Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
(This used to be commit d2726e7609be4916b159c1e0ff4daea5568cf393)
|
|
metze
(This used to be commit 14ca6a8bf90bc73e1fdb0f510be795e28977601e)
|
|
The aim here is to ensure that if we have
CN=Users,DC=samba,DC=example,DC=com
that we cannot have a DN of the form
cn=admin ,cn=useRS,DC=samba,DC=example,DC=com
This module pulls apart the DN, fixes up the relative DN part, and
searches for the parent to copy the base from.
I've used the objectclass module, as I intend to also validate the
placement of child objects, by reading the allowedChildClasses virtual
attribute.
In the future, I'll also force the attribute names to be consistant
(using the case from the schema).
Andrew Bartlett
(This used to be commit c0a0c69ac5a81cfcb7c7d5ba38db59f8686c30ab)
|
|
Much more work is still required here, particularly to handle this
better during the provision, and to handle modifies and deletes, but
this is a start.
Andrew Bartlett
(This used to be commit 2ba99d58e9fe1f8e4b15a58a2fdfce6e876f99b4)
|
|
built a linked_attributes module under this.
Andrew Bartlett
(This used to be commit 4f47e687e579feeb10bb866d62f0c757e5389709)
|
|
over the ldb_tdb part of the problem.
Andrew Bartlett
(This used to be commit daca0cfd2fc2ec3344415d2d31f399ee3bf16151)
|
|
(This used to be commit f61a9b706894de4fa8916b55a24f330eed9f5b0c)
|
|
system/network.h because we stripped down includes.
(This used to be commit 262c1c23a61f1f4fae13e0a61179fe98b682cecf)
|
|
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
|
|
test, otherwise it would've caused a crash in the testsuite earlier...
(This used to be commit 89c8fd8c02830051e0199e234cc3e3b15e8c9879)
|
|
(This used to be commit 12d7cccd7c8c632e2d49e9c21e0e139366ffe2c3)
|
|
(This used to be commit 01ce5448f44ddda7ec864d812fe23f0fa68d1561)
|
|
2007-09-29 More higher-level passing around of lp_ctx.
2007-09-29 Fix warning.
2007-09-29 Pass loadparm contexts on a higher level.
2007-09-29 Avoid using global loadparm context.
(This used to be commit 3468952e771ab31f90b6c374ade01c5550810f42)
|
|
(This used to be commit fd697d77c9fe67a00939a1f04b35c451316fff58)
|
|
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
|
|
(This used to be commit c62f51cc28a37959128e78a1f34cfd4c6d3ba069)
|
|
when a template file is missing.
Andrew Bartlett
(This used to be commit 5093ea1cef910fe01a249b2d7ef602e2374e2b35)
|
|
(This used to be commit 091961b13be665061c7e88ab4e2808c015bc403e)
|
|
(This used to be commit 441a0404346ce2ff72e8262c5bf6ef94d3b9f331)
|
|
used subobj.ROLE and not subobj.SERVERROLE as the rest of the code
does.
Andrew Bartlett
(This used to be commit dd1cb33591819c3d4263e594c7a80de899def223)
|
|
--server-role
This must be set to either 'domain controller', 'domain member' or 'standalone'.
The default for the provision now changes to 'standalone'.
This is not because Samba4 is particularlly useful in that mode, but
because we still want a positive sign from the administrator that we
should advertise as a DC.
We now do more to ensure the 'standalone' and 'member server'
provision output is reasonable, and try not to set odd things into the
database that only belong for the DC.
Andrew Bartlett
(This used to be commit 4cc4ed7719aff712e735628410bd3813c7d6aa40)
|
|
(This used to be commit 935ac3189d93e53841dc47c0f9c7fcca5661a2bb)
|
|
and ugly hacks to handle the string termination.
metze
(This used to be commit 32bb276920d3f6987427613c6f1bc71557d8893e)
|
|
Jeremy.
(This used to be commit 0844dbf597191b3e4d35a696695b229e986daec4)
|
|
metze
(This used to be commit d0ada02532d10e8b31c390ee191b94c2f2299cb0)
|
|
The Web 2.0, async client tools were really interesting, but without
developer backing they remain impossible to support into a release.
The most interesting app was the LDB browser, and I intend to replace
this with phpLdapAdmin, preconfigured for Apache during provision.
This also removes the need to 'compile' SWAT on SVN checkouts.
Andrew Bartlett
(This used to be commit cda965e908055d45b1c05bc29cc791f7238d2fae)
|
|
number in more places.
(This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
|
|
(This used to be commit 5085c53fcfade614e83d21fc2c1a5bc43bb2a729)
|
|
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
|
|
(This used to be commit 08bb1ef643ab906f1645cf6f32763dc73b1884e4)
|
|
(This used to be commit 925abf74fa1ed5ae726bae8781ec549302786b39)
|
|
Andrew Bartlett
(This used to be commit 9f18a9711771a88be7c38bc26ae6e59fb98f93dd)
|
|
working module, live or dead, is purely co-incidental.
Andrew Bartlett
(This used to be commit 64cc31642fd2ded149631d07bc022213f19595b8)
|
|
The module is scary: On a rename, it does a search for all entries
under that entry (including itself), and fires off a seperate rename
call for each result. This will fail miserably on an LDAP backend,
but I'll need to work on using hdb for OpenLDAP, and hope Fedora DS
can implement subtree renames at some point.
Andrew Bartlett
(This used to be commit 13908a8cb4dd810503213203efb8d51f77f1f379)
|
|
provision failures when some of the random password values are illigal
LDIF.
Andrew Bartlett
(This used to be commit 876003f6c6466bfd37ec9b05c9a1f1cc83dd9898)
|
|
The keytab in dns.keytab should (I hope) do the job.
Andrew Bartlett
(This used to be commit af4d331eef91ef7699d179d15e7337fff1eff7bb)
|
|
(This used to be commit 1ce32673d960c8b05b6c1b1b99e1976a402417ae)
|
|
LDIF files for the registry files.
(This used to be commit 67ad556b7388e5d82756e0a3cfc596e44136329c)
|
|
have
been working on for at least half a year now. Contains the following
improvements:
* proper layering (finally!) for the registry library. Distinction is
now made between 'real' backends (local, remote, wine, etc) and
the low-level hive backends (regf, creg, ldb, ...) that are only used
by the local registry backend
* tests for all important hive and registry operations
* re-enable RPC-WINREG tests (still needs more work though, as
some return values aren't checked yet)
* write support for REGF files
* dir backend now supports setting/reading values, creating keys
* support for storing security descriptors
* remove CREG backend as it was incomplete, didn't match the data model
and wasn't used at all anyway
* support for parsing ADM files as used by the policy editor (see lib/policy)
* support for parsing PREG files (format used by .POL files)
* new streaming interface for registry diffs (improves speed and memory usage
for regdiff/regpatch significantly)
... and fixes a large number of bugs in the registry code
(This used to be commit 7a1eec6358bc863dfc671c542b7185d3e39d7b5a)
|
|
configuration.
When we sort out GSS-TSIG on the server, we can expand this to have
the 'right stuff'.
Andrew Bartlett
(This used to be commit 8f02ade1b2cc164f64f4ea8a371c107ccf6a81b3)
|
|
and rename the containing functions to have a ndr_
prefix
metze
(This used to be commit cb234d43ae693af5d8a921a15c9bcac3c6f0359a)
|
|
metze
(This used to be commit 84651aee81aaabbebf52ffc3fbcbabb2eec6eed5)
|
|
rename dcerpc_interface_list -> ndr_interface_list
and move them to libndr.h
metze
(This used to be commit 4adbebef5df2f833d2d4bfcdda72a34179d52f5c)
|
|
and move it to librpc/ndr/libndr.h
metze
(This used to be commit abd5551aabae1820baaa52a963e8c7aa9605914e)
|
|
Andrew Bartlett
(This used to be commit 68bdbd732fc02ce5a8ef8eb0107459ff3b7eb723)
|
|
This patch prevents non-root and non-administrator users from running
the provision, upgrade and vampire pages. *I think* the rest of SWAT
is LDB operations, or otherwise authenticated, so we should now be
secure.
I wish I had a better way to 'prove' we got this right, but this is better than nothing, and moves us closer to an alpha.
Andrew Bartlett
(This used to be commit d61061052dc4711f886199e49bc303002c8f9b11)
|
|
Before the provisioning enters to the function provision_default_paths (in
scripting/libjs/provision.js), the variable subobj.DNSDOMAIN isn't properly set
(for example for the filename of the DNS zonefile).
Andrew Bartlett
(This used to be commit 07a9db1438df93442c5b50b1b97ca69662749608)
|
|
On default Active Directory installations, the NETLOGON share isn't
an indipendent directory. In fact it's mapped to the subdirectory
"scripts" from the share SYSVOL under <Domain name>.
Andrew Bartlett
(This used to be commit 923d67ea9d78da46235221375b49b6f1d0d6a862)
|
|
This involves creating the SYSVOL and NETLOGON shares at provision
time, and creating the right subdirectories.
This also changes the behaviour of lp.get("foo") in ejs - we now
return undefined, rather than syntax error, if the parameter doesn't
exist (perhaps because the share isn't defined).
Andrew Bartlett
(This used to be commit 45cadf3bc0d38f6600666511a392e1ce353adee7)
|
|
split out the auth methods.
This caused all SWAT logins to fail, except when using local system
authentication.
Andrew Bartlett
(This used to be commit b5a9d507a37cd46bd325ff3118c08b4362f267f2)
|