Age | Commit message (Collapse) | Author | Files | Lines |
|
At this point, support for checks on LDAP add, delete, rename and modify.
Old kludge_acl is still there to handle the searches.
This module is synchronous as the async version was impossible to debug,
will be converted to async after some user testing.
|
|
|
|
Add call for setting the create permissions.
|
|
in "ldb_wrap_connect"
|
|
Necessary for correct descriptor inheritance. Based on the default state
of a single DC. Will be modified later when we support multiple DCs.
|
|
|
|
Rather than try and remove the records in the LDB files, make the
provision remove the whole file. This also removes the need to try
and carry forward the old ldb filenames.
Andrew Bartlett
|
|
This splits the code, while keeping the original behaviour. The
provision.py file had become just too long.
Andrew Bartlett
|
|
|
|
|
|
|
|
of the Schema
|
|
Rather than treat the LDAP backend as a special case, treat all
backends the same, with different callbacks.
Andrew Bartlett
|
|
|
|
|
|
since the initial provision
|
|
We want our scripts to die immediately when a user hits
control-C. Otherwise we not only annoy the hell out of the user, we
also risk db corruption as the control-C could get delivered as an
exception which gets mis-interpreted (eg. as a missing db object). We
use transactions for all our databases, so the right thing to do in
all our command line tools is to die immediately.
|
|
If we don't include Python.h first then we get a pile of warnings due
to broken redefines of XOPEN_SOURCE in the Python includes.
|
|
By splitting the module this way, we can load the schema at startup, after
the partitions module is operational, but we leave the 'mess with details of
entries in the partitions' module to operate only on the partitions module.
Loading the schema later allows us to set the @ATTRIBUTES correctly on all
the databases.
Andrew Bartlett
|
|
"guess_names"
abartlet pointed out that those are essential for a safe and consistent provision.
|
|
- Cleans it up from unnecessary "lower()/upper()" and parameters which can be
derived through "lp" calls.
- Substitute the "HOSTNAME" caption in the "smb.conf" templates with
"NETBIOS_NAME" which fits better.
- Now the "realm" and "domain" parameter of the provision are totally case
insensitive and the script itself up/downcases them appropriately depending
on the use (e.g. "realm" upcase for KERBEROS, lowcase for DNS domainname).
|
|
|
|
This helps us upgrade from sam.ldb files before the dynamic partitions
work, and ensures we use the right casefolding functions.
Andrew Bartlett
|
|
The issue here is that if we don't put the partitions metadata in the
database before we wipe it, we won't wipe the partitions contents, and
so the provision will later fail (entry already exists)
Andrew Bartlett
|
|
The new partitions code knows to copy these items in when creating a
new parition, so we can set it from the start.
Andrew Bartlett
|
|
This is done by passing an extended operation to the partitions module
to extend the @PARTITION record and to extend the in-memory list of
partitions.
This also splits things up into module parts that belong above and below
repl_meta_data
Also slit the partitions module into two files due to the complexity
of the code
Andrew Barltett
|
|
privileges are now stored in a separate database
|
|
|
|
When FDS is used as a backend, Samba should not use the
linked_attributes LDB module, but instead use the built-in
DS plugins for attribute linking, indexing, and referential
integrity.
|
|
I think this is a better location for this script. Since the subdirectory
"script" of "source4" contains only scripts for "make install" and "make
uninstall".
|
|
|
|
This avoids having to do make install after each change when using the
drs devel scripts
|
|
(Remove unneeded "upper"s)
|
|
This was a bad idea all along, as Simo said at the time. With the
full MS schema and enforcement of it, it is an even worse idea.
This fixes the provision of the member server in 'make test'
Andrew Bartlett
|
|
|
|
These scripts, originally by tridge, allow developers to easily
reproduce the same domain join senerio time after time.
They need documentation, and the template named.conf and zone files
for hosting an AD domain are not provided. However, I hope to have
the provision script provide these shortly.
They assume a local 'bind' set up to read PREFIX/private/named.conf
(as per the provision instructions).
Ensure you edit the 'vars' file to match your local setup.
Andrew Bartlett
|
|
|
|
|
|
The instanceType needs to be specified in future because that's how
the partitions are actually created.
|
|
This allows this control to be specified as critical. We support the
control because we choose to always be durable in our transactions.
We really, really need a 'duplicate request' API, as at the
moment we can't do this without a large, error-prone set of code that
cannot cope with new request fields or types.
Andrew Bartlett
|
|
(allows addition of systemOnly classes)
|
|
Give the possibility to specify controls when loading ldif files.
Relax control is specified by default for all ldb_add_diff (request Andrew B).
Set domainguid if specified at the creation of object instead of modifying afterward
Allow to specify objectGUID for NTDS object of the first DC this option is used during provision upgrade.
|
|
Windows 2003 Native
|
|
|
|
This reverts commit 11a7842854c0be8c427a2dbf0a8fc3761cda6298.
abartlet claims that this patch could lead to data loss (look at technical
mailing list)
|
|
function levels
Adds a parameter "--function-level" which allows to specify the domain and
forest function level.
|
|
|
|
|
|
|
|
This reverts commit ffd48a79ee34dc90c0f6f16564c3a0de8b53d3d2.
|