| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
this allows accounts (and in particular RODCs) to make SPN updates on
their own account if they take the form SERVICE/hostname
we may be able to remove this in the future after some changes in our
ACL checking for userPrincipalName
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 8 08:45:16 UTC 2010 on sn-devel-104
|
|
The clock skew handling was previously only on properly wrapped
GSSAPI, and was skipped for DCE-style. This allows the ASN.1 errors
from the krb5_rd_req to suggest parsing as a kerberos error packet.
Andrew Bartlett
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 8 07:58:09 UTC 2010 on sn-devel-104
|
|
The practice of returning only NT_STATUS_INVALID_PARAMETER hasn't
helped our users to debug problems effectivly, and so we now return
more errors and try and give a more useful debug message when then
happen.
Andrew Bartlett
|
|
|
|
This delicate balance caused us a bit of a puzzle when we could not work
out why an DC join failed with the new python scripts.
Andrew Bartlett
|
|
We need a separate source dsa list for RODCs, as they are not in the
repsFrom for our partitions, but are in the repsTo. This adds a new
'notifies' list, which contains all the source dsas for the DCs that
we should send notifies to, but which we don't replicate from
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 8 06:57:43 UTC 2010 on sn-devel-104
|
|
|
|
|
|
this can happen when both the build and install paths are used to load
ldb modules
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 8 05:28:14 UTC 2010 on sn-devel-104
|
|
it may be 'Administrator' in the database, and bind match rules are
case sensitive
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 8 01:41:43 UTC 2010 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
check that object_count matches up with first_object
|
|
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Nov 7 23:32:16 UTC 2010 on sn-devel-104
|
|
|
|
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov 7 21:12:03 UTC 2010 on sn-devel-104
|
|
|
|
|
|
We need "recalculate_sd" only when no external "nTSecurityDescriptor" change
is performed. Otherwise the recalculation is performed automatically.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov 7 18:52:42 UTC 2010 on sn-devel-104
|
|
behave as in AD
- fix crash when provided "nTSecurityDescriptor" attribute is empty
- print out the correct error codes if it's provided multi-valued
- simplify the "recalculate_sd" control handling
|
|
attribute fetch also on LDB add operations
We've to completely ignore the flags in that case.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov 7 11:10:23 UTC 2010 on sn-devel-104
|
|
the "distinguishedName" one
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov 7 10:11:02 UTC 2010 on sn-devel-104
|
|
|
|
temporary "ac" context
This prevents two calls of "ldb_msg_copy_shallow".
|
|
default operation callback implementations
Only customised ones still need to remain.
|
|
For only one operation we do not need an additional "mem_ctx". "ac" should be
enough (see for example the samldb LDB module).
|
|
This check (the structural objectclass) is performed in the objectclass LDB
module.
|
|
ordinary external search operation
Referrals are valid results.
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Nov 7 01:48:44 UTC 2010 on sn-devel-104
|
|
|
|
|
|
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Nov 6 21:04:58 UTC 2010 on sn-devel-104
|
|
The "dn" shortcut isn't supported by AD.
|
|
"distinguishedName" attribute
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Nov 6 20:08:28 UTC 2010 on sn-devel-104
|
|
"distinguishedName" attribute
It uses the DN from the returned message
|
|
|
|
And remove in "ltdb_add_internal" a cache loading call which has been present
twice.
|
|
- Remove TODO comment: MS-SAMR 3.1.5.8.7 explicitly states:
"The SamrRemoveMemberFromForeignDomain method removes a member from all
aliases."
- Remove the search attributes since they aren't strictly needed.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Nov 6 18:07:57 UTC 2010 on sn-devel-104
|
|
dsdb_extended_replicated_objects_convert() already decrypts the
attributes in place.
This fixes the usage of --option="dssync:print_pwd_blobs=yes".
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Nov 6 13:30:16 UTC 2010 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sat Nov 6 04:26:45 UTC 2010 on sn-devel-104
|
|
- we need the GN/ SPN for replication.
- fixed the string form of the invocationId
- lowercase the dnshostname
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Nov 5 13:24:32 UTC 2010 on sn-devel-104
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this ensures we don't leave unnecessary attributes in returned ldb
objects
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we now keep just a list of GUIDs around between getncchanges calls,
instead of an entire db search. This makes the overhead of having a
pending getncchanges call much smaller.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
