| Age | Commit message (Collapse) | Author | Files | Lines | 
|---|
|  | Necessary for correct descriptor inheritance. Based on the default state
of a single DC. Will be modified later when we support multiple DCs. | 
|  |  | 
|  | Rather than try and remove the records in the LDB files, make the
provision remove the whole file.  This also removes the need to try
and carry forward the old ldb filenames.
Andrew Bartlett | 
|  | This splits the code, while keeping the original behaviour.  The
provision.py file had become just too long.
Andrew Bartlett | 
|  |  | 
|  |  | 
|  |  | 
|  | of the Schema | 
|  | Rather than treat the LDAP backend as a special case, treat all
backends the same, with different callbacks.
Andrew Bartlett | 
|  |  | 
|  |  | 
|  | We want our scripts to die immediately when a user hits
control-C. Otherwise we not only annoy the hell out of the user, we
also risk db corruption as the control-C could get delivered as an
exception which gets mis-interpreted (eg. as a missing db object). We
use transactions for all our databases, so the right thing to do in
all our command line tools is to die immediately. | 
|  | If we don't include Python.h first then we get a pile of warnings due
to broken redefines of XOPEN_SOURCE in the Python includes. | 
|  | By splitting the module this way, we can load the schema at startup, after
the partitions module is operational, but we leave the 'mess with details of
entries in the partitions' module to operate only on the partitions module.
Loading the schema later allows us to set the @ATTRIBUTES correctly on all
the databases.
Andrew Bartlett | 
|  | "guess_names"
abartlet pointed out that those are essential for a safe and consistent provision. | 
|  | - Cleans it up from unnecessary "lower()/upper()" and parameters which can be
  derived through "lp" calls.
- Substitute the "HOSTNAME" caption in the "smb.conf" templates with
  "NETBIOS_NAME" which fits better.
- Now the "realm" and "domain" parameter of the provision are totally case
  insensitive and the script itself up/downcases them appropriately depending
  on the use (e.g. "realm" upcase for KERBEROS, lowcase for DNS domainname). | 
|  |  | 
|  | This helps us upgrade from sam.ldb files before the dynamic partitions
work, and ensures we use the right casefolding functions.
Andrew Bartlett | 
|  | The issue here is that if we don't put the partitions metadata in the
database before we wipe it, we won't wipe the partitions contents, and
so the provision will later fail (entry already exists)
Andrew Bartlett | 
|  | The new partitions code knows to copy these items in when creating a
new parition, so we can set it from the start.
Andrew Bartlett | 
|  | This is done by passing an extended operation to the partitions module
to extend the @PARTITION record and to extend the in-memory list of
partitions.
This also splits things up into module parts that belong above and below
repl_meta_data
Also slit the partitions module into two files due to the complexity
of the code
Andrew Barltett | 
|  | privileges are now stored in a separate database | 
|  |  | 
|  | When FDS is used as a backend, Samba should not use the
linked_attributes LDB module, but instead use the built-in
DS plugins for attribute linking, indexing, and referential
integrity. | 
|  | (Remove unneeded "upper"s) | 
|  | This was a bad idea all along, as Simo said at the time.  With the
full MS schema and enforcement of it, it is an even worse idea.
This fixes the provision of the member server in 'make test'
Andrew Bartlett | 
|  |  | 
|  |  | 
|  |  | 
|  | The instanceType needs to be specified in future because that's how
the partitions are actually created. | 
|  | This allows this control to be specified as critical.  We support the
control because we choose to always be durable in our transactions.
We really, really need a 'duplicate request' API, as at the
moment we can't do this without a large, error-prone set of code that
cannot cope with new request fields or types.
Andrew Bartlett | 
|  | (allows addition of systemOnly classes) | 
|  | Give the possibility to specify controls when loading ldif files.
  Relax control is specified by default for all ldb_add_diff (request Andrew B).
  Set domainguid if specified at the creation of object instead of modifying afterward
  Allow to specify objectGUID for NTDS object of the first DC this option is used during provision upgrade. | 
|  | Windows 2003 Native | 
|  |  | 
|  | function levels
Adds a parameter "--function-level" which allows to specify the domain and
forest function level. | 
|  |  | 
|  |  | 
|  |  | 
|  | This reverts commit ffd48a79ee34dc90c0f6f16564c3a0de8b53d3d2. | 
|  | Currently disabled. The search will be greatly modified,
also the object tree stuff will be simplified. | 
|  |  | 
|  | The previous commit changed the wrong end - we must fix our server,
not our client.
Andrew Bartlett | 
|  | We need to look into salting algorithms further.
Andrew Bartlett | 
|  |  | 
|  |  | 
|  | Also add a note to clarify that this should not be changed without
discussion and consensus.  We don't want this bouncing around.
Paramater support to allow optional selection of Win2003 mode welcomed.
Andrew Bartlett | 
|  |  | 
|  | This ensures we only have one codepath to store the secret, and
therefore that we have a single choke point for setting the
saltPrincipal, which we were previously skipping.
Andrew Bartlett | 
|  |  |