Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
The schema needs to be loaded above the extended_dn_out modules as
otherwise we don't get an extended DN in the search results.
The reference split is to ensure we create references after the
objects they reference exist.
Andrew Bartlett
|
|
This makes these full extended DNs, so we set the right values into
the database, even before we actually set the schema objects
themselves.
Andrew Bartlett
|
|
It is important to always ensure that this attribute has an extended
DN if the rest of the database stores things that way.
The knowlege of what format the DN is stored on disk with is passed
around in an LDB opaque.
Andrew Bartlett
|
|
This is needed to then create extended DNs with GUID attributes in
them, when importing from the LDIF
Andrew Bartlett
|
|
The load of defaultObjectCategory as an extended DN means we need to
use the common parsing functions I just split out, rather than the
GET_DS_DN macro.
The objectGUIDs are loaded so that we can create the extended DN when
we load from LDIF (and are loaded for the other cases for
consistency).
Also adapt callers to API changes needed for common parsing code
Andrew Bartlett
|
|
This loads the defaultObjectCategory DN as an extended DN, so we can
apply it, with the associated GUID, when setting this on records in
the objectClass module.
Previously we would not store the extended DN components for
objectCategory.
Andrew Bartlett
|
|
This should make it easier to call this function from the DRS schema
load code, rather than duplicate it.
(we may do the same with other functions in future).
Andrew Bartlett
|
|
These flags, also on dsdb_module_search_dn() allow us to add commonly
set controls to this pre-packaged blocking search, without rebuilding
the whole function in each caller.
Andrew Bartlett
|
|
- Add more "\n" to make sure that error messages are displayed immediately
- Add a "NULL" in a attribute list
|
|
"lDAPDisplayName" generator"
This reverts commit df95d5c29292968b465bff24c3cf78800677a4d4.
abartlet pointed out in a post on the samba-technical list that this isn't
necessary at all (lDAPDisplayName normalisation algorithm). Rather it breaks
functionality of the replication.
|
|
(If they are not, then due to the async code, they will cause a segfault as they reference a reclaimed portion of the stack).
Andrew Bartlett
|
|
|
|
Fixed sd creation not working on LDAP modify.
Fixed incorrect replacement of CO and CG.
Fixed incorrect access check on modify for SD modification.
Fixed failing sec_descriptor test and enabled it.
Fixed failing sd add test in ldap.python
|
|
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
This specifically fixes a problem showing extra bytes of garbage in list and
print in regshell, even though the vk.data_length has the correct size.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
Fixed some expected owners and groups.
Signed-off-by: Nadezhda Ivanova <nadezhda.ivanova@postpath.com>
|
|
So the converted DN will be freed after usage.
|
|
Don't add only a new objectclass but also a new attribute. Plus let now the
server itself calculate the "lDAPDisplayName" attribute and compare the result.
|
|
"lDAPDisplayName" generator
Also here we've to be sure to generate the attribute correctly if it doesn't
exist yet.
|
|
This missing support found by Microsoft test suite at AD interop event.
Patch by Andrew Bartlett
Enhancements by Matthias Dieter Wallnöfer
|
|
This is needed for the SAMLDB module enhancement regarding schema objects.
The algorithm in pseudo code is located in MS-ADTS 3.1.1.2.3.4.
|
|
I think those parts should be deactivated since they're result set checks for
lookups which are commented out already.
|
|
I implemented the DsExecuteKCC() handling code on kccsrv_execute_kcc().
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
We should be able to rebuild these, but a cp is easier :-)
|
|
9291fd2d101f3eecec550178634faa94ead3e9a1)
|
|
290db8d23647a27c39b97c189a0b2ef6ec21ca69)
|
|
a \n is sometimes allowed in AD (eg in deleted DNs). Until we know
when is really is allowed, treat it as a warning only.
|
|
The DN escape function was using the form \c where c is any
character. The unescape function was using \XX where XX is a 2 digit
hex number. The asymmetry led to quite a few problems when we start to
deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The
result was a DN that was not accessible.
This patch changes the escaping to follow RFC2253 much more
closely. We accept either type of escape, and produce the two types of
escape, depending on the character being escaped
|
|
metze
|
|
|
|
We need to work on the provision or LDB modules to avoid DN attributes
without GUIDs (caused because the target does not exist at creation
time).
Andrew Bartlett
|
|
This patch, inspired by a patche by Endi S. Dewata
<edewata@redhat.com>, allows this control to be passed to the LDAP
backend.
Andrew Bartlett
|
|
|
|
|
|
|
|
provision() method.
|
|
|
|
|
|
The bug here was that by assuming all linked attributes were 'normal
DNs', we would miss the binary portion of DN+Binary.
This patch then has us reparse the string to determine it's GUID, for
the GUID lookup, but maintains the binary porition into the on-disk
format.
Andrew Bartlett
|
|
|
|
|
|
|
|
I'm satisfied that the task this test does is already done by the time
we map the incoming schema, and process the objects. If we have the
OID mapping wrong or incomplete, we will get any errors this test
found errors there.
(And this dramaticly reduces the test time, so we can now add
RPC-DSSYNC to 'make test').
Andrew Bartlett
|
|
This is done by comparing the values against the remote host's LDAP
server.
Andrew Bartlett
|
|
|
|
(These are deliberately there in DRS replication).
Andrew Bartlett
|