summaryrefslogtreecommitdiff
path: root/source4/setup
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r18440: "builtinDomain" is not a child of "domain"Simo Sorce1-1/+0
(This used to be commit b34646f202d4e8016e627c4bb88842c21d6b2e10)
2007-10-10r18316: Build the parent tooSimo Sorce1-0/+9
(This used to be commit 1fcf725bc0a10454be8d276920ac14f346eb4a21)
2007-10-10r17982: One final hack...Andrew Bartlett1-0/+1
When against a real, schema-checking LDAP backend, we need extensibleObject on the baseDN entry (as entryUUID isn't run for creating this basic ldif) output. (This used to be commit befac43f59c4688f6c6827eb2e4e916c1056a740)
2007-10-10r17926: add trustedDomain classSimo Sorce1-0/+263
(This used to be commit 43e95f4572778fec70ea4a62b6b4d20d8f96a2f8)
2007-10-10r17876: Require one less patch for the LDAP backend to work.Andrew Bartlett2-5/+2
This lets the modules or backend generate the host and domain GUID, rather than the randguid() function. These can still be specified from the command line. Andrew Bartlett (This used to be commit 32996ca9d62568006f8bee85a1f2f37c64c04fb5)
2007-10-10r17839: do not reference possibleInferiors we have not extractedSimo Sorce1-396/+0
trim duplicate may attributes (This used to be commit 4975659fd70abdbae42ee378b7be766102f4df55)
2007-10-10r17705: Use the paged_searches module by default against the LDAP backend, ifAndrew Bartlett1-1/+1
selected. Andrew Bartlett (This used to be commit 3bb0a0d91eeb64db1ad2eeb13eab50f338caeb46)
2007-10-10r17682: Add newline to end of fileAndrew Bartlett1-1/+1
(This used to be commit 0e97b71386601a80f4bc264ee54e90a3a8a5841d)
2007-10-10r17662: some more enhancements to our schema extraction tool,Simo Sorce1-0/+205
with a nasty hack in minschema.js that I really hate (This used to be commit 74c40719f2965e2bc055e539f0933d95df070fbf)
2007-10-10r17653: fix typoSimo Sorce1-1/+1
(This used to be commit aca800bdcc5f402c1fc241e9e9c495933c85b715)
2007-10-10r17652: add oMSyntax to these attributesSimo Sorce1-0/+9
(This used to be commit 425fda84e2a4636c87b30df9df3f2c998202c933)
2007-10-10r17651: Commit the set of classess used to generate our schemaSimo Sorce1-1406/+1942
and update the schema with the latest additions (This used to be commit 09a32726111200e421b6fcacf1586bfbe6024fa6)
2007-10-10r17600: Finish the schema conversion tool, and add a mapping file, used to mapAndrew Bartlett4-27/+46
OIDs and skip built-in attributes. Andrew Bartlett (This used to be commit cb2b9d800d1228d41f7872a7b7c8ea5f07816c61)
2007-10-10r17528: This is an additional item of schema we require.Andrew Bartlett1-0/+21
Where is the script we used to create this schema file in the first place? Andrew Bartlett (This used to be commit dec2b6961ab28ecf84daa6ef329f98e6ee0927b9)
2007-10-10r17526: Move timestamp generation into the objectGUID module. It probablyAndrew Bartlett2-1/+10
needs to be renamed (operation_add?). This allows me to match the behaviour and substitute with the entryUUID module for remote LDAP connections. Andrew Bartlett (This used to be commit af02b4d7c631bb15bf5a5f73f9fdc23075d50f60)
2007-10-10r17504: Do not use the invented unixID but use the rfc2307 uidNumber and ↵Simo Sorce1-1/+2
gidNumber attributes instead Do not change unixName right now, we don't have an attribute to use in the posixGroup class, and I think we should remove its usage altogether and look up users and groups by their uid/gid only. Simo. (This used to be commit d57b521aadf24a277152ec1ff1dac3210bd14316)
2007-10-10r17499: Open the main database only the minimum times during a provision.Andrew Bartlett2-13/+162
This causes things to operate as just one transaction (locally), and to make a minimum of TCP connections when connecting to a remote LDAP server. Taking advantage of this, create another file to handle loading the Samba4 specific schema extensions. Also comment out 'middleName' and reassign the OID to one in the Samba4 range, as it is 'stolen' from a netscape range that is used in OpenLDAP and interenet standards for 'ref'. Andrew Bartlett (This used to be commit 009d0905947dec9bab81d8e6de5cb424807ffd35)
2007-10-10r17377: This attribute is maintained by the modules, don't override it.Andrew Bartlett1-3/+0
Andrew Bartlett (This used to be commit d942a8b2b6dcdc8d406d2c5b00983f0191e2a30d)
2007-10-10r17352: Don't do a modify on the objectClasses, as OpenLDAP doesn't likeAndrew Bartlett2-5/+1
this. Instead, handle this one in the add. Andrew Bartlett (This used to be commit ab355e1f5f0747225b4c3fc2e65ffb044fe03040)
2007-10-10r17351: Remove extra LDB partition we don't actually use (these are in theAndrew Bartlett1-1/+0
main database, under cn=templates). Andrew Bartlett (This used to be commit b1d061d36a4e8715576dc8cb1c4216c111d09035)
2007-10-10r17330: Enable the partitions module.Andrew Bartlett2-14/+19
This module redirects various samdb requests into different modules, depending on the prefix. It also makes moving to an LDAP backend easier, as it is just a different partition backend. This adds yet another stage to the provision process, as we must setup the partitions before we setup the magic attributes. Andrew Bartlett (This used to be commit 31225b9cb6ef6fcb7bd831043999b1b44ef1b128)
2007-10-10r17208: Add a away to test the ldb module.Simo Sorce1-0/+46
Actually you can't test both classic and ldb together, but you can replace the standard script/tests/mktestsetup.sh file with this one and run make test to see share_ldb in action (This used to be commit d4c2b893504feb3a232e74d14584405b3aaaf942)
2007-10-10r16768: Add a simple script to set a user's password. This should grow into aAndrew Bartlett1-0/+122
real smbpasswd command some day. Andrew Bartlett (This used to be commit 8d0582796608b757fde776e69ea5d70b2b13eb36)
2007-10-10r16264: Add, but do not yet enable, the partitions module.Andrew Bartlett6-53/+124
This required changes to the rootDSE module, to allow registration of partitions. In doing so I renamed the 'register' operation to 'register_control' and 'register_partition', which changed a few more modules. Due to the behaviour of certain LDAP servers, we create the baseDN entry in two parts: Firstly, we allow the admin to export a simple LDIF file to add to their server. Then we perform a modify to add the remaining attributes. To delete all users in partitions, we must now search and delete all objects in the partition, rather than a simple search from the root. Against LDAP, this might not delete all objects, so we allow this to fail. In testing, we found that the 'Domain Controllers' container was misnamed, and should be 'CN=', rather than 'OU='. To avoid the Templates being found in default searches, they have been moved to CN=Templates from CN=Templates,${BASEDN}. Andrew Bartlett (This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)
2007-10-10r16166: Remove hexidecimal constants from the Samba4 provision files.Andrew Bartlett3-78/+80
This change is required for compatibility with the OSX client, in particular, but returning 0x80000002 rather than -2147483646 violates what LDAP clients expect in general. Andrew Bartlett (This used to be commit 81f3cd1c4592d2108d521acd701ed4a70a23c465)
2007-10-10r16082: Index objectCategory like objectClass, as it is searched on a lot.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit 954785db03455daf2ff9b2828e31cb7efffe4f11)
2007-10-10r16028: Re-add the objectclass module, in the new async scheme.Andrew Bartlett1-1/+1
Add a test to show that we need this, and to prove it works (for add at least). Andrew Bartlett (This used to be commit f72079029abb594677bf8c2b63e40c07e910004f)
2007-10-10r15942: Remove the sync internal ldb calls altogether.Simo Sorce1-1/+1
This means that some modules have been disabled as well as they have not been ported to the async interface One of them is the ugly objectclass module. I hope that the change in samldb module will make the MMC happy without the need of this crappy module, we need proper handling in a decent schema module. proxy and ldb_map have also been disabled ldb_sqlite3 need to be ported as well (currenlty just broken). (This used to be commit 51083de795bdcbf649de926e86969adc20239b6d)
2007-10-10r15795: Try to use the async code by defaultSimo Sorce1-2/+2
It passess all my tests, but I still need to work on a lot of stuff. Shouldn't impact anybody else work, so I want to commit now and see what happens Will work to remove the old code from modules and backends soon, and make some more restyling in ldb internals. So, if there is something you don't like in this desgin please speak now. Simo. (This used to be commit 8b2a563e716a789ea77cbfbf2f372724de5361ce)
2007-10-10r15518: the 'password' option in POPT_COMMON_CREDENTIALS was conflicting withAndrew Tridgell1-4/+4
the password option in newuser. Move the local options above the global options to fix. (This used to be commit 2adcd4ff4ec1ef867b91274d994c39e7c0fdaad2)
2007-10-10r14313: Add comments describing some of the dependencies here.Andrew Bartlett1-0/+5
Andrew Bartlett (This used to be commit a79a185b6a8a0ac81a380ff6df5a11e45a19cb16)
2007-10-10r14200: Now we have real USN support, don't force the values in the provisionAndrew Bartlett3-106/+0
scripts. This tests the real module, and avoids duplication. Andrew Bartlett (This used to be commit 0859ba59ae00029177cd63366fc59efe8b19c973)
2007-10-10r13907: By ordering things this way, we allow the password_hash module to setAndrew Bartlett1-1/+1
the pwdLastSet time on new users (with passwords) correctly. Andrew Bartlett (This used to be commit e1b346b8e096130328440fa388de3474fadc7332)
2007-10-10r13369: let's have a way to show the samba4 version through ejsSimo Sorce1-0/+2
and use it in provisioning to fullfill rfc 3045 requirements (This used to be commit 3fb9571a76481560304a826fc945983d52123299)
2007-10-10r13320: Fix kpasswd's use of the local HDB. /dev/null was a bad idea, we wantAndrew Bartlett1-2/+2
'no filename' instead. Andrew Bartlett (This used to be commit 7de385dca4c40e98a40ef1e769826de8bff64323)
2007-10-10r13239: Silly little patch: make the order of declaration match the order ↵Andrew Bartlett1-1/+1
of use. (This used to be commit 2b605cf22c7567e1171bf73cbbd37a5f0c1a4274)
2007-10-10r13107: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in ourAndrew Bartlett1-4/+4
case) as the keytab. This avoids issues in replicated setups, as we will replicate the kpasswd key correctly (including from windows, which is why I care at the moment). Andrew Bartlett (This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
2007-10-10r13097: move the creation of the default sam name -> unix name mappings intoAndrew Tridgell1-8/+0
the main provision logic, so it can also be used as part of the vampire process (This used to be commit 95e90169f4e5887ee88116179d96f28f9e06796e)
2007-10-10r13063: Add --realm option to upgradeJelmer Vernooij1-5/+11
(This used to be commit e6aa4e92f044712ecaa4bd7099d53d9c7d083c42)
2007-10-10r12945: Try to move closer to getting Samba3 import working again.Andrew Bartlett1-2/+3
There still a few things to work out Andrew Bartlett (This used to be commit 701558b5fe917555416eb0d100ef756f8ef7cf65)
2007-10-10r12944: Update scripts in setup to match changes in the provision.jsAndrew Bartlett2-3/+9
DNS is now done as a seperate step, to assist in migrations. Andrew Bartlett (This used to be commit 916607d1d08b6a41c375766a69fd609989e35bed)
2007-10-10r12943: Generate a SID for the domain join account using the modules, ratherAndrew Bartlett2-2/+1
than a hardcoded SID. Fix the samldb module to return the what *was* the nextrid, rather than the new nextrid (that is for next time). Andrew Bartlett (This used to be commit ffe9042e15cebbc7ff1bac90ec39835753d6caa7)
2007-10-10r12941: Add Attribute Scoped Search controlSimo Sorce1-1/+1
want to see what it does ? do aq make test and try: ./bin/ldbsearch -H st/private/sam.ldb --controls=asq:1:member -s base -b 'CN=Administrators,CN=Builtin,DC=samba,DC=example,DC=com' 'objectclass=*' have fun. simo. (This used to be commit 900f4fd3435aacc3351f30afb77d3488d2cb4804)
2007-10-10r12905: add some ldap policiesSimo Sorce1-0/+33
not yet enforced except for the initial connection timeout (This used to be commit fa1ae9a44b0321b8e458bcb7fd1dcc9475b9bad3)
2007-10-10r12762: Simo correctly asked that the policy logic (which attributes containAndrew Bartlett1-0/+9
passwords) be moved into the database, and not be hard-coded in the module source. Andrew Bartlett (This used to be commit 1fbe09ce818ac1603bd747610262865b8698fe04)
2007-10-10r12749: Fix the newuser script.Andrew Bartlett1-1/+6
Andrew Bartlett (This used to be commit 42cdad5e3f06c307baf80396fd8449b803ef84c3)
2007-10-10r12746: An initial version of the kludge_acls module.Andrew Bartlett2-3/+3
This should be replaced with real ACLs, which tridge is working on. In the meantime, the rules are very simple: - SYSTEM and Administrators can read all. - Users and anonymous cannot read passwords, can read everything else - list of 'password' attributes is hard-coded Most of the difficult work in this was fighting with the C/js interface to add a system_session() all, as it still doesn't get on with me :-) Andrew Bartlett (This used to be commit be9d0cae8989429ef47a713d8f0a82f12966fc78)
2007-10-10r12745: Initial work to support a syntax to pass over controls viaSimo Sorce1-1/+1
command line to ldbsearch. Very rough work, no checks are done on the input yet (will segfault if you make it wrong). Controls are passed via the --controls switch an are comma separated (no escaping yet). General syntax is <ctrl_name>:<criticality> <ctrl_name> is a string <criticality> is 1 or 0 Current semi-parsed controls are: server_sort syntax: server_sort:1:0:attributename 1st parm: criticality 2nd parm: reversed 3rd parm: attribute name to be used for sorting todo: still missing suport for multiple sorting attributes and ordering rule no check on result code paged_results syntax: paged_results:1:100 1st parm: criticality 2nd parm: number of results to be returned todo: ldbsearch will return only the first batch (missing code to cycle over conditionally) no check on result code extended_dn syntax: extended_dn:1:0 1st parm: criticality 2nd parm: type, see MS docs on meaning Simo. (This used to be commit 4c685ac0d1638a1d5392dfe733baf0db77e84858)
2007-10-10r12739: Add support for using credentials in the provision process.Andrew Bartlett1-1/+4
This should allow us to provision to a 'normal' LDAP server. Also add in 'session info' hooks (unused). Both of these need to be hooked in on the webserver. Andrew Bartlett (This used to be commit b349d2fbfefd0e0d4620b9e8e0c4136f900be1ae)
2007-10-10r12720: By metze's request, rename the ntPwdHistory attribute toAndrew Bartlett1-2/+2
sambaNTPassword. Likewise lmPwdHistory -> sambaLMPwdHistory. The idea here is to avoid having conflicting formats when we get to replication. We know the base data matches, but we may need to use a module to munge formats. Andrew Bartlett (This used to be commit 8e608dd4bf4f108e02274a9977ced04a0a270570)