Age | Commit message (Collapse) | Author | Files | Lines |
|
allow the objectclass module to reconstruct the objectclass hierarchy,
rather than using templates.
The issue being fixed in particular is that 'top' was not being set on
containers.
This should ensure we do this right for all objects.
Andrew Bartlett
(This used to be commit d17a0058ba8492b8b3f81b6f10fc34b3e45bb8a6)
|
|
(This used to be commit 4634bb282bec35c75e74e47f5ce67835a3556b68)
|
|
Andrew Bartlett
(This used to be commit 9f18a9711771a88be7c38bc26ae6e59fb98f93dd)
|
|
to working GSS-TSIG DDNS.
Andrew Bartlett
(This used to be commit 99f832e7edcf940003fe9a2506622d991bc00f27)
|
|
provision failures when some of the random password values are illigal
LDIF.
Andrew Bartlett
(This used to be commit 876003f6c6466bfd37ec9b05c9a1f1cc83dd9898)
|
|
The keytab in dns.keytab should (I hope) do the job.
Andrew Bartlett
(This used to be commit af4d331eef91ef7699d179d15e7337fff1eff7bb)
|
|
needs tests.
(This used to be commit aa98d219571c4a7af1e5a0f8483cc17a4b6b36e2)
|
|
LDIF files for the registry files.
(This used to be commit 67ad556b7388e5d82756e0a3cfc596e44136329c)
|
|
with a patch from Andrew Kroeger <andrew@sprocks.gotdns.com>.
The changes to samldb_fill_foreignSecurityPrincipal_object() look much
larger then they are: We just skip all the objectSid generation if the
SID is supplied.
By providing a few more objects, standard dialogs on the clients are
better behaved, for these 'well known' users.
Andrew Bartlett
(This used to be commit 35ee4aee719e69983d650602d1c6422a31600001)
|
|
autogenerated by the objectclass module when the the entries are
added.
Andrew Bartlett
(This used to be commit 79e13349f00d009fc5dd0cdddade379df906ebc8)
|
|
have
been working on for at least half a year now. Contains the following
improvements:
* proper layering (finally!) for the registry library. Distinction is
now made between 'real' backends (local, remote, wine, etc) and
the low-level hive backends (regf, creg, ldb, ...) that are only used
by the local registry backend
* tests for all important hive and registry operations
* re-enable RPC-WINREG tests (still needs more work though, as
some return values aren't checked yet)
* write support for REGF files
* dir backend now supports setting/reading values, creating keys
* support for storing security descriptors
* remove CREG backend as it was incomplete, didn't match the data model
and wasn't used at all anyway
* support for parsing ADM files as used by the policy editor (see lib/policy)
* support for parsing PREG files (format used by .POL files)
* new streaming interface for registry diffs (improves speed and memory usage
for regdiff/regpatch significantly)
... and fixes a large number of bugs in the registry code
(This used to be commit 7a1eec6358bc863dfc671c542b7185d3e39d7b5a)
|
|
(This used to be commit ce9b64341159cb1a8f42809dcecc0b1e80eb8a5e)
|
|
(This used to be commit 98350b35ab0b0f06cc9ddf8edaf3dfe705c3e5bf)
|
|
configuration.
When we sort out GSS-TSIG on the server, we can expand this to have
the 'right stuff'.
Andrew Bartlett
(This used to be commit 8f02ade1b2cc164f64f4ea8a371c107ccf6a81b3)
|
|
than using templates.
Modify the samba3sam test to be less fussy, and not use the
objectclass module (which requires proper schema stuff now).
Andrew Bartlett
(This used to be commit 53c248c2645e86fbc8720860aed92a479483b528)
|
|
include the attribute allowedChildClassesEffective for MMC to allow
the creation of containers.
This may need further refinement, but it seems to work for now.
Andrew Bartlett
(This used to be commit d053b8e218767cb12e20a00fb18995e30869db11)
|
|
This involves creating the SYSVOL and NETLOGON shares at provision
time, and creating the right subdirectories.
This also changes the behaviour of lp.get("foo") in ejs - we now
return undefined, rather than syntax error, if the parameter doesn't
exist (perhaps because the share isn't defined).
Andrew Bartlett
(This used to be commit 45cadf3bc0d38f6600666511a392e1ce353adee7)
|
|
that we had the wrong objectClass for OU=Domain
Controllers,${DOMAINDN} (was CN=Domain Controllers,${DOMAINDN})
This fixes both the SAMR server and the LDIF templates.
Andrew Bartlett
(This used to be commit 625a9e6c041bedc93925bdebb3a60af1dbdde317)
|
|
where LDB isn't as strict as OpenLDAP, the self join record contains
duplicate servicePrincipalNames once the DNS name and domain name are
made equal. (Easier to just skip the useless self-join).
Andrew Bartlett
(This used to be commit 49ff929be6fcf57721532de13bdd7a7e1617af6f)
|
|
--ldap-manager-pass= option to work.
Andrew Bartlett
(This used to be commit fbcb1ec14125a4ca57922ec75b01af9a99dcd954)
|
|
Andrew Bartlett
(This used to be commit 17dad5d8c345c2c3a7643bff7a43473339a22d40)
|
|
to set up the LDAP backend.
Andrew Bartlett
(This used to be commit cc7900210a2e473060d5897ec729923ac6b2f18d)
|
|
on metze's schema work.
Andrew Bartlett
(This used to be commit 3111bbdf64f57bf8d2638fd9829c071dcfeb4af1)
|
|
patch).
- samba3sam.js: rework the samba3sam test to not use objectCategory,
as it's has special rules (dnsName a simple match)
- ldap.js: Test the ordering of the objectClass attributes for the baseDN
- schema_init.c: Load the mayContain and mustContain (and system...) attributes when
reading the schema from ldb
- To make the schema load not suck in terms of performance, write the
schema into a static global variable
- ldif_handlers.c: Match objectCategory for equality and canonicolisation
based on the loaded schema, not simple tring manipuation
- ldb_msg.c: don't duplicate attributes when adding attributes to a list
- kludge_acl.c: return allowedAttributesEffective based on schema results
and privilages
Andrew Bartlett
(This used to be commit dcff83ebe463bc7391841f55856d7915c204d000)
|
|
abartlet's
request).
Guenther
(This used to be commit 5410b23ea6649f49e8f24a57854f5e72f114aaef)
|
|
(including the config files) is created by provision-backend.
Andrew Bartlett
(This used to be commit 6d4d90399f5a0451fcf2156a465123801e027359)
|
|
(sorry for breaking the build)
Andrew Bartlett
(This used to be commit 0108334fe3331b7a2cfa972c6f0674b56d436cb5)
|
|
this just fixes make install
metze
(This used to be commit 236da2cb3db5297b6b9c40a572c3d547954f5090)
|
|
easily try this out.
I also intend to use this for the selftest, but I'm chasing issues
with the OpenlDAP (but not Fedora DS) backend.
Andrew Bartlett
(This used to be commit 0f457b1d2e20c36ab220b4a6711ce7930c4c7d21)
|
|
OpenLDAP or Fedora DS backend.
This required a new mkdir() call in ejs.
We can now provision just the schema for ad2oLschema to operate on
(with provision_schema(), without performing the whole provision, just
to wipe it again (adjustments to 'make test' to come soon).
Andrew Bartlett
(This used to be commit 01d54d13dc66ef2127ac52c64ede53d0790738ec)
|
|
metze
(This used to be commit c9e017c00864d08ad6eb38092abd29810604e207)
|
|
Andrew Bartlett
(This used to be commit 55c7c0906ccb741ab002f460164ccbbe56b55a98)
|
|
(This used to be commit f60817d7970ab449ac327f4da312f10350b9636f)
|
|
clients do correctly see our group policies, but the gpmc admin tool
doesn't yet work to allow you to edit the policies
(This used to be commit 4c6e01a585f59caf7d2d87833f5eedc018ed8acc)
|
|
common search operator.
Andrew Bartlett
(This used to be commit a258455e757dcc67637502bedf7066580cbf4034)
|
|
(This used to be commit 45d668d19f661cbaff257b91ed2525577e3cf0d2)
|
|
(This used to be commit 600d39e0bacfd669bdee0ea3aec6bdc02113993b)
|
|
--partitions-only (suggestions for a better name welcome) will setup
the partitions records, but no any data in those partitions. This can
then point at the already configured remote LDAP server.
Andrew Bartlett
(This used to be commit ee7b06fc832ca7c572205c7c268c3c7c552effa0)
|
|
(This used to be commit b5afec8b828e1aba231501b68aa4196b94a87c32)
|
|
Andrew Bartlett
(This used to be commit ef9320ae5b0b01bd39b60c22ff4e3698ac0ae9a7)
|
|
metze
(This used to be commit 7c381b2d4f92622ac7efdcc6b8e405d418e2d4bb)
|
|
OpenLDAP is fussy about operational attributes in user-supplied
schema.
Andrew Bartlett
(This used to be commit d7cd4b768a7f56ced8ed94b9a63d01865ba7d10a)
|
|
Make the Fedora DS backend test again.
Andrew Bartlett
(This used to be commit 65327a0e4d61e2c9813720f04fe24ffc5c49278b)
|
|
partitions onto the target LDAP server.
Make the LDAP provision run before smbd starts, then stop the LDAP
server. This ensures this occurs synchronously, We then restart it
for the 'real run' (with slapd's stdin being the FIFO).
This required fixing a few things in the provision scripts, with more
containers being created via a add/modify pair.
Andrew Bartlett
(This used to be commit 860dfa4ea1ab2b62d4d4fe0644e0a9b882fdafa1)
|
|
is broken, so that one is still disabled.
(This used to be commit ef794f03d50022a77303c77045a04d9407d07cbc)
|
|
metze
(This used to be commit 199416a4d3d7e0f4c416c66cb92e49fc9a83a556)
|
|
are not used anymore
metze
(This used to be commit 9e91bd64492c45ee333f5e797d4d492378600356)
|
|
We were returning just true/false and discarding error number and string.
This checking probably breaks swat, will fix it in next round as swat
is what made me look into this as I had no way to get back error messages
to show to the users.
Simo.
(This used to be commit 35886b4ae68be475b0fc8b2689ca04d766661261)
|
|
metze
(This used to be commit 5c779b3767b47c140fc658fb9aed0ebfd5d956f0)
|
|
them as a hook on ldb modify, via a module.
This should allow the secrets.ldb to be edited by the admin, and to
have things update in the on-disk keytab just as an in-memory keytab
would.
This isn't really a dsdb plugin, but I don't have any other good ideas
about where to put it.
Andrew Bartlett
(This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
|