Age | Commit message (Collapse) | Author | Files | Lines |
|
partitions onto the target LDAP server.
Make the LDAP provision run before smbd starts, then stop the LDAP
server. This ensures this occurs synchronously, We then restart it
for the 'real run' (with slapd's stdin being the FIFO).
This required fixing a few things in the provision scripts, with more
containers being created via a add/modify pair.
Andrew Bartlett
(This used to be commit 860dfa4ea1ab2b62d4d4fe0644e0a9b882fdafa1)
|
|
is broken, so that one is still disabled.
(This used to be commit ef794f03d50022a77303c77045a04d9407d07cbc)
|
|
re-provision (as is required for the TEST_LDAP=yes version of make
test).
Andrew Bartlett
(This used to be commit ea4c2ea22fb3975d80130f52edecaf6d1790adde)
|
|
We were returning just true/false and discarding error number and string.
This checking probably breaks swat, will fix it in next round as swat
is what made me look into this as I had no way to get back error messages
to show to the users.
Simo.
(This used to be commit 35886b4ae68be475b0fc8b2689ca04d766661261)
|
|
metze
(This used to be commit 838d307e6ca0740bc330a5ebc46b95f3181a5c14)
|
|
them as a hook on ldb modify, via a module.
This should allow the secrets.ldb to be edited by the admin, and to
have things update in the on-disk keytab just as an in-memory keytab
would.
This isn't really a dsdb plugin, but I don't have any other good ideas
about where to put it.
Andrew Bartlett
(This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
|
|
metze
(This used to be commit 306ea74f85c8cd0df767a25c45304cb33410e03c)
|
|
metze
(This used to be commit edc37501d6ecdaf7b13006b732914e21ae0be657)
|
|
via "secrets database = my_secrets.ldb"
metze
(This used to be commit a096a9741597105140845f59e54a76060da0010b)
|
|
metze
(This used to be commit c78e345feaef607b9297372aacb00ec068127785)
|
|
(This used to be commit 6976f283fc30a401bcc1d2c5089135c3fe8f1728)
|
|
as for every object the repl_meta_data module needs to look
up the object by objectGUID
metze
(This used to be commit 55f845377ce3a7aeb028805754dc9c05d429548e)
|
|
we need to modify some modules to only handle originating changes...
metze
(This used to be commit 0f387d58e69a6ee806fea02229ef8fa030f2918d)
|
|
- we call a ejs script from the torture test for this task
so that we can use the provision template ldif's.
metze
(This used to be commit e84b0c7d4004df312ae58ed76dd708a2c3c37986)
|
|
and set the isSyncronized = TRUE when we done
metze
(This used to be commit 5875ce1ac6ff694d07787ff0cf81b3429580311b)
|
|
metze
(This used to be commit cbebe559a2563a3ab9dd2e002c79676a803b71a4)
|
|
for all partitions and make it not use LDAP in the variable names
because it isn't specific to the ldap backend case.
metze
(This used to be commit 3e337ec2764038e4ff05c3e926220abaa5583702)
|
|
metze
(This used to be commit 2a6e6a2695b256411c91768c7bee748228e40e6f)
|
|
metze
(This used to be commit 09622f01227093b4b351fcc79fe29d5b2f388376)
|
|
- the ${CONFIGDN} is a child of the ${ROOTDN}
metze
(This used to be commit ebbd8a83c982efdc58e53798d1fd191f08731005)
|
|
under ${BASEDN}
metze
(This used to be commit 09ca6aae12d8e10b76971cf269f7c62f228a4c87)
|
|
Andrew Bartlett
(This used to be commit 5781d0f41ac1847c38ebda290f5e85423dd20186)
|
|
Add in a hook for adding an ACI, needed to allow anonymous access
until we hook across a SYSTEM token to the LDAP server.
Andrew Bartlett
(This used to be commit f45504e2714680978f101b4a98516686a17531df)
|
|
Add a new module entrypoint to handle the new, interesting and
different mappings required for Fedora DS.
Andrew Bartlett
(This used to be commit 600c7f1a68c175b835ce45d13794a6f66bcc8493)
|
|
into an exsting LDAP server. (Allow some parts to pre-exist, and try
to blow away less data).
Andrew Bartlett
(This used to be commit 99faff0ad8fa12d596c599064a0125a6b3365134)
|
|
metze
(This used to be commit 0fcdc8c243f50da5a1203370740ac8d022a5cfdc)
|
|
(This used to be commit 57ee79c15579d1bbe7c0d3202b84a06b75320e40)
|
|
bit-rotted.
Fix up interfaces and interaction between the two..
Andrew Bartlett
(This used to be commit 9b77d285d8cd8999547c0d17e97681d236acbdb0)
|
|
don't delete their contents until we have specified the new partition
locations.
However, preserve the important part of tridge's change, that is to
ensure that no database index is present when the mass delete occours.
In my testing, it is best to leave the index until the provision is
compleated.
Andrew Bartlett
(This used to be commit 962219df7dc53ce6f6889f4b71ee19850c7ff7b5)
|
|
- when wiping a ldb, wipe within each naming context first. By not
wiping the naming contexts we didn't wipe the partitions, which
caused a massive slowdown in re-provisioning due to re-indexing of
the schema.
(This used to be commit b62437214cf7c98c81598c4f37c91ab284928dbb)
|
|
Move default for subobj.LDAPMODULES into scripting/libjs/provision.js
so that SWAT can provision again.
Andrew Bartlett
(This used to be commit a4aafe307d6d1396fa79b0c48b0a36cbf682f0ce)
|
|
Andrew Bartlett
(This used to be commit 9b2003618b28cb045e74937803e9aad773781803)
|
|
(This used to be commit 34bffbaebf50c2a75c91285d5ec82e8f377981cc)
|
|
When changing a field name in idl, please remember to check for use of
those functions in any js code as well.
(This used to be commit 7005806aa6842ffc3d5ed98682f2aefc59759580)
|
|
it does have 'usr'
(This used to be commit 96db975024a744f42a0418e379df1da6c4079fe6)
|
|
Andrew Bartlett
(This used to be commit 77b810f548fffc1298978cc92c842f5e4fc13786)
|
|
default search scope points to.
Andrew Bartlett
(This used to be commit 1a111817a361faab04e73b666624ce554f000034)
|
|
When against a real, schema-checking LDAP backend, we need
extensibleObject on the baseDN entry (as entryUUID isn't run for
creating this basic ldif) output.
(This used to be commit befac43f59c4688f6c6827eb2e4e916c1056a740)
|
|
This lets the modules or backend generate the host and domain GUID,
rather than the randguid() function. These can still be specified
from the command line.
Andrew Bartlett
(This used to be commit 32996ca9d62568006f8bee85a1f2f37c64c04fb5)
|
|
Shutdown and reload the LDB, so the entryUUID module knows to read the
schema (will be changed once we have a central schema store and
notifications).
Andrew Bartlett
(This used to be commit d5814b689eedfc4c4701beb18a516db716a466f1)
|
|
shows the need for...
Martin Kuhl writes:
The ejs function `substitute_var' returns `undefined' when the first
argument ends in a pattern that should be substituted.
For that reason, the second assertion fails in the following test-case:
,----
| libinclude("base.js");
|
| var obj = new Object();
| obj.FOO = "foo";
| obj.BAR = "bar";
| var str1 = "${FOO}:${BAR}";
| var str2 = "${FOO}:${BAR} "; // note the space after the brace
| var sub1 = substitute_var(str1, obj);
| var sub2 = substitute_var(str2, obj);
|
| assert(str1 + " " == str2);
| assert(sub1 + " " == sub2);
`----
The problem is that the function `split' returns a single-element
array in both cases:
a) the string to split doesn't contain the split pattern
b) the string ends with the split pattern
To work around this, the following patch tests this condition and
returns `undefined' only if the string to split (`list[i]') really
didn't contain a closing brace.
(This used to be commit 8a6908200b1e459bc9067a9d1f9635185a7eee16)
|
|
(This used to be commit 177b713288be9c5d559a27d65e16521cbeefc958)
|
|
This causes things to operate as just one transaction (locally), and
to make a minimum of TCP connections when connecting to a remote LDAP
server.
Taking advantage of this, create another file to handle loading the
Samba4 specific schema extensions. Also comment out 'middleName' and
reassign the OID to one in the Samba4 range, as it is 'stolen' from a
netscape range that is used in OpenLDAP and interenet standards for
'ref'.
Andrew Bartlett
(This used to be commit 009d0905947dec9bab81d8e6de5cb424807ffd35)
|
|
This module redirects various samdb requests into different modules,
depending on the prefix. It also makes moving to an LDAP backend
easier, as it is just a different partition backend.
This adds yet another stage to the provision process, as we must setup
the partitions before we setup the magic attributes.
Andrew Bartlett
(This used to be commit 31225b9cb6ef6fcb7bd831043999b1b44ef1b128)
|
|
Commit the classic backwards compatible module which is the default one
(This used to be commit a89cc346b9296cb49929898d257a064a6c2bae86)
|
|
Andrew Bartlett
(This used to be commit 82f5f6c03d005741613c5b00705613c4078c844e)
|
|
This required changes to the rootDSE module, to allow registration of
partitions. In doing so I renamed the 'register' operation to
'register_control' and 'register_partition', which changed a few more
modules.
Due to the behaviour of certain LDAP servers, we create the baseDN
entry in two parts: Firstly, we allow the admin to export a simple
LDIF file to add to their server. Then we perform a modify to add the
remaining attributes.
To delete all users in partitions, we must now search and delete all
objects in the partition, rather than a simple search from the root.
Against LDAP, this might not delete all objects, so we allow this to
fail.
In testing, we found that the 'Domain Controllers' container was
misnamed, and should be 'CN=', rather than 'OU='.
To avoid the Templates being found in default searches, they have been
moved to CN=Templates from CN=Templates,${BASEDN}.
Andrew Bartlett
(This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)
|
|
Find more possible posix group names for the 'domain users' group, as
the existing options don't exist in OSX.
Andrew Bartlett
(This used to be commit 4e8d7b7fb310a668ae8653bc06036c94249b2b2a)
|
|
metze
(This used to be commit e896c32614fd4fd80a124ccfe49332e319f717f9)
|
|
scripts.
This tests the real module, and avoids duplication.
Andrew Bartlett
(This used to be commit 0859ba59ae00029177cd63366fc59efe8b19c973)
|