Age | Commit message (Collapse) | Author | Files | Lines |
|
default SPN alias.
Andrew Bartlett
(This used to be commit e4fe5802dae544f4dabf0c6d04a55be1144d8820)
|
|
templating support for foreignSecurityPrincipals to the samdb module.
This is an extension beyond what microsoft does, and has been very
useful :-)
The setup scripts have been modified to use the new template, as has
the SAMR and LSA code.
Other cleanups in LSA remove the assumption that the short domain name
is the first component of the realm.
Also add a lot of useful debug messages, to make it clear how/why the
SamSync may have gone wrong. Many of these should perhaps be hooked
into an error string.
Andrew Bartlett
(This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
|
|
dn: cn=foo,ou=bar
objectClass: person
implies
dn: cn=foo,ou=bar
objectClass: person
cn: foo
(as well as a pile more default attributes)
We also correct the case in the attirbute to match that in the DN
(win2k3 behaviour) and I have a testsuite (in ejs) to prove it.
This module also found a bug in our provision.ldif, so and reduces
code complexity in the samdb module.
Andrew Bartlett
(This used to be commit 0cc58f5c3cce12341ad0f7a90cdd85a3fab786b3)
|
|
domain name.
Remove the use of flatname from the main domain object, we no longer
reference it.
Andrew Bartlett
(This used to be commit 2303e24be74570187b23c3d31d0433263c83ba7e)
|
|
This is now calculated on the fly for every add and modify.
Andrew Bartlett
(This used to be commit ed1f2e029c840d2b3ecb49dbe6e8cd67588eeeed)
|
|
override the template for these attributes.
Andrew Bartlett
(This used to be commit 3462cbadb285313dfd88234b144d1921d2bcc880)
|
|
This ensures the templating code is used, and also makes it clearer
what I need to duplicate in the vampire area.
Also fix a silly bug in the template application code (the samdb
module) that caused templates to be compleatly unused (my fault, from
my commit last night).
Andrew Bartlett
(This used to be commit 4a8ef7197ff938942832034453f843cb8a50f2d1)
|
|
boilerplate attributes in every entry in provision.ldif.
The next step will be to use templates.
Andrew Bartlett
(This used to be commit 940ed9827f5ab83b668a60a2b0110567dd54c3e2)
|
|
This code applies correct ldap standard wildcard matching code
removes WILDCARD matching from tdb @ATTRIBUTES, that's now handled independently
adds some more tests for wildcard matching
fixes dn comparison code in ldb_match
(This used to be commit 4eb5863042011988d85092d7dde3d809aa15bd59)
|
|
REALM's
are working in the hdb-ldb module
metze
(This used to be commit d24f39a5d746b9eabc4d5f6f6070a85be084d82c)
|
|
- add --krbtgtpass and --machinepass options, with them you can easy set them to default
values for testing so that you don't need to setup a new keytab file when you rerun provision.pl
metze
(This used to be commit cfb72455970c182aaba67bf9cf9775a854f143ff)
|
|
(This used to be commit 1ba296b9d0ed1cf0961bdd3cde03f1ce56e1d72b)
|
|
Andrew Bartlett
(This used to be commit 90e94a4630c24282cd93ee05e258877b38e24a57)
|
|
so re-enable
indexing on objectSid
(This used to be commit 5781c83ba4ef919520e9668a40aafc8f74fe5700)
|
|
quite a large change as we had lots of code that assumed that
objectSid was a string in S- format.
metze and simo tried to convince me to use NDR format months ago, but
I didn't listen, so its fair that I have the pain of fixing all the
code now :-)
This builds on the ldb_register_samba_handlers() and ldif handlers
code I did earlier this week. There are still three parts of this
conversion I have not finished:
- the ltdb index records need to use the string form of the objectSid
(to keep the DNs sane). Until that it done I have disabled indexing on
objectSid, which is a big performance hit, but allows us to pass
all our tests while I rejig the indexing system to use a externally
supplied conversion function
- I haven't yet put in place the code that allows client to use the
"S-xxx-yyy" form for objectSid in ldap search expressions. w2k3
supports this, presumably by looking for the "S-" prefix to
determine what type of objectSid form is being used by the client. I
have been working on ways to handle this, but am not happy with
them yet so they aren't part of this patch
- I need to change pidl to generate push functions that take a
"const void *" instead of a "void*" for the data pointer. That will
fix the couple of new warnings this code generates.
Luckily it many places the conversion to NDR formatted records
actually simplified the code, as it means we no longer need as many
calls to dom_sid_parse_talloc(). In some places it got more complex,
but not many.
(This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
|
|
that w2k does work. For example, w2k asks for sAMAccountType=805306369 which
will only match if we know its an integer
(This used to be commit 941509ee58253b671bb74b2d8d8667cc6a1a4328)
|
|
unixName that we are running as in the test suite. Otherwise files are
created as a user without any entry in the sam, so the ACL doesn't
allow that user read permission when it should. This should fix the
RAW-ACLS test in the build farm.
(This used to be commit 30445483e4facb0a1d8a5979a2eac6c166193c09)
|
|
object on the
first DC in the forest!
metze
(This used to be commit 8ea59f23728450cd42c221e69f375d6e390c4a79)
|
|
and long names for a domain.
Add servicePrincipalName mapping table (administrator configurable),
in the same spot as microsoft uses.
Andrew Bartlett
(This used to be commit c25e78b4b34384a3a79a920f50f01be696a048ba)
|
|
(This used to be commit 4401c74fbc630d7ab7983c5f901483f3d7ddd8fb)
|
|
query with this
in uppercase)
(This used to be commit f0c37555ff30c3e5ff4680d0b33bc105ebd3a0b1)
|
|
We need to pass the 'secure channel type' to the NETLOGON layer, which
must match the account type.
(Yes, jelmer objects to this inclusion of the kitchen sink ;-)
Andrew Bartlett
(This used to be commit 8ee208a926d2b15fdc42753b1f9ee586564c6248)
|
|
- move provision stuff to setup/
- remove unused scripts
metze
(This used to be commit c35887ca649675f28ca986713a08082420418d74)
|