| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
When things go wrong with LDB, this routine seems to be particularly
sensitive to it. This extra debugging should help the next poor soul who
breaks LDB.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This fixes a bug in the ldb.i python wrapper, that showed up under valgrind.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This allows searches with the extended DN control to still print the
extended DN in ldif output (it would otherwise be parsed and hidden in
the structure).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Encode and decode the OpenLDAP dereference control (draft-masarati-ldap-deref-00)
At this time, the ldb_controls infrustructure does not handle request
and reply controls having different formats, so this is purely the
client implementation (ie, there is no decode of the client->server
packet, and no encode of the server->client packet).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
The OpenLDAP dereference control (draft-masarati-ldap-deref-00) uses
an attribute list, as found in the search reply, but without one
enclosing ASN1_SEQUENCE(0)
This allows the dereference control parsing code to use this as a
helper function.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Whenever we pass a DN to the LDAP server, we now use
ldb_dn_get_extended_linearized(). This allows us to send the extended
DN if set, and therefore allows searches of the form
'<GUID=aaa45ea0-94cd-45e9-8753-abe455d9a8f1>'.
We actually use the '0' format (GUID=aaa45ea094cd45e98753abe455d9a8f1)
because it is more widely supported (by Win2k in particular).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This introduces a new set of pluggable syntax, for use on the
extended DN, and uses them when parsing the DN.
If the DN appears to be in the extended form, we no longer return the
full DN 'as is', but only return the normal part from
ldb_dn_get_linearized().
When validating/parsing the DN we validate not only the format of the
DN, but also the contents of the GUID or SID (to ensure they are
plausable).
We also have functions to set and get the extended components on the DN.
For now, extended_dn_get_linearized() returns a newly constructed and
allocated string each time.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This module is not used at the moment, but if we do use it again, we
should try to avoid duplicate lists.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This avoids accidentily running off the end of a string, and uses a
single 'guess which type of GUID I have' algorithm.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
It seems that in 2deeb99fff1a90c79ba1927e1a069362e250a63c adding the
partition control to this request was missed out.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
ldb indexing can cause huge files, and huge memory usage. This
experiment allows us to keep indexes in memory during a transaction,
then to write the indexes to disk when the transaction completes. The
result is that the db is much smaller (we have seen improvements of
about 100x in file size) and memory usage during large transactions is
also greatly reduced
Note that this patch uses the unusual strategy of putting pointers
into a ldb (and thus into a tdb). This works because the pointers are
only there during a transaction, so the pointers are not exposed to
any other users of the database. The pointers allow us to avoid some
really bad allocation problems with tdb record allocation during the
re-indexing.
|
|
|
|
|
|
|
|
Samba 3 and Samba 4 output.
|
|
default domain name.
|
|
|
|
|
|
the dom_sid). No longer include it from security.idl.
|
|
|
|
Don't move source4 files yet to not confuse git's rename tracking too much.
|
|
|
|
re-indexing in ldb is triggered on any modification to the @ATTRIBUTES
or @INDEXLIST records. This happens to produce a worst-case
fragmentation of the database, as all @INDEX records are deleted then
re-created. By repacking after re-indexing we ensure that the database
ends up without extreme fragmentation.
|
|
The command line tools ldbadd, ldbmodify and ldbedit should operate
within a transaction to make them more efficient. The ldbadd tool in
particular is much faster when adding a large number of records if all
the adds happen within a transaction. Previously there was a
transaction per record.
|
|
|
|
previous behaviour for the 'bad bind' case.
(It is only close, not matching - Windows 2008 sends a different,
non-zero, assoc_group_id each time)
Andrew Bartlett
|
|
|
|
|
|
|
|
to ensure we get the correct error message.
Jeremy.
|
|
|
|
dom_sid.sub_auths rather than a dynamically allocated one.
This makes it possible to use the same DCE/RPC object code for Samba 3
and Samba 4's DCE/RPC parsers and allows copying sids more easily
(since they no longer contain any pointers). The cost of having additional
manual marshalling code is limited (~35 additional lines of C code).
|
|
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
are given).
|
|
metze
|
|
only the first one
metze
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
This schema is *NOT* licenced under a standard Free Software licence,
but does provide us the freedoms we need to use the schema, and the
requirement to distribute as 'part of an implemenation' is similar to
common Free font licences that are accepted by major linux distributions.
Andrew Bartlett
|
|
torture test
This second patch fixes the deltest17 BASE-DELETE torture test to pass
against win2k3/win2k8/winXPsp2
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
metze
|
|
This fixes bug #5878.
metze
|
|
call->context needs to be valid.
metze
|
|
This helps the openchange mapiproxy plugin to work correctly.
metze
|
