Age | Commit message (Collapse) | Author | Files | Lines |
|
We are only looking for the default DN - but the method name already tells
us this.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Oct 19 10:03:12 UTC 2010 on sn-devel-104
|
|
We do always use the canonical name as a base if we don't have it around yet.
|
|
|
|
This is added to make the 'existing' LDAP backend class more useful,
and to allow debuging of our OpenLDAP backend class with wireshark, by
forcing the traffic over loopback TCP, which is much easier to sniff.
Andrew Bartlett
|
|
We don't need to know the server DN here any more, and it
makes no sense for many callers.
Andrew Bartlett
|
|
|
|
applicable.
Allow using both pyembed and pyext, to prevent unresolved symbols.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 10 03:54:01 UTC 2010 on sn-devel-104
|
|
these have crept into the tree over time. Maybe we should add testing
of a range of python versions to autobuild?
|
|
Otherwise "provision" resets our current debug level and
we don't get debug messages we may expect onwards
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Tue Oct 5 11:32:50 UTC 2010 on sn-devel-104
|
|
But also here beside "show_deleted" to not loose compatibility with older
provisions.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
This allow us to fallback to first credentials given.
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Sat Oct 2 23:05:20 UTC 2010 on sn-devel-104
|
|
are supplied on command line and caller doesn't want us
to guess credentials from environment
|
|
Unit-test based python tests require certain input parameters
to be set in environment, otherwise they can't be run
|
|
|
|
This helper makes proper ldb url to connect to
and is a shorthand for test to create SamDB connections
|
|
- 'filter' is built-in
- 'ldb' is a module name we imported
|
|
|
|
|
|
- we have sys module already imported
- _glue module is part of samba package so be more precise how to import
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we need to fetch the msDS-keyVersionNumber from the writeable DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
New feature that enables LDAPCmp users to find unmatched or
missing ACEs in objects for the three naming contexts between
DCs in one domain (default) or different domains. Comparing
security descriptors is not the default action but attribute
compatison. So to activate the new mode there is --sd switch.
However there are two view modes to the new --sd action which
are 'section' (default) or 'collision'. In 'section' mode you
can only find differences connected to missing or value
unmatched ACEs but not disorder unmatch if ACE values and count
are the same. All of the mentioned differences plus disorder
ACE unmatch you can observe under 'collision' view however
it is more verbose.
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
|
|
added --pas, --dest-dsa and --replica-flags options
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
we can't do SPN updates via sam writes and replication, as the sam is
read-only
|
|
this will be used by samba_spnupdate
|
|
Our helper scripts can fail on Fedora with the PDT timezone (Western
USA). This is the same issue we found with Heimdal earlier today, the
24 second difference between GMT and UTC, but this time in MIT
Kerberos as linked into bind9.
By forcing TZ=GMT in these scripts we avoid the problem
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this allows us to use it for RODC netlogon updates
|
|
this gives one less thing that an admin can get wrong
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 02:35:29 UTC 2010 on sn-devel-104
|
|
we need a correct krb5.conf for nsupdate from bind9
|
|
we don't have the permissions to do it
|
|
|
|
The SD was not refetched for renamed entries, resulting with a try to
add an additional SD when there was already one.
|
|
|
|
different policies
|
|
Thanks to lukas@eecs.qmul.ac.uk for poiting it to me
|
|
valid
|
|
The group of this folder is domain administrator and it seems sensible
that all domain administrators have the right to modify the gpo (they
have it at the NT ACLs level ...)
|
|
in the current provision
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Sep 26 01:21:52 UTC 2010 on sn-devel-104
|
|
We now use a host specific account name for the DNS account, which is
the account used for dynamic DNS updates. We also setup the
servicePrincipalName for automatic update, and add both DNS/${DNSDOMAIN}
and DNS/${DNSNAME} for compatibility with both the old and new SPNs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
If no arguments given, ldapcmp will compare all NCs
|
|
this allows override of server IP address, bypassing NBT or DNS name
resolution of DCs
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
rootDSE module
We simply override the NTDS settings path manually
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|