summaryrefslogtreecommitdiff
path: root/source4/setup
AgeCommit message (Collapse)AuthorFilesLines
2009-01-16Add copyright headers.Jelmer Vernooij3-14/+53
2009-01-05Merge branch 'master' of ssh://git.samba.org/data/git/sambaJelmer Vernooij2-1/+6
2009-01-05More work to have OpenLDAP accept the full AD schemaAndrew Bartlett2-1/+6
We need to avoid handling DN+Binary and DN+String with the refint module for now, as this is a currently unsupported syntax. Also rename entryTTL to avoid a conflict with the operational attribute of the same name. Andrew Bartlett
2009-01-05Use fqdn rather than gethostname when guessing realm.Jelmer Vernooij1-1/+1
2008-12-21Fix more tests, improve repr() functions for various Python types.Jelmer Vernooij2-2/+2
2008-12-21Move tests for ParamFile.Jelmer Vernooij1-1/+1
2008-12-21Fix various Python-related bugs.Jelmer Vernooij1-1/+2
2008-12-20Corrections to Microsoft's schema and the OpenLDAP mapping fileAndrew Bartlett2-0/+63
2008-12-19Merge branch 'master' of ssh://git.samba.org/data/git/sambaJelmer Vernooij8-45/+24
2008-12-19Avoid use of parentheses in Python import statements, as it's not supported ↵Jelmer Vernooij2-4/+2
by Python2.3.
2008-12-19Fix errors in MS-AD_Schema_Attributes_v20080618.txtSreepathi Pai2-36/+9
- Remove spurious line breaks - Add missing attributeId from docs - Remove incorrect multiple values of systemFlags - Fix duplicate attributeId - Fix schemaIdGuid syntax Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2008-12-19Here's the prefixMap from w2k8.Stefan (metze) Metzmacher1-2/+9
We need to move 1.3.6.1.4.1.7165.4.1 and 1.3.6.1.4.1.7165.4.2 to the end...(if we still need them, which we should avoid) metze Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2008-12-19Move aggregate schema stub to it's own fileAndrew Bartlett2-3/+3
This should make it easier to import just the schema entries from the WSPP docs. Andrew Bartlett
2008-12-17s4:provision: use extended_dn_out_ldb or extended_dn_out_dereference ↵Andrew Bartlett1-0/+2
depending on the backend This just changes the existing stratagy of loading different modules for the OpenLDAP backend to also include extended_dn_out_* When we provision the OpenLDAP backend, we make sure to include the 'deref' overlay (which must be made available by the OpenLDAP build) Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:setup: fix cut-n-paste error Builtin-Domain => Samba4-Local-DomainAndrew Bartlett1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:setup: don't set objectCategory: CN=Domain-DNS,${SCHEMADN}Andrew Bartlett1-3/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16s4/provision: Upper case default realm, use only first part of realm as ↵Jelmer Vernooij1-2/+2
default domain name.
2008-12-11Add interactive flag to setup/provision (also the default when no arguments ↵Jelmer Vernooij1-2/+27
are given).
2008-12-10Add AD schema from Microsoft's WSPP documentation.Andrew Bartlett3-0/+19124
This schema is *NOT* licenced under a standard Free Software licence, but does provide us the freedoms we need to use the schema, and the requirement to distribute as 'part of an implemenation' is similar to common Free font licences that are accepted by major linux distributions. Andrew Bartlett
2008-12-02Don't treat the DN+binary syntax as a DN.Andrew Bartlett2-4/+4
This should fix the OpenLDAP backend
2008-10-30Don't create LanMan Directory Replication Service key (bug 4934).Jelmer Vernooij1-4/+0
2008-10-20Mark clearTextPassword as a privilaged attributeAndrew Bartlett1-0/+1
2008-10-20Fix blackbox tests on IPv6-only hosts.Jelmer Vernooij1-2/+2
2008-10-16Transform the sequence_number operation into a normal extended operation as ↵Simo Sorce1-0/+2
it should always have been. Make it also async so that it is not a special case.
2008-10-02s4:setup: add wellknownObjects to the domain objectStefan Metzmacher1-0/+8
metze
2008-09-30Merge branch 'master' of ssh://git.samba.org/data/git/sambaAndrew Tridgell1-1/+1
2008-09-29Use the new 'samba4' name for our internal hdb plugin.Andrew Bartlett1-1/+1
2008-09-29added some more well known SIDs - thanks to the WSPP LSAT test suiteAndrew Tridgell1-0/+60
2008-09-29s4:dsdb: passdown DSDB_CONTROL_REPLICATED_UPDATE_OID for replicated updatesStefan Metzmacher1-0/+2
We need to make sure replicated updates are handled differently in some situations, e.g. we should bypass the schema checks. metze
2008-09-08Make it clear that the MMR password can differ from the admin passswordAndrew Bartlett1-1/+1
In the future, we might simply randomly generate this, or allow the admin to specify it seperate to the admin password. However, both are highly sensitive, as they imply read access to the krbtgt. Andrew Bartlett (This used to be commit 57d19ad002c523fb9a09694e6710ab7f588d44ec)
2008-09-08Use DIGEST-MD5 authentication for OpenLDAP replicationOliver Liebel3-6/+19
This avoids passing rootdn passwords or replicated data in cleartext across the network. Signed-of-by: Andrew Bartlett <abartlet@samba.org> (This used to be commit 67373c143a1d8a9f310fd116dbf81c1dd123b75f)
2008-09-08Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into ↵Andrew Bartlett2-1/+57
trusted-domains (This used to be commit a057c3ed9df2670e5cad5f1807e280d77eb58cb0)
2008-09-06Remove <tab> in OpenLDAP MMR configOliver Liebel1-1/+0
Signed-of-by: Andrew Bartlett <abartlet@samba.org> (This used to be commit 80f31c3272b8bc803629c27357033fd325529db1)
2008-08-30Add a setexpiry operation in samdb.pyAndrew Tridgell1-1/+13
This makes it easy to set the expiry (or no expiry) for a samdb user (This used to be commit 25171f18a4b242b5a731f4ac1eefc51cc82efd74)
2008-08-30added a simple script for setting password expiryAndrew Tridgell1-0/+44
(This used to be commit cf37126ac7b833a3a739b151157c296afc0c979c)
2008-08-22now that ldap integers are 32 bit, we need to put the right 32 bitAndrew Tridgell1-19/+19
value in for group type to avoid sign extension, otherwise we don't find the builtin groups (This used to be commit 9b558639395bd8209313bb7ed2e04821c83975a4)
2008-08-21The index handling is now configured from the schema load, not by aAndrew Bartlett1-19/+0
template. Andrew Bartlett (This used to be commit b36c6a21ad12fdc1b53efdc3f29cde7614b4fa9e)
2008-08-20Apply attributes (and their syntax) from the schema into ldbAndrew Bartlett1-0/+7
This changes the @ATTRIBUTES record to be for bootstrapping only, before we find the schema. Andrew Bartlett (This used to be commit 358477fcc041d5fb2e6ac5641c2f899cc49cfb69)
2008-08-20Update OpenLDAP MMR configuration per comments by Oliver LiebelAndrew Bartlett1-1/+1
<oliver@itc.li> This changes the RIDs to be <serverID><DBID>, to ease later debugging. The need to specify the port on the MMR URLs is now included in the help. Andrew Bartlett (This used to be commit a5cbe8c09c6f14f95ff9ba9b8782e2100fc55695)
2008-08-19Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartletAndrew Bartlett3-10/+13
(This used to be commit fc6b4f03ebba015a13a6ab93221b0bc3ef8ef2ed)
2008-08-19Fix up new OpenLDAP MMR code.Andrew Bartlett4-6/+10
This changes the MMR password from hard-coded value of 'linux', adds tests and fixes the Fedora DS backend. Currently the MMR password matches the admin password, but we can change this to be another random value if required. Also require the port to be specified on the command line, so we don't hard-code a port of 9000. Andrew Bartlett (This used to be commit 08257c6d6ce809fcd53f9b2b4d558fef616b74ce)
2008-08-19Generate Multi-Master Replication configuration for OpenLDAPOliver Liebel4-5/+49
This patches provision-backend and the related scripts to generate the correct configuration blobs for N-way multi-master replication using OpenLDAP. Signed-off-by: Andrew Bartlett <abartlet@samba.org> (This used to be commit 6ed0b3f2475022288f636605492ca27fde97cd52)
2008-08-19Fix templates.ldb reprovision handling.Andrew Bartlett2-10/+10
This sets the attributes in a seperate transaction, and allows a forced delete of the whole file. Andrew Bartlett (This used to be commit 423db2468ba3dac89cebc59c8498c0b08c5f3d7b)
2008-08-18Merge the two attribute syntax tables.Andrew Bartlett1-0/+3
This merges the table once found in the oLschema2ldif tool (and moved many times) with the table used for DRSUAPI. The OpenLDAP schema map has been updated, to ensure that despite a number of attributes being declared as OIDs, they are actually used as strings (as they are actually LDAP class/attribute names). Andrew Bartlett (This used to be commit 61f2958c84beeedcf369ccdc02afed0c8055b108)
2008-08-15Generate the subSchema in cn=AggregateAndrew Bartlett1-549/+0
This reads the schema from the in-memory structure, when the magic attributes are requested. The code is a modified version of that used in the ad2oLschema tool (now shared). The schema_fsmo module handles the insertion of the generated result. As such, this commit also removes these entries from the setup/schema.ldif Metze's previous stub of this functionality is also removed. Andrew Bartlett (This used to be commit c7c32ec7b42bdf0f7b669644516438c71b364e60)
2008-08-01Add helper object Hostconfig to make it easier to get to e.g. theJelmer Vernooij1-3/+2
SAM database. (This used to be commit be75b2a36ee49f66ada3ec3ababa82d74085d559)
2008-07-23Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartletAndrew Bartlett1-0/+6
(This used to be commit ae311d89d2d477b235a6a9294a8bb463ed0a8c05)
2008-07-23Explain where some other OIDs are allocated.Andrew Bartlett1-0/+6
This is an odd place for an OID registry - we perhaps need a central wiki page. Andrew Bartlett (This used to be commit 1c909973977ae117703c1ccf7589acc4625e76e5)
2008-07-22Improve DNS and Group poicy configurations.Matthias Dieter Wallnöfer3-51/+65
- fixes bug #4813 (simplify DNS setup) - This reworks the named.conf to be a fully fledged include - This also moves the documentation into named.txt - improves bug #4900 (Group policy support in Samba) - by creating an empty GPT.INI - fixes bug #5582 (DNS: Enhanced zone file) - This is now closer to the zone file AD creates committed by Andrew Bartlett (This used to be commit 74d684f6b329d7dd573cdc55e16bb8e629474b02)
2008-07-21Make invalid 'member' detection work again.Andrew Bartlett1-0/+4
This defines a rootdn globally, and due to OpenLDAP bugs, gives it manage access to the whole database. This makes the memberOf module able to validate the links again, now we have database ACLs. Andrew Bartlett (This used to be commit 9fe3e9f09f89fd92f8a16768e53391ff5f8489ec)
generated by cgit (git 2.34.1) at 2024-11-02 18:31:56 +0000