| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
main provision script a bit, as the argument list was getting out of
control. (It has been replaced in part with an object).
This also returns the session_info from the auth code into ejs.
We still need access control allowing only root to re-provision.
Andrew Bartlett
(This used to be commit 002cdcf3cab6563909d31edc5d825e857dc0a732)
|
|
Andrew Bartlett
(This used to be commit 42cdad5e3f06c307baf80396fd8449b803ef84c3)
|
|
This should allow us to provision to a 'normal' LDAP server.
Also add in 'session info' hooks (unused). Both of these need to be
hooked in on the webserver.
Andrew Bartlett
(This used to be commit b349d2fbfefd0e0d4620b9e8e0c4136f900be1ae)
|
|
(This used to be commit f4ac7d6359b5a6de04a6ea518dec99f4c9b49b3d)
|
|
with debugging!
Andrew Bartlett
(This used to be commit fe36cb6767ce99432e2778037aad334170dca173)
|
|
server. Now to try another one...
Andrew Bartlett
(This used to be commit 175f616d74ac3567a35713343be0c63c96c5aede)
|
|
backend.
The idea is that every time we open an LDB, we can provide a
session_info and/or credentials. This would allow any ldb to be remote
to LDAP. We should also support provisioning to a authenticated ldap
server.
(They are separate so we can say authenticate as foo for remote, but
here we just want a token of SYSTEM).
Andrew Bartlett
(This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)
|
|
This merges Samba4 up to current lorikeet-heimdal, which includes a
replacement for some Samba-specific hacks.
In particular, the credentials system now supplies GSS client and
server credentials. These are imported into GSS with
gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY
keytab, so we now create a FILE based keytab as provision and join
time.
Because the keytab is now created in advance, we don't spend .4s at
negprot doing sha1 s2k calls. Also, because the keytab is read in
real time, any change in the server key will be correctly picked up by
the the krb5 code.
To mark entries in the secrets which should be exported to a keytab,
there is a new kerberosSecret objectClass. The new routine
cli_credentials_update_all_keytabs() searches for these, and updates
the keytabs.
This is called in the provision.js via the ejs wrapper
credentials_update_all_keytabs().
We can now (in theory) use a system-provided /etc/krb5.keytab, if
krb5Keytab: FILE:/etc/krb5.keytab
is added to the secrets.ldb record. By default the attribute
privateKeytab: secrets.keytab
is set, pointing to allow the whole private directory to be moved
without breaking the internal links.
(This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d)
|
|
(This used to be commit 4b56c129c6f1654f9dbe37bc950a836f15c48b3d)
|
|
(This used to be commit 696fa87a212e65d6337c39a84f682b64b52593a5)
|
|
needed for mmc management of Samba4.
(This used to be commit cbbce4fe403efc0b9e63052c2aa1fbb5972f2abe)
|
|
(This used to be commit daa9dcd8f4b1dde801091ec64faa8158481d171c)
|
|
- speed up provisioning a bit using a ldb transaction (also means you
can't end up with a ldb being half done)
(This used to be commit 91dfe304cf688bb81b69ff3192ac84b78b34b311)
|
|
problem is really caused by hklm not having objectclass attributes on
its records, but this is a workaround)
(This used to be commit 62d5253a033f47335ceefade9ad7d98ddfc19584)
|
|
list should be from the dnsdomain (ie lowercae).
Andrew Bartlett
(This used to be commit 10d692a1c216134b301b5851ce1e71ed93cc6164)
|
|
Andrew Bartlett
(This used to be commit 0c29f0e30d64be09baad792eb2850aa0b8fa9981)
|
|
fired.
Andrew Bartlett
(This used to be commit df6a40c2d261804f1cd4feb24572135a4c62a802)
|
|
if we fail to erase a ldb during provision by traversing
and deleting records (an in-place erase) then just unlink it
and start it again. This makes provisioning much more robust
to changes in ldb that make it not backward compatible with
old DBs.
(This used to be commit 173655aec25c462b8b90b850df65ae6f95f44efb)
|
|
(This used to be commit 87f25fe49caa78422582337c5208a331ef5b8c15)
|
|
Add 'paths' object to provision code.
(This used to be commit 488d737fb0ebbc2535d0ec17c14f0dc1eaf2a578)
|
|
Update TODO-list
(This used to be commit d9541535e3f9e1c058410eeb0a54d60181572f2b)
|
|
Still need to polish some rough edges
(This used to be commit a8f309aa812533f57a90410722dfb342c8cf3b48)
|
|
(should fix standard provisioning on AIX)
(This used to be commit b1d9ef899821376d7883fa126a14c06ed1b16601)
|
|
make sure we leave the account enabled after creating a new user
(This used to be commit a22d0d02eed8b960f5fde4211b0d2967c500f4a4)
|
|
templating support for foreignSecurityPrincipals to the samdb module.
This is an extension beyond what microsoft does, and has been very
useful :-)
The setup scripts have been modified to use the new template, as has
the SAMR and LSA code.
Other cleanups in LSA remove the assumption that the short domain name
is the first component of the realm.
Also add a lot of useful debug messages, to make it clear how/why the
SamSync may have gone wrong. Many of these should perhaps be hooked
into an error string.
Andrew Bartlett
(This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
|
|
domain name.
Remove the use of flatname from the main domain object, we no longer
reference it.
Andrew Bartlett
(This used to be commit 2303e24be74570187b23c3d31d0433263c83ba7e)
|
|
This ensures the templating code is used, and also makes it clearer
what I need to duplicate in the vampire area.
Also fix a silly bug in the template application code (the samdb
module) that caused templates to be compleatly unused (my fault, from
my commit last night).
Andrew Bartlett
(This used to be commit 4a8ef7197ff938942832034453f843cb8a50f2d1)
|
|
boilerplate attributes in every entry in provision.ldif.
The next step will be to use templates.
Andrew Bartlett
(This used to be commit 940ed9827f5ab83b668a60a2b0110567dd54c3e2)
|
|
home page in swat is accessed
(This used to be commit 78fb559c08d55c01f5ede81d43cdd857cce8d338)
|
|
- get rid of redundeny dyn_CONFIGFILE argument to lp_load()
- fixed provisioning to work with completely pristine install,
creating an initial smb.conf is none is present
- added lp.set() and lp.reload() to loadparm ejs object interface
(This used to be commit c2691ef7126ddcee5f95970b78759b40a049d0a7)
|
|
(This used to be commit ed4fb68ef7c28e415408e923bd9eefcd2d60f355)
|
|
(This used to be commit 2dc493eea6f9d87c40ad0dc755f528ce0b33ca47)
|
|
connect
works when already open
(This used to be commit 1183f54c8dee28c136b4dc72bc059a6175fe09e4)
|
|
sys.unlink(). This allows smbd to see the new db without restarting.
(This used to be commit 71004aa165e88f5f448dc7d90ad11dea7143f0df)
|
|
(This used to be commit a3f3292e6698ce9be6a5036f47dd4fa81a1dfd4e)
|
|
(This used to be commit b6ef32ddd1fdca0d40a12f34fa5f7a484b3c2071)
|
|
don't need to keep
a 'db' variable around. The ldb object knows what it is connected to.
Added a simple ldb testsuite in testprogs/ldb.js
(This used to be commit cf35818648b5b649d0cd25f115a04b7b5b5311aa)
|
|
(a suggestion from simo)
(This used to be commit 98c9c4ecb87e1b140002390067892806464849da)
|
|
tim, do you want to do the cli_*() calls now?
(This used to be commit 9991e924e9dacec663a5d040ccfc878927fc3afa)
|
|
var ldb = ldb_init();
res = ldb.search(dbfile, "(objectClass=user)");
you can also do:
ldbSearch = ldb.search;
res = ldbSearch(dbfile, "(objectClass=user)");
if you want the old interface (ie. you can use this to import
functions into the global or local namespace).
(This used to be commit 3093057d9735cbb62f57e7159264d5a28b85320f)
|
|
(This used to be commit 433f9d0a619ff34a4b7506950ee091fb8d34870d)
|
|
- added a provisioning web page
(This used to be commit 7476cb94132cf2849ec19360468904ca6fe8de2c)
|
