Age | Commit message (Collapse) | Author | Files | Lines |
|
mdw is working on the correct call to check the password strength
|
|
Update to use the new DS_DNS_FOREST_ROOT name, which makes it clearer
what this bit means (according to MS-ADTS doc)
|
|
|
|
|
|
- always fetch parentGUID from databases, don't rely on parentGUID in
attributes
- re-fetch nc root mesages to avoid the problem of dual messages for
roots
- support returning messages a chunk at a time, using max_object_count
from request
|
|
|
|
|
|
Use msg->elements for the new element values
|
|
Even though we don't create deleted objects ourselves yet, we need to
pass along deleted objects we receive from other replication partners
|
|
getncchanges
When this flag is specified in the request these attributes are treated as
secret: currentValue, dBCSPwd, initialAuthIncoming, initialAuthOutgoing,
lmPwdHistory, ntPwdHistory, priorValue, supplementalCredentials,
trustAuthIncoming, trustAuthOutgoing, unicodePwd
Their value is changed to NULL and the meta_data.originating_change_time to 0
|
|
When this flag is specified in the request we should return
for ncRoot only and so scope of search is LDB_SCOPE_BASE.
|
|
When this flag is specified in the request we shouldn't use the
uptodateness vector in the request.
|
|
|
|
In DsGetNCChanges we need to fill in the parentGUID and objectGUID of
each object, plus we need to filter out the rDN from the meta data,
and always send the instanceType
|
|
|
|
This seems to be what w2k8 does
|
|
|
|
This might help the windows client with ordered requests. Later we
need to support the "ancestors" mode flag.
|
|
These additional debug messages were added to help us track down
w2k8->s4 domain join
|
|
This supports shared RPC handles across connections on all RPC
interfaces.
It turns out that w2k3 and w2k8 don't actually support this on all
pipes. We need to test which pipes we should enable this on.
|
|
This follows the sd pattern from samba3
|
|
This patch allows us to share association groups and their rpc handles
between connections. This is needed for some DRSUAPI behaviour when
recent windows clients connect.
|
|
This will make it much easier to implement shared handles with
association groups. It also means we can shared the ldb between RPC
connections.
|
|
|
|
|
|
|
|
|
|
There is also an option to disable the security check
by specifying in the smb.conf file:
drs:disable_sec_check = true
|
|
|
|
|
|
I should remember to run script/minimal_includes.pl more often
|
|
We don't implement sites properly at the moment so we just return
Default-First-Site-Name
|
|
When one of our core tasks fails to initialise it can now ask for the
server as a whole to die, rather than limping along in a degraded
state.
|
|
metze
|
|
metze
|
|
|
|
Testing against NetAPP showed that clients can object to being told a
larger max xmit fragment size than they negotiated. Choose the
minimum of the server and client values.
Andrew Bartlett
|
|
This uses async RPC forwarding for the DsReplicaSync call
|
|
dcesrv_irpc_forward_rpc_call() can be used to forward an arbitrary RPC
request to another task in Samba4, with the return being handled
asynchronously.
This is useful for forwarding DRS requests to the repl or kcc tasks
|
|
The key DRS calls should only be allowed by administrators or domain
controllers
|
|
The getncchanges uSN is in our local space, so we must compare it to
the local_usn in replPropertyMetaData
|
|
Guenther
|
|
a rename may have no attribute changes
|
|
At least on the command line the braces are needed. Strange.
|
|
It's useful seeing the object count without as much detail
|
|
Without this the client will not update its repsFrom highest_usn values
|
|
When the client tells us the highest_usn they have is N, then we want
to send them objects with usn>N, not>=N, as otherwise we end up
sending them the same object (the one with the highest uSN) again and
again.
|
|
uSNChanged>=N is good enough, and offers a possibility of a simple
optimisation where the partition module could look for that expression
and check the partitions sequence number, then avoid searching a
partition that doesn't have any records with a larger uSN.
|
|
We were relying on the uSNChanged>=n search always finding the DN of
the root of the partition, but this now doesn't happen very often as
we are now restricting when we change uSNChanged. This means we need
to always load the replUpToDateVector attribute from the NC root and
use it to populate the cursors in the return.
|
|
We now have dsdb_loadreps() and dsdb_savereps()
|