4:dsdb - make the RELAX control private"Andrew Bartlett1-2/+1
This must be available to the OpenLDAP backend, to set the GUID values in some situations. We need a proper ACL mechanism to control the use or abuse of this control. This reverts commit 10adee89367cee9add993869280542418fb3d370.
2010-10-16s4:dsdb - make the RELAX control privateMatthias Dieter Wallnöfer1-1/+2
This makes our LDAP much more secure and less error-prone. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 16 19:43:36 UTC 2010 on sn-devel-104
2010-10-16s4:libcli/ldap/ldap_controls.c - fix up the controls listMatthias Dieter Wallnöfer1-29/+49
- add missing private controls and comments - use control defines rather than hardcoded values -> easier to comprehend - reorder controls
2010-09-28s4-ildap: two more places that need talloc_reparent()Andrew Tridgell1-1/+1
these contexts can have references Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Sep 28 00:04:03 UTC 2010 on sn-devel-104
2010-09-27s4-ildap: fixed a talloc_steal with references errorAndrew Tridgell1-1/+1
We need talloc_reparent() instead Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 27 20:38:00 UTC 2010 on sn-devel-104
2010-09-27s4:libcli/ldap: fix sending oneway requestsStefan Metzmacher1-18/+26
metze
2010-09-26s4-ldap: Added a control to apply the access checks on read via LDAPNadezhda Ivanova1-0/+2
2010-09-10s4/ldap: use time_mono for reconnect timeoutBjörn Jacke1-2/+2
2010-08-17s4-dsdb: added support for LDB_CONTROL_RODC_DCPROMO_OIDAndrew Tridgell1-0/+1
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a user object. There is some 'interesting' interaction with the rangeLower and rangeUpper attributes and this add. We don't implementat rangeLower/rangeUpper yet, but when we do we'll need an override for this control (or be careful about module ordering). Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-ldap: use common functions for ldap flag controls encode/decodeAndrew Tridgell1-163/+11
many controls are simple present/not-present flags, and don't need their own parsers Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell2-5/+5
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-28s4/libcli: Register LDB_CONTROL_REVEAL_INTERNALS and ↵Endi S. Dewata1-0/+4
DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID controls. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-06-20ldb:controls - add the "TREE_DELETE" control for allowing subtree deletesMatthias Dieter Wallnöfer1-0/+20
2010-06-20s4:ldap_controls.c - remove encoding functions for private recalculate SD ↵Matthias Dieter Wallnöfer1-19/+0
control
2010-06-07s4: Remove an uselessly exposed controlMatthieu Patou1-1/+0
2010-05-21s4:libcli/ldap Update headermap.txt (autotools build) and wscript_build for ↵Andrew Bartlett1-1/+1
libcli_ldap.h It took a little while to find where to update this... Andrew Bartlett
2010-05-21s4:libcli/ldap Rename ldap.h to libcli_ldap.hAndrew Bartlett6-5/+5
It is a problem if a samba header is called ldap.h if we also want to use OpenLDAP's ldap.h Andrew Bartlett
2010-04-06s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell1-0/+2
them
2010-04-06s4-waf: install the rest of the headersAndrew Tridgell1-5/+1
2010-04-06build: commit all the waf build files in the treeAndrew Tridgell1-0/+12
2010-03-02s4-libcli: Added NULL handlers for DSDB_CONTROL_DN_STORAGE_FORMAT_OID and ↵Endi S. Dewata1-0/+4
LDB_CONTROL_AS_SYSTEM_OID Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-17s4/ldap: Refactor the fix for ldap nested searchesKamen Mazdrashki1-4/+0
Current implementation synchronizes processing for all types of LDAP request, not only LDAP_Search ones. Synchronization for ldap replies processing is done locally in ldb_ildap module as this concerns only ildb_callback() function. Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-01-29s4/ldap: Fix nested searches SEGFAULT bugKamen Mazdrashki1-0/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-28s4: fix SD update and password change in upgrade scriptMatthieu Patou1-0/+20
- reserve a new Samba OID for recalculate SD control - fix the update SD function - fix handling of kvno in the update_machine_account_password function - fix handling of handles in RPC winreg server Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-19s4:ldbcli - Added encoder/decoder for relax control.Endi S. Dewata1-2/+20
2009-11-12s4:libcli/ldap Add 'relax' OID to known network representationsAndrew Bartlett1-0/+2
This patch, inspired by a patche by Endi S. Dewata <edewata@redhat.com>, allows this control to be passed to the LDAP backend. Andrew Bartlett
2009-10-14s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where neededMatthias Dieter Wallnöfer1-1/+3
For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way.
generated by cgit (git 2.34.1) at 2024-06-26 18:26:35 +0000