Age | Commit message (Collapse) | Author | Files | Lines |
|
This makes getting the module order correct, the obligation of Samba4
developers, and not system administrators. In particular, once an ldb
is updated to use only the 'samba_dsdb' module, no further changes to the
ldb should be required when upgrading to later Samba4 versions.
(thanks to metze for the suggestion of samba_dsdb as a long-term
stable name for the module)
Andrew Bartlett
|
|
This makes the member server much more like the DC, the objectGUID
module replaces the repl_meta_data module.
We also generally rework the construction of the list, building a full
list in python, and then transforming it into a string, rather than
playing string concatonation games
Andrew Bartlett
|
|
|
|
The schema needs to be loaded above the extended_dn_out modules as
otherwise we don't get an extended DN in the search results.
The reference split is to ensure we create references after the
objects they reference exist.
Andrew Bartlett
|
|
These flags, also on dsdb_module_search_dn() allow us to add commonly
set controls to this pre-packaged blocking search, without rebuilding
the whole function in each caller.
Andrew Bartlett
|
|
|
|
Necessary for correct descriptor inheritance. Based on the default state
of a single DC. Will be modified later when we support multiple DCs.
|
|
Rather than treat the LDAP backend as a special case, treat all
backends the same, with different callbacks.
Andrew Bartlett
|
|
|
|
|
|
|
|
While this does not matter very much, others may later expect 'cn' to be case
insensitive.
Andrew Bartlett
|
|
- Cleans it up from unnecessary "lower()/upper()" and parameters which can be
derived through "lp" calls.
- Substitute the "HOSTNAME" caption in the "smb.conf" templates with
"NETBIOS_NAME" which fits better.
- Now the "realm" and "domain" parameter of the provision are totally case
insensitive and the script itself up/downcases them appropriately depending
on the use (e.g. "realm" upcase for KERBEROS, lowcase for DNS domainname).
|
|
|
|
This allows a blackbox test to confirm this can be set.
Andrew Bartlett
|
|
The new partitions code knows to copy these items in when creating a
new parition, so we can set it from the start.
Andrew Bartlett
|
|
This is done by passing an extended operation to the partitions module
to extend the @PARTITION record and to extend the in-memory list of
partitions.
This also splits things up into module parts that belong above and below
repl_meta_data
Also slit the partitions module into two files due to the complexity
of the code
Andrew Barltett
|
|
|
|
The last attribute this contained was 'privilege' which is now gone
|
|
privileges are now stored in a separate database
|
|
Our schema is getting a bit cleaner :-)
|
|
When FDS is used as a backend, Samba should not use the
linked_attributes LDB module, but instead use the built-in
DS plugins for attribute linking, indexing, and referential
integrity.
|
|
This was a bad idea all along, as Simo said at the time. With the
full MS schema and enforcement of it, it is an even worse idea.
This fixes the provision of the member server in 'make test'
Andrew Bartlett
|
|
We are now defaulting to win2003 functional level, and see to report
the right revisions of our db and schema
|
|
(So they can be always found by the SAMLDB module)
|
|
The instanceType needs to be specified in future because that's how
the partitions are actually created.
|
|
Give the possibility to specify controls when loading ldif files.
Relax control is specified by default for all ldb_add_diff (request Andrew B).
Set domainguid if specified at the creation of object instead of modifying afterward
Allow to specify objectGUID for NTDS object of the first DC this option is used during provision upgrade.
|
|
Windows 2003 Native
|
|
- Improve the error handling according to Jelmer's suggestions
- Print out the error messages on "stderr"
- Add also here the "choice" type for arguments
|
|
function levels
Adds a parameter "--function-level" which allows to specify the domain and
forest function level.
|
|
When adding a W2K8 DC to a domain running earlier DC versions, the "adprep"
utility is used to perform schema updates and update other attributes as
necessary.
Adding these entries provides an indication that the adprep utility has been run
with the /forestprep, /domainprep and /rodcprep arguments. Although these
entries indicate adprep has been run, nothing has been done to verify that the
changes that the adprep utility would have made have actually been done.
The values used for the revision atttributes are as seen on a W2K8 DC (not
W2K8 R2, which will probably have higher values).
|
|
We are running the W2K8 schema version, not the W2K3 version.
|
|
- We support domain/forest function levels >= (Windows) 2003 Native -> adapt the
domain/forest and DC function level restrictions.
- Consider also the lowest function level of a DC. The domain and forest function
levels can never be higher than it.
- Improve the error handling by printing out messages to "stderr"
- Introduce the "choice" type for choice arguments (saves us some error handling)
|
|
|
|
|
|
|
|
I removed it since on some scripts it was present, on others not - so I thought
it wouldn't be really needed. This was a bad decision (pointed out by abartlet).
So I reintroduce it on all scripts (to have consistent parameters).
|
|
|
|
|
|
TODO's:
ACE sorting and clarifying the inheritance of object specific ace's.
|
|
|
|
The second "nTMixedDomain" attribute (under Partitions/Domain-DN) is only a
copy of the one under the directory root object. Therefore there doesn't exist
the "Windows 2000 Mixed" forest level.
|
|
I reread some docs about this attributes and it seems that this as mapping
attribute isn't host specific but in common for the whole domain. To allow
Windows DCs to join our s4 domain sooner or later we have to provide the full
attribute.
|
|
- The tool displays now also mixed/interim domain levels and warns about them
(s4 isn't capable to run on them)
- But it allows now also to raise/step-up from them
- It displays now also levels higher than 2008 R2 (altough we don't support them
yet) but to be able to get a correct output
|
|
I had to think about how to encode the string 0x0001 (taken from Windows Server).
The problem is due to the "0" byte at the beginning of it. BASE64 encoding
seems a good method to do it.
|
|
|
|
Accidentally removed by a previous commit.
|
|
- I removed also the "-H" parameter since those scripts are all thought for the
use on a local s4 domain controller. Another reason is also the bind as SYSTEM
account which itself is only possible on local binds.
|
|
- This unified the shape of those four scripts (comments, command sequence, call
of SamDB)
- To consider the samdb.py changes regarding the filter: there is now always the
possibility either to specify the username or the search filter
|
|
|