| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
SID modifications are denied.
|
|
Necessary for correct descriptor inheritance. Based on the default state
of a single DC. Will be modified later when we support multiple DCs.
|
|
This was a bad idea all along, as Simo said at the time. With the
full MS schema and enforcement of it, it is an even worse idea.
This fixes the provision of the member server in 'make test'
Andrew Bartlett
|
|
The instanceType needs to be specified in future because that's how
the partitions are actually created.
|
|
Give the possibility to specify controls when loading ldif files.
Relax control is specified by default for all ldb_add_diff (request Andrew B).
Set domainguid if specified at the creation of object instead of modifying afterward
Allow to specify objectGUID for NTDS object of the first DC this option is used during provision upgrade.
|
|
We need to find a better way to apply this (used in the Fedora DS LDAP
backend), not by trying to tunnel this down the module stack.
Andrew Bartlett
|
|
This reworks quite a few parts of our provision system to use
CN=NETBIOSNAME as the domain for member servers.
This makes it clear that these domains are not in the DNS structure,
while complying with our own schema (found by OpenLDAP's schema
validation).
Andrew Bartlett
(This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402)
|
|
(This used to be commit e9bb130d63e86fafc4cbf379e2e237354b88bcf8)
|
|
Previously, we would create the first record in the DB as an LDIF
file, with the expectation that the administrator would use slapadd to
create the database.
We now do everything over LDAP, which is far simpler, and allows the
LDB module chain to do its work, without special cases.
Also fix naming of the output schema when suggesting the comamnd line
to run ad2oLschema in provision-backend.
Andrew Bartlett
(This used to be commit e77375758d66e94e5e0b6e61a97c9281c3d9c71f)
|
|
metze
(This used to be commit 2a6e6a2695b256411c91768c7bee748228e40e6f)
|
|
Add in a hook for adding an ACI, needed to allow anonymous access
until we hook across a SYSTEM token to the LDAP server.
Andrew Bartlett
(This used to be commit f45504e2714680978f101b4a98516686a17531df)
|
|
When against a real, schema-checking LDAP backend, we need
extensibleObject on the baseDN entry (as entryUUID isn't run for
creating this basic ldif) output.
(This used to be commit befac43f59c4688f6c6827eb2e4e916c1056a740)
|
|
this. Instead, handle this one in the add.
Andrew Bartlett
(This used to be commit ab355e1f5f0747225b4c3fc2e65ffb044fe03040)
|
|
This required changes to the rootDSE module, to allow registration of
partitions. In doing so I renamed the 'register' operation to
'register_control' and 'register_partition', which changed a few more
modules.
Due to the behaviour of certain LDAP servers, we create the baseDN
entry in two parts: Firstly, we allow the admin to export a simple
LDIF file to add to their server. Then we perform a modify to add the
remaining attributes.
To delete all users in partitions, we must now search and delete all
objects in the partition, rather than a simple search from the root.
Against LDAP, this might not delete all objects, so we allow this to
fail.
In testing, we found that the 'Domain Controllers' container was
misnamed, and should be 'CN=', rather than 'OU='.
To avoid the Templates being found in default searches, they have been
moved to CN=Templates from CN=Templates,${BASEDN}.
Andrew Bartlett
(This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)
|
