Age | Commit message (Collapse) | Author | Files | Lines |
|
This defines a rootdn globally, and due to OpenLDAP bugs, gives it
manage access to the whole database. This makes the memberOf module
able to validate the links again, now we have database ACLs.
Andrew Bartlett
(This used to be commit 9fe3e9f09f89fd92f8a16768e53391ff5f8489ec)
|
|
(This used to be commit d2a527acc5ee6fe9b943657dc9c3ace920b2d619)
|
|
Set a memberof-dn in a fruitless attempt to fix the ACL problem I'm
having with OpenLDAP
Andrew Bartlett
(This used to be commit 6d6e03834a1a77a8ceba41fbe8c9d49680065ba3)
|
|
(This used to be commit a3912801fb25f715725c06402d4bdff9a926f15d)
|
|
Fedora DS is still setup for simple binds only, at this point.
(it also fails on other issues).
Andrew Bartlett
(This used to be commit b24c572d5a38c1f6906751c2ad2f809e1995b510)
|
|
This reworks our LDAP backend code to move from anonymous access to a
shared-secret SASL-protected connection. (SASL selects NTLM or
DIGEST-MD5 on my system).
To get this working, we must pre-populate the LDAP backend with a DN
to store ths SASL secret on, and we use back-ldif for this.
This gives us a reasonable basis to deploy a replicated OpenLDAP
backend solution.
Andrew Bartlett
(This used to be commit cd0745253c4a9ec59a035e830e54d74a05b71aaa)
|
|
This attribute is used in a very similar way (virtual attribute
updating the password) in AD on Win2003, so eliminate the difference.
This should not cause a problem for on-disk passwords, as by default
we do not store the plaintext at all.
Andrew Bartlett
(This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)
|
|
Instead of extensibleObject, we use the new (more correct) ad2oLschema
tool, and a new objectClass called 'samba4Top', which we add and
remove in the same way we did extensibleObject.
Andrew Bartlett
(This used to be commit 5ab20aa8b43415751f77602fff3a3008bf2186db)
|
|
This test (as most tests do :-) found a few bugs, also fixed in this
commit.
Andrew Bartlett
(This used to be commit d96a6482dad54d1d27a87107865e833a9c32cf53)
|
|
(This used to be commit f134a701e7c2d64a684d55691fd66e2aaeb15812)
|
|
(This used to be commit b8f2e6321dd06508f9cc48e8d76d20232cb7d60e)
|
|
These tests will create their own smb.conf in their prefix anyway.
Andrew Bartlett
(This used to be commit c0322e8e27d67655b7498b27df0829aa5682a345)
|
|
Metze requested that the format not include spaces, and the input parser
already expects this.
Andrew Bartlett
(This used to be commit 3b1f5d10360ed1b26980d748a7c9be6db5977bd3)
|
|
This should allow the prefixMap to be edited, until we find the right
way to autogenerate it.
Andrew Bartlett
(This used to be commit 24ae9a55ec326807afd8d5bfa0a422a6668bd7c3)
|
|
This needs a blackbox test...
(This used to be commit 268c1de095411991ffb22ee835bfb88f8bce235a)
|
|
This only solves part of bz #5480. The settings for Enforced & Link Enabled
now match the default settings of a Windows DC, but they are still "locked"
and cannot be changed via the GUI.
(This used to be commit 761e667e45475d3a7d5a41558b400ba4c94c4650)
|
|
(This used to be commit 4ca8f32a37196c81547679b2ee8d00cb77a01269)
|
|
(This used to be commit ebf130e9e57b640129cf0d05dbd7d210b71ea371)
|
|
(This used to be commit 453206665677821b254c18cc67192e007b892f04)
|
|
(This used to be commit cd8c8226784c96d7f1dbae006a4853eb50c7b2e2)
|
|
(This used to be commit 9b39e99f48266a54ed0b8890c2efde218b4b118a)
|
|
(This used to be commit 58f956dc4591137489cba16f360f2d24d91dadc1)
|
|
(This used to be commit 0e429dd1fb15137a2a7c25e051b9af8c4ed8c7f3)
|
|
Fix config.mk due to changing syntax.
Conflicts:
source/libcli/config.mk
source/nbt_server/config.mk
(This used to be commit 6a1c76f29f78183f44dfac6f468c5e728d2cb2cf)
|
|
Added code to the python provisioning to create the named.conf file that was
previously generated by the EJS provisioning.
Updated the named.conf template to provide the additional details necessary
to get things working.
(This used to be commit 0b7a6bfcba1b906dc4d461882b4c3fe3c91c44e0)
|
|
This change ensures the KVNO of the principal in secrets.ldb (which is also
exported to the dns.keytab) matches the KVNO associated with the "dns" user.
Without explicitly setting msDS-KeyVersionNumber, the KVNO exported into the
dns.keytab was 0.
KVNO needs to be > 0, as the client libs (at least MIT libs on Fedora)
consider KVNO == 0 as a sign to ignore that particular key.
(This used to be commit 572efc8e65457a982a8cbb04d3b10e3aae22d574)
|
|
(This used to be commit 9683f7434c7ea01631d8adae9d43274c77ff51de)
|
|
The library it relied on has already been removed.
Andrew Bartlett
(This used to be commit 97427731a520283fdd3c8e582ac1f8be7699013e)
|
|
(This used to be commit 5268649b7ef60a2caae9cdf66dfeaf6d2037aba3)
|
|
(This used to be commit b507109bb676715f7d9616e13b0e19305e9c2559)
|
|
(This used to be commit d3df51cd01e53383dcc05923d248db03bc6f62e9)
|
|
As some future point we might get these scripting interfaces into
better shape, and provide a python interface to this functionality
again.
Andrew Bartlett
(This used to be commit 717dcb2c54b1e22b7c8efb322deec55abb7689c2)
|
|
This gives us a lot more headroom, and means that we have a lower
chance of running into real local users
(This used to be commit b2dac6645c3bce45ab2178b9f5b4e017486b5b8e)
|
|
(This used to be commit e891157b4ec7b2f845fb20c4106d80bf169f2072)
|
|
parametic options:
smb2:max read size = NNN
smb2:max write size = NNN
The defaults are 65536, which is what Vista sets, and what we
previously set
(This used to be commit 9e60164cae42b5dd95720e48301a2ac57e95482a)
|
|
The new idmap world does not use the unixUser any more, so we need to
set up the entry (if wanted) in the idmap database. Users without a
backing unix user will get an allocated uid by idmap later.
Andrew Bartlett
(This used to be commit 8bd8bc1475ddf22d4702dcd17028a9043a5e629f)
|
|
This should cover a few more codepaths in the provision script.
Andrew Bartlett
(This used to be commit 75c8dc6c6f3134bb78356630f24617aaeb869344)
|
|
This ensures we don't fall out of sync with the provision scripts.
Andrew Bartlett
(This used to be commit 566c60b4649e2b94bf467993acd4bf72c7368e5a)
|
|
This option allows Fedora DS multi-master replication to work. I've
tried to update the wiki and scripts to the largely consistant with
each other.
Andrew Bartlett
(This used to be commit 42393c830733b2cc99ebccdafe944fcf3d82734f)
|
|
In particular, allow for the server DN to be in a different site
(possible outcome of a DRS replication).
Andrew Bartlett
(This used to be commit 9ee4e39fe178317f42fd9a0adceea24b55dfe0f1)
|
|
(This used to be commit 696b58f5dd8370b7ee0670c7a3e5db10234b41ff)
|
|
Merge branch 'v4-0-ipv6' of git://git.id10ts.net/samba into 4-0-abartlet
Andrew Bartlett
(This used to be commit d3336684f084f984500dd0893dd01bcfc5be0ab1)
|
|
(This used to be commit 8585a3c77d5dfe97bca3f08716fc06ac2819f578)
|
|
module prohibits it anyway.
Andrew Bartlett
(This used to be commit c5b287c056855892f30fbbf32efe7d65da31ce91)
|
|
In particular, this should draw attention to accidential 'standalone'
server provisions and therefore cause less frustration.
Andrew Bartlett
(This used to be commit e906ae041a2b589ffceff97b74f7c4b01386382a)
|
|
This fixes up the python credentials interface in a number of areas,
with the aim of supporting '-k yes' as a command line option. (This
enables the use of kerberos).
As such, I've had to change the get_credentials call to take a
loadparm context, so that the credentials can be initialised
correctly.
The test_kinit script has been modified to prove that this continues
to work, as well as to provide greater code coverage of the kerberos
paths.
Andrew Bartlett
(This used to be commit 727ef40c2b56910028ef3c1092b8eab1bfa6ce63)
|
|
(This used to be commit ebe5e8399422eb7e2ff4deb546338823e2718907)
|
|
(This used to be commit 2e14b4ea64ba7e223f29b5b535b1b1be326f711c)
|
|
These need a testsuite, but this will come soon.
Andrew Bartlett
(This used to be commit fbcaa622bd1929399e32326349e96b6676a49b96)
|
|
Andrew Bartlett
(This used to be commit 861a85985d2d27f58cb8fa2fef0d445c7dac94c6)
|