| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
- Revert a change introduced by me since I didn't understood the meaning of the
version check
- Added some "const" to suppress compiler warnings
|
|
|
|
|
|
- Add/change "wellKnownObjects" attributes
- Order entries in "provision_basedn_modify.ldif"
- Add/change "delete entries" object under BASEDN and CONFIGDN
- Fix default version number of "Default domain policy" group policy
- Add "domain updates" objects for interoperability with MS AD maintaining tools
- Show version number in the "oEMInformation" attribute (suggested by ekacnet)
- Smaller fixups
|
|
Additional notes:
- Bump the level to Windows Server 2008 R2 (we should support always the latest
version - if we provision ourself)
- In "descriptor.c" the check for the "domainFunctionality" level shouldn't be
needed: ACL owner groups (not owner user) are supported since Windows 2000
Server (first AD edition)
- I took the argument from: http://support.microsoft.com/kb/329194
|
|
- Introduce the "userAccountControl", "groupType" and "sAMAccountType" flags
- Corrects the "domain/forestFunctionality" and "domainControllerFunctionality" flags
|
|
permissions - Reset them
|
|
|
|
|
|
Guenther
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Nadezhda Ivanova <nadezhda.ivanova@postpath.com>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This code eventually calls into mk_priv in the Heimdal code, and if
the client is behind NAT, or somehow has an odd idea about it's own
network addresses, it will fail to accept this packet if we set an
address. It seems easiser not to. (Found by testing with NetAPP at
plugfest)
Andrew Bartlett
|
|
Testing against NetAPP showed that clients can object to being told a
larger max xmit fragment size than they negotiated. Choose the
minimum of the server and client values.
Andrew Bartlett
|
|
|
|
When a partition is first created it still needs a uSNHighest value
|
|
This prepares support for HMAC-SHA256/AES.
metze
|
|
This uses async RPC forwarding for the DsReplicaSync call
|
|
dcesrv_irpc_forward_rpc_call() can be used to forward an arbitrary RPC
request to another task in Samba4, with the return being handled
asynchronously.
This is useful for forwarding DRS requests to the repl or kcc tasks
|
|
The key DRS calls should only be allowed by administrators or domain
controllers
|
|
This will be used as a simple way to lock down DRS replication to
administrators and domain controllers
|
|
When they are of the form of OIDs
|
|
It is useful to be able to control the 2 phase commit from application
code (s4 replication uses it)
|
|
When we replicate from a remote DC, we need to note the new uSN that
the local changes have resulted in, and modify the uSN that the notify
task uses to determine if it should send a ReplicaSync message back to
the remote DC. Otherwise we end up always triggering a ReplicaSync
every time we replicate from another DC
|
|
The getncchanges uSN is in our local space, so we must compare it to
the local_usn in replPropertyMetaData
|
|
we were setting local_usn after the marshall, so it wasn't going into
the object
|
|
Using DLIST_ADD_END() to construct a long list is very inefficient (it
is O(n^2). These lists are not ordered, so using DLIST_ADD() is much
better.
|
|
When doing an indexed search if we hit a corrupt record we abandoned
the indexed search and did a full search. The problem was that we
might have sent some records to the caller already, which means the
caller ended up with duplicate records. Fix this by returning a search
error if indexing returns an error and we have given any records to
the caller.
|
|
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
In time, this should avoid the astounding (order) complexity of the
objectclass sorting in objectclass.c eventually.
Andrew Bartlett
|
|
This starts the process to have Samba4 use lmhosts.
Andrew Bartlett
|
|
metze
|
|
We don't do well (even just trying to create duplicate
servicePrincipalName values) with some of these combinations, so kill
it off early before the administrator thinks it's going to work.
Andrew Bartlett
|
|
This script can be used to upgrade a provision that didn't integrate extended dn.
It can also be used to add missing extended DN that weren't created during provision.
|
|
Ensure we don't regress.
Jeremy.
|
|
On a rename we need to update uSNChanged, and the max uSN for the
partition
|
|
a rename may have no attribute changes
|
|
We could get a double free with multiple linked attributes in a
message
|
|
Windows does not seem to be always setting up repsTo using
DsUpdateRefs(). For now we will fall back to using repsFrom if repsTo
is empty. This is almost certainly incorrect, but it does get
notification based replication working with both w2k3 and w2k8.
|
|
(#6722)
|
|
Michael
|
|
We need to create the header file before we generate the source file.
metze
|
|
The issue was that we referenced an asn1compile generated file by
name, not by the subsystem is was generated by.
Andrew Bartlett
|
|
This new option avoids a lot of code that was used to intuit what
files would be output by the compiler.
Andrew Bartlett
|
|
The dreplsrv_notify code checks the partition uSN values every N
seconds, and if one has changed then it sends a DsReplicaSync to all
the replication partners listed in the repsTo attribute for the
partition.
|
