Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
by Python2.3.
|
|
- Remove spurious line breaks
- Add missing attributeId from docs
- Remove incorrect multiple values of systemFlags
- Fix duplicate attributeId
- Fix schemaIdGuid syntax
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
We need to move 1.3.6.1.4.1.7165.4.1 and 1.3.6.1.4.1.7165.4.2 to the
end...(if we still need them, which we should avoid)
metze
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This should make it easier to import just the schema entries from the
WSPP docs.
Andrew Bartlett
|
|
depending on the backend
This just changes the existing stratagy of loading different modules
for the OpenLDAP backend to also include extended_dn_out_*
When we provision the OpenLDAP backend, we make sure to include the
'deref' overlay (which must be made available by the OpenLDAP build)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
default domain name.
|
|
are given).
|
|
This schema is *NOT* licenced under a standard Free Software licence,
but does provide us the freedoms we need to use the schema, and the
requirement to distribute as 'part of an implemenation' is similar to
common Free font licences that are accepted by major linux distributions.
Andrew Bartlett
|
|
This should fix the OpenLDAP backend
|
|
|
|
|
|
|
|
it should always have been. Make it also async so that it is not a special case.
|
|
metze
|
|
|
|
|
|
|
|
We need to make sure replicated updates are handled differently
in some situations, e.g. we should bypass the schema checks.
metze
|
|
In the future, we might simply randomly generate this, or allow the
admin to specify it seperate to the admin password. However, both are
highly sensitive, as they imply read access to the krbtgt.
Andrew Bartlett
(This used to be commit 57d19ad002c523fb9a09694e6710ab7f588d44ec)
|
|
This avoids passing rootdn passwords or replicated data in cleartext
across the network.
Signed-of-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit 67373c143a1d8a9f310fd116dbf81c1dd123b75f)
|
|
trusted-domains
(This used to be commit a057c3ed9df2670e5cad5f1807e280d77eb58cb0)
|
|
Signed-of-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit 80f31c3272b8bc803629c27357033fd325529db1)
|
|
This makes it easy to set the expiry (or no expiry) for a samdb user
(This used to be commit 25171f18a4b242b5a731f4ac1eefc51cc82efd74)
|
|
(This used to be commit cf37126ac7b833a3a739b151157c296afc0c979c)
|
|
value in for group type to avoid sign extension, otherwise we don't
find the builtin groups
(This used to be commit 9b558639395bd8209313bb7ed2e04821c83975a4)
|
|
template.
Andrew Bartlett
(This used to be commit b36c6a21ad12fdc1b53efdc3f29cde7614b4fa9e)
|
|
This changes the @ATTRIBUTES record to be for bootstrapping only,
before we find the schema.
Andrew Bartlett
(This used to be commit 358477fcc041d5fb2e6ac5641c2f899cc49cfb69)
|
|
<oliver@itc.li>
This changes the RIDs to be <serverID><DBID>, to ease later debugging.
The need to specify the port on the MMR URLs is now included in the
help.
Andrew Bartlett
(This used to be commit a5cbe8c09c6f14f95ff9ba9b8782e2100fc55695)
|
|
(This used to be commit fc6b4f03ebba015a13a6ab93221b0bc3ef8ef2ed)
|
|
This changes the MMR password from hard-coded value of 'linux',
adds tests and fixes the Fedora DS backend.
Currently the MMR password matches the admin password, but we can
change this to be another random value if required.
Also require the port to be specified on the command line, so we don't
hard-code a port of 9000.
Andrew Bartlett
(This used to be commit 08257c6d6ce809fcd53f9b2b4d558fef616b74ce)
|
|
This patches provision-backend and the related scripts to generate the
correct configuration blobs for N-way multi-master replication using
OpenLDAP.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit 6ed0b3f2475022288f636605492ca27fde97cd52)
|
|
This sets the attributes in a seperate transaction, and allows a
forced delete of the whole file.
Andrew Bartlett
(This used to be commit 423db2468ba3dac89cebc59c8498c0b08c5f3d7b)
|
|
This merges the table once found in the oLschema2ldif tool (and moved
many times) with the table used for DRSUAPI.
The OpenLDAP schema map has been updated, to ensure that despite a
number of attributes being declared as OIDs, they are actually used as
strings (as they are actually LDAP class/attribute names).
Andrew Bartlett
(This used to be commit 61f2958c84beeedcf369ccdc02afed0c8055b108)
|
|
This reads the schema from the in-memory structure, when the magic
attributes are requested. The code is a modified version of that used
in the ad2oLschema tool (now shared).
The schema_fsmo module handles the insertion of the generated result.
As such, this commit also removes these entries from the setup/schema.ldif
Metze's previous stub of this functionality is also removed.
Andrew Bartlett
(This used to be commit c7c32ec7b42bdf0f7b669644516438c71b364e60)
|
|
SAM database.
(This used to be commit be75b2a36ee49f66ada3ec3ababa82d74085d559)
|
|
(This used to be commit ae311d89d2d477b235a6a9294a8bb463ed0a8c05)
|
|
This is an odd place for an OID registry - we perhaps need a central
wiki page.
Andrew Bartlett
(This used to be commit 1c909973977ae117703c1ccf7589acc4625e76e5)
|
|
- fixes bug #4813 (simplify DNS setup)
- This reworks the named.conf to be a fully fledged include
- This also moves the documentation into named.txt
- improves bug #4900 (Group policy support in Samba)
- by creating an empty GPT.INI
- fixes bug #5582 (DNS: Enhanced zone file)
- This is now closer to the zone file AD creates
committed by Andrew Bartlett
(This used to be commit 74d684f6b329d7dd573cdc55e16bb8e629474b02)
|
|
This defines a rootdn globally, and due to OpenLDAP bugs, gives it
manage access to the whole database. This makes the memberOf module
able to validate the links again, now we have database ACLs.
Andrew Bartlett
(This used to be commit 9fe3e9f09f89fd92f8a16768e53391ff5f8489ec)
|
|
(This used to be commit d2a527acc5ee6fe9b943657dc9c3ace920b2d619)
|
|
Set a memberof-dn in a fruitless attempt to fix the ACL problem I'm
having with OpenLDAP
Andrew Bartlett
(This used to be commit 6d6e03834a1a77a8ceba41fbe8c9d49680065ba3)
|
|
(This used to be commit a3912801fb25f715725c06402d4bdff9a926f15d)
|
|
Fedora DS is still setup for simple binds only, at this point.
(it also fails on other issues).
Andrew Bartlett
(This used to be commit b24c572d5a38c1f6906751c2ad2f809e1995b510)
|
|
This reworks our LDAP backend code to move from anonymous access to a
shared-secret SASL-protected connection. (SASL selects NTLM or
DIGEST-MD5 on my system).
To get this working, we must pre-populate the LDAP backend with a DN
to store ths SASL secret on, and we use back-ldif for this.
This gives us a reasonable basis to deploy a replicated OpenLDAP
backend solution.
Andrew Bartlett
(This used to be commit cd0745253c4a9ec59a035e830e54d74a05b71aaa)
|
|
This attribute is used in a very similar way (virtual attribute
updating the password) in AD on Win2003, so eliminate the difference.
This should not cause a problem for on-disk passwords, as by default
we do not store the plaintext at all.
Andrew Bartlett
(This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)
|
|
Instead of extensibleObject, we use the new (more correct) ad2oLschema
tool, and a new objectClass called 'samba4Top', which we add and
remove in the same way we did extensibleObject.
Andrew Bartlett
(This used to be commit 5ab20aa8b43415751f77602fff3a3008bf2186db)
|