Age | Commit message (Collapse) | Author | Files | Lines |
|
The directory names (MACHINE, USER) are upcased to help locating the default
group policies under the SYSVOL dir (the additional ones have only the first
letter upcased of those directory names).
|
|
metze
|
|
|
|
The partition module normally makes the sequence number extended op
operate across all partitions. It will be useful in the repl task to
be able to ask for the sequence number of one partition
|
|
It's useful seeing the object count without as much detail
|
|
These memory leaks were mostly caused by the fact that
refresh_partitions is now called periodically
|
|
Without this the client will not update its repsFrom highest_usn values
|
|
When the client tells us the highest_usn they have is N, then we want
to send them objects with usn>N, not>=N, as otherwise we end up
sending them the same object (the one with the highest uSN) again and
again.
|
|
uSNChanged>=N is good enough, and offers a possibility of a simple
optimisation where the partition module could look for that expression
and check the partitions sequence number, then avoid searching a
partition that doesn't have any records with a larger uSN.
|
|
we only need to allocate a new sequence number when
replPropertyMetaData is changing or being created on an object
|
|
I think these modules ended up LGPL because someone based the module
on an existing LGPL module in the core ldb, and it spread from
there. Certainly there is no reason for the ldb modules that are not
distributed as part of ldb to be LGPL.
|
|
We were relying on the uSNChanged>=n search always finding the DN of
the root of the partition, but this now doesn't happen very often as
we are now restricting when we change uSNChanged. This means we need
to always load the replUpToDateVector attribute from the NC root and
use it to populate the cursors in the return.
|
|
We now have dsdb_loadreps() and dsdb_savereps()
|
|
When changing non-replicated attributes we should not update the
uSNChanged attribute on the record, otherwise the DRS server will
think this record needs replicating.
|
|
If we already have a repsFrom for a particular DC and naming context
then we should not overwrite it, as it contains info on what
replication we've already done
|
|
|
|
|
|
This module is now part of Samba 4's dsdb subsystem rather than
standalone ldb.
|
|
|
|
This patches fixes the last difference between s4 and Windows Server regarding
group policy objects: we hadn't the domain controller policy.
- Adds the domain controller policy as it is found in the "original" AD
- Adds also the right version number in the GPT.INI file for the domain group
policy (was missing)
|
|
|
|
|
|
thanks to id10ts for spotting this. I was a victim of emacs zone mode,
which increaed it with each edit.
|
|
The KCC might have changed repsFrom, which is stored in the partitions
structure
|
|
Guenther
|
|
A KCC is a 'Knowledge Consistency Checker', a fancy name for a daemon
that works out who will replicate with who in a AD domain. This
implements an extremely simple KCC task that just wants to replicate
with everyone :-)
|
|
thanks to Metze for spotting this
|
|
|
|
Guenther
|
|
Patch from Andrew Kroeger wasn't fully correct - we need a "talloc_free" after
the "if (ac->r_current == NULL)" statement.
|
|
Every time we change a ldb object with the repl_meta_data module
loaded we need to update the replPropertyMetaData attribute to fix the
timestamps and USNs of the attributes being changed.
|
|
|
|
|
|
The SPNs end in the DNS domain name
|
|
An early return here didn't do any good :-)
|
|
When a DsAddEntry is used to create a nTDSDSA object we need to also
create the SPNs for the NTDS GUID in the servers machine account.
|
|
The DNS entries and SPNs are needed for samba<->samba DRS
replication. This patch adds them for a standalone DC configure. A
separate patch will add them for the vampire configure
|
|
Right now parentGUID is a normal attribute in s4, but it should be
generated, which means we need to ask for it in a search if we want to
use it.
|
|
When tracking down complex connection problems its useful knowing what
name lookups failed.
|
|
|
|
After this change, when a test fails, it gives
reasonable failure message.
|
|
The macro actually wraps common code pattern used in
almost every test for DRSUAPI interface
|
|
NOTE: Not every place where printf is used is replaced by
torture_comment. Future work shall "missed" printfs also.
|
|
This fixes the issue with the original files that they didn't have a
leading # in front of the comments, which caused our parsing scripts
much pain. The files are now exactly as delivered.
Andrew Bartlett
|
|
As found when running "make test" with the MALLOC_CHECK_ and MALLOC_PERTURB_
environment variables set.
|
|
DsCrackNamesPrivate structure basically inherits DsPrivate
structure while adding few test-specific members.
|
|
|
|
DRSUAPI_DS_NAME_FORMAT_UKNOWN added to 'known-to-fail'
responses as this actually means to ask AD to resolve
a name from FQDN format to Unknown format.
|
|
|
|
The added tests include basic validation that the script runs and accepts all
custom arguments. The tests also verify changes to the password complexity,
minimum password length, and minimum password length settings.
|