Age | Commit message (Collapse) | Author | Files | Lines |
|
Rather than have the functional levels scattered in 4 different,
unconnected locations, the provision script now sets it, and the
rootdse module maintains it's copy only as a cached view onto the
original values.
We also use the functional level to determine if we should store AES
Kerberos keys.
Andrew Bartlett
|
|
- This changes the attribute "forceLogoff" to its' default
values according to Windows Server 2003 R2
- Also this corrects the "subRefs" attribute of the base-DN which only refers
to direct child partitions (and therefore not to the complete transitive closure)
|
|
Set the values like Windows Server 2003 R2.
|
|
DC object
Found after some comparisons against Windows Server 2003 R2.
|
|
the display specifiers
The object version showed up in the Windows 2003 Server R2 AD.
The "systemFlags" attribute has been set to the right value.
|
|
|
|
In particular, ensure that we can acutally change the password under
these circumstances.
Andrew Bartlett
|
|
|
|
|
|
This makes AD client tools happier, as they know they are talking to
an AD server.
per Bug 6229 by Matthieu Patou <mat@matws.net>
Andrew Bartlett
|
|
Incorrectly added in 95eeef91d3ed7daf8e19029eadcc610caf26db63, and
found by OpenLDAP backend tests run by Theodor Chirana <office@adaptcom.ro>
Andrew Bartlett
|
|
Without this entry, opening the COM+ tab under the properties of an OU within
ADUC results in the following error:
"Unable to retrieve all user properties, 0x80072030"
|
|
Without these entries, using the 'Delegate Control' option in ADUC results in
the following error message in the Delegation of Control Wizard:
"The templates could not be applied. One or more of the templates is not
applicable. Click Back and select different templates, and then try again."
|
|
The classDisplayName attribute controls the actual text displayed to the user
for the top-level menus, so added it to the existing entries.
The attributeDisplayNames attribute contains both the text displayed to the
user and a mapping to the internal directory attribute name for the particular
field, so added these to the existing entries as well.
Added new entries as appropriate to properly complete all menus and labels
within ADUC.
|
|
This enables the sofware rollout feature in Samba4
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
This is required to get provision against OpenLDAP working again
|
|
|
|
This is made up of 4 parts:
1) change our schema to include the parentGUID attribute type
2) in the add hook in the objectclass module, get the objectGUID of
the parent and add it to the message as parentGUID
3) in the rename hook in the objectclass module, get the objectGUID
of the new parent, and insert an async modify request after the
renmam is done
4) added a simple test suite
|
|
Also remove the copy of the licence text from licence.txt, to ensure
we don't get variations between the copies.
Andrew Bartlett
|
|
- removed workaround for olcSyncprovConfig - creation (works perfect now
with 2.4.15, release was today)
- added 1 message-helpline, which is displayed when running
provision-backend with olc and/or mmr setup
- corrected 1 wrong slapcommand-helpline
- slapd.conf is removed now in case of olc-setup
- added 1 copyright-line to provision.py and provision-backend
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
These extensions add mmr (multi-master-replication) and olc
(openldap-online-configuration) capabilities to the
provisioning-scripts (provision-backend and provision.py), for use
with the openldap-backend (only versions >=2.4.15!).
Changes / additions made to the provision-backend -script:
added new command-line-options:
--ol-mmr-urls=<list of whitespace separated ldap-urls> for use with mmr
(can be combined with --ol-olc=yes),
--ol-olc=[yes/no] (activate automatic conversion from static slapd.conf
to olc),
--ol-slaptest=<path to slaptest binary> (needed in conjunction with
--ol-olc=yes)
Changes / additions made to the provision.py -script: added
extensions, that will automatically generate the chosen mmr and/or olc
setup for the openldap backend, according to the to chosen parameters
set in the provision-backend script
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
python module.
|
|
|
|
|
|
fixes test.
|
|
|
|
|
|
|
|
We need to avoid handling DN+Binary and DN+String with the refint
module for now, as this is a currently unsupported syntax.
Also rename entryTTL to avoid a conflict with the operational
attribute of the same name.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
|
|
|
|
by Python2.3.
|
|
- Remove spurious line breaks
- Add missing attributeId from docs
- Remove incorrect multiple values of systemFlags
- Fix duplicate attributeId
- Fix schemaIdGuid syntax
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
We need to move 1.3.6.1.4.1.7165.4.1 and 1.3.6.1.4.1.7165.4.2 to the
end...(if we still need them, which we should avoid)
metze
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This should make it easier to import just the schema entries from the
WSPP docs.
Andrew Bartlett
|
|
depending on the backend
This just changes the existing stratagy of loading different modules
for the OpenLDAP backend to also include extended_dn_out_*
When we provision the OpenLDAP backend, we make sure to include the
'deref' overlay (which must be made available by the OpenLDAP build)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
default domain name.
|
|
are given).
|
|
This schema is *NOT* licenced under a standard Free Software licence,
but does provide us the freedoms we need to use the schema, and the
requirement to distribute as 'part of an implemenation' is similar to
common Free font licences that are accepted by major linux distributions.
Andrew Bartlett
|
|
This should fix the OpenLDAP backend
|
|
|