Age | Commit message (Collapse) | Author | Files | Lines |
|
used subobj.ROLE and not subobj.SERVERROLE as the rest of the code
does.
Andrew Bartlett
(This used to be commit dd1cb33591819c3d4263e594c7a80de899def223)
|
|
--server-role
This must be set to either 'domain controller', 'domain member' or 'standalone'.
The default for the provision now changes to 'standalone'.
This is not because Samba4 is particularlly useful in that mode, but
because we still want a positive sign from the administrator that we
should advertise as a DC.
We now do more to ensure the 'standalone' and 'member server'
provision output is reasonable, and try not to set odd things into the
database that only belong for the DC.
Andrew Bartlett
(This used to be commit 4cc4ed7719aff712e735628410bd3813c7d6aa40)
|
|
(This used to be commit 935ac3189d93e53841dc47c0f9c7fcca5661a2bb)
|
|
and ugly hacks to handle the string termination.
metze
(This used to be commit 32bb276920d3f6987427613c6f1bc71557d8893e)
|
|
Jeremy.
(This used to be commit 0844dbf597191b3e4d35a696695b229e986daec4)
|
|
metze
(This used to be commit d0ada02532d10e8b31c390ee191b94c2f2299cb0)
|
|
The Web 2.0, async client tools were really interesting, but without
developer backing they remain impossible to support into a release.
The most interesting app was the LDB browser, and I intend to replace
this with phpLdapAdmin, preconfigured for Apache during provision.
This also removes the need to 'compile' SWAT on SVN checkouts.
Andrew Bartlett
(This used to be commit cda965e908055d45b1c05bc29cc791f7238d2fae)
|
|
number in more places.
(This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
|
|
(This used to be commit 5085c53fcfade614e83d21fc2c1a5bc43bb2a729)
|
|
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
|
|
(This used to be commit 08bb1ef643ab906f1645cf6f32763dc73b1884e4)
|
|
(This used to be commit 925abf74fa1ed5ae726bae8781ec549302786b39)
|
|
Andrew Bartlett
(This used to be commit 9f18a9711771a88be7c38bc26ae6e59fb98f93dd)
|
|
working module, live or dead, is purely co-incidental.
Andrew Bartlett
(This used to be commit 64cc31642fd2ded149631d07bc022213f19595b8)
|
|
The module is scary: On a rename, it does a search for all entries
under that entry (including itself), and fires off a seperate rename
call for each result. This will fail miserably on an LDAP backend,
but I'll need to work on using hdb for OpenLDAP, and hope Fedora DS
can implement subtree renames at some point.
Andrew Bartlett
(This used to be commit 13908a8cb4dd810503213203efb8d51f77f1f379)
|
|
provision failures when some of the random password values are illigal
LDIF.
Andrew Bartlett
(This used to be commit 876003f6c6466bfd37ec9b05c9a1f1cc83dd9898)
|
|
The keytab in dns.keytab should (I hope) do the job.
Andrew Bartlett
(This used to be commit af4d331eef91ef7699d179d15e7337fff1eff7bb)
|
|
(This used to be commit 1ce32673d960c8b05b6c1b1b99e1976a402417ae)
|
|
LDIF files for the registry files.
(This used to be commit 67ad556b7388e5d82756e0a3cfc596e44136329c)
|
|
have
been working on for at least half a year now. Contains the following
improvements:
* proper layering (finally!) for the registry library. Distinction is
now made between 'real' backends (local, remote, wine, etc) and
the low-level hive backends (regf, creg, ldb, ...) that are only used
by the local registry backend
* tests for all important hive and registry operations
* re-enable RPC-WINREG tests (still needs more work though, as
some return values aren't checked yet)
* write support for REGF files
* dir backend now supports setting/reading values, creating keys
* support for storing security descriptors
* remove CREG backend as it was incomplete, didn't match the data model
and wasn't used at all anyway
* support for parsing ADM files as used by the policy editor (see lib/policy)
* support for parsing PREG files (format used by .POL files)
* new streaming interface for registry diffs (improves speed and memory usage
for regdiff/regpatch significantly)
... and fixes a large number of bugs in the registry code
(This used to be commit 7a1eec6358bc863dfc671c542b7185d3e39d7b5a)
|
|
configuration.
When we sort out GSS-TSIG on the server, we can expand this to have
the 'right stuff'.
Andrew Bartlett
(This used to be commit 8f02ade1b2cc164f64f4ea8a371c107ccf6a81b3)
|
|
and rename the containing functions to have a ndr_
prefix
metze
(This used to be commit cb234d43ae693af5d8a921a15c9bcac3c6f0359a)
|
|
metze
(This used to be commit 84651aee81aaabbebf52ffc3fbcbabb2eec6eed5)
|
|
rename dcerpc_interface_list -> ndr_interface_list
and move them to libndr.h
metze
(This used to be commit 4adbebef5df2f833d2d4bfcdda72a34179d52f5c)
|
|
and move it to librpc/ndr/libndr.h
metze
(This used to be commit abd5551aabae1820baaa52a963e8c7aa9605914e)
|
|
Andrew Bartlett
(This used to be commit 68bdbd732fc02ce5a8ef8eb0107459ff3b7eb723)
|
|
This patch prevents non-root and non-administrator users from running
the provision, upgrade and vampire pages. *I think* the rest of SWAT
is LDB operations, or otherwise authenticated, so we should now be
secure.
I wish I had a better way to 'prove' we got this right, but this is better than nothing, and moves us closer to an alpha.
Andrew Bartlett
(This used to be commit d61061052dc4711f886199e49bc303002c8f9b11)
|
|
Before the provisioning enters to the function provision_default_paths (in
scripting/libjs/provision.js), the variable subobj.DNSDOMAIN isn't properly set
(for example for the filename of the DNS zonefile).
Andrew Bartlett
(This used to be commit 07a9db1438df93442c5b50b1b97ca69662749608)
|
|
On default Active Directory installations, the NETLOGON share isn't
an indipendent directory. In fact it's mapped to the subdirectory
"scripts" from the share SYSVOL under <Domain name>.
Andrew Bartlett
(This used to be commit 923d67ea9d78da46235221375b49b6f1d0d6a862)
|
|
This involves creating the SYSVOL and NETLOGON shares at provision
time, and creating the right subdirectories.
This also changes the behaviour of lp.get("foo") in ejs - we now
return undefined, rather than syntax error, if the parameter doesn't
exist (perhaps because the share isn't defined).
Andrew Bartlett
(This used to be commit 45cadf3bc0d38f6600666511a392e1ce353adee7)
|
|
split out the auth methods.
This caused all SWAT logins to fail, except when using local system
authentication.
Andrew Bartlett
(This used to be commit b5a9d507a37cd46bd325ff3118c08b4362f267f2)
|
|
(This used to be commit 40c0919aaa9c1b14bbaebb95ecce53eb0380fdbb)
|
|
(This used to be commit 84b468b2f8f2dffda89593f816e8bc6a8b6d42ac)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
where LDB isn't as strict as OpenLDAP, the self join record contains
duplicate servicePrincipalNames once the DNS name and domain name are
made equal. (Easier to just skip the useless self-join).
Andrew Bartlett
(This used to be commit 49ff929be6fcf57721532de13bdd7a7e1617af6f)
|
|
--ldap-manager-pass= option to work.
Andrew Bartlett
(This used to be commit fbcb1ec14125a4ca57922ec75b01af9a99dcd954)
|
|
Andrew Bartlett
(This used to be commit 17dad5d8c345c2c3a7643bff7a43473339a22d40)
|
|
to set up the LDAP backend.
Andrew Bartlett
(This used to be commit cc7900210a2e473060d5897ec729923ac6b2f18d)
|
|
on metze's schema work.
Andrew Bartlett
(This used to be commit 3111bbdf64f57bf8d2638fd9829c071dcfeb4af1)
|
|
will now control the auth methods, but an override is still available,
ex:
auth methods:domain controller = <methods>
Andrew Bartlett
(This used to be commit b7e727186ed8eda6a68c873e089f655dc24fe8ae)
|
|
patch).
- samba3sam.js: rework the samba3sam test to not use objectCategory,
as it's has special rules (dnsName a simple match)
- ldap.js: Test the ordering of the objectClass attributes for the baseDN
- schema_init.c: Load the mayContain and mustContain (and system...) attributes when
reading the schema from ldb
- To make the schema load not suck in terms of performance, write the
schema into a static global variable
- ldif_handlers.c: Match objectCategory for equality and canonicolisation
based on the loaded schema, not simple tring manipuation
- ldb_msg.c: don't duplicate attributes when adding attributes to a list
- kludge_acl.c: return allowedAttributesEffective based on schema results
and privilages
Andrew Bartlett
(This used to be commit dcff83ebe463bc7391841f55856d7915c204d000)
|
|
Print the smb.conf path being created in provision.
Andrew Bartlett
(This used to be commit bb583463bf483e1b355647f9fc93afbfcb9d41d3)
|
|
Fix a nasty issue we had with SWAT. We could not provision into a
different domain, as we didn't re-calcuate the DOMAINDN after the user
changed it in the form.
Andrew Bartlett
(This used to be commit 430c998dc9ea41ea29cf184d03404b50ef14f78d)
|
|
(This used to be commit f687bc92aea00aa489d310ac31e08a5718a36ec4)
|
|
easily try this out.
I also intend to use this for the selftest, but I'm chasing issues
with the OpenlDAP (but not Fedora DS) backend.
Andrew Bartlett
(This used to be commit 0f457b1d2e20c36ab220b4a6711ce7930c4c7d21)
|
|
OpenLDAP or Fedora DS backend.
This required a new mkdir() call in ejs.
We can now provision just the schema for ad2oLschema to operate on
(with provision_schema(), without performing the whole provision, just
to wipe it again (adjustments to 'make test' to come soon).
Andrew Bartlett
(This used to be commit 01d54d13dc66ef2127ac52c64ede53d0790738ec)
|
|
change the way the ejs object is being created and return listing
context (with status) rather than collecting all entries gathered
from libnet call.
rafal
(This used to be commit b16787a56120498c985f2617f43250df725c285a)
|
|
rafal
(This used to be commit 2f16ff04d22e13cfb2dc5d8b69004d969a4c25fb)
|
|
hosted on the server.
rafal
(This used to be commit 385a094443e29990a2895693f2b6435e3d32c0f3)
|
|
temporarily...)
rafal
(This used to be commit 0ecb8fd81ebbd7327aa5c6b9347aa4dcb1ba6421)
|