Age | Commit message (Collapse) | Author | Files | Lines |
|
This reverts commit 53ef426e6f68728763436bd0cd3dd91180c00579.
As abartlet pointed out this causes to load all attributes and therefore gives
us more here than we need (only the check for the DN)!
|
|
|
|
my last patch was not even close ...
I'll leave abartlet to work out how to fix the test case
|
|
Andrew, can you please check this? The idmap.setup_name_mapping tests
look totally out of place here. I'm also not sure I captured your
intention with the other changes
|
|
metze
|
|
The autoidl test is not needed now that we have IDL source
available. It also generates a lot of errors in the logs.
|
|
|
|
Hopefully this will explain a bit more whey things are done the way
that they are done.
Andrew Bartlett
|
|
The Samba4 schema code (called via
samdb.set_schema_from_ldb(schema.ldb)) manages the @ATTRIBUTES and
@INDEXLIST records, so don't wipe them early. The chances are that we
will not change them anyway.
Andrew Bartlett
|
|
|
|
This triggered a failure in the updateNow schema test, as the current
global schema was not being updated when a new schema element was
added
|
|
The expression time.strftime("%s", time.gmtime())[3:] leads to a
string with a leading 0. When added then read back from the prefix map
this leads to a different string, so it is never found.
Use the simpler str(random.randint(a,b)) expression instead
|
|
The extra filter is no use for 'testenv', as we are not running tests,
but an xterm. The filter also breaks running 'GDB_PROVISION=yes make
test', but at least if we can run 'GDB_PROVISION=yes make testenv'
then we can debug provision.
Andrew Bartlett
|
|
It is a pretty odd thing to do, and it's only because of the
restrictions of DIGEST-MD5 in Cyrus SASL that we do it.
Andrew Bartlett
|
|
Found by Oliver Liebel <oliver@itc.li>
Andrew Bartlett
|
|
Spotted by MICHAEL BROWN <mbrown@mesainc.com>
Andrew Bartlett
|
|
This makes no sense, and just causes trouble - we are aiming for
DIGEST-MD5 or NTLM.
Andrew Bartlett
|
|
|
|
This should make setting up LDAP servers more predictable.
When not specified, it is random
Andrew Bartlett
|
|
This fixes the recursive delete in erase_partitions()
For reasons I cannot understand, it is possible to get 'no such
object' trying to delete a DN I just search for without error. Oh
well...
Andrew Bartlett
|
|
Using a single transaction to both erase the bulk of the data and the
rebuild of that data means that the in-memory index list is
maintained, and not written out to disk until it is all compleated.
All the writes then occour at the end.
Andrew Bartlett
|
|
|
|
This removes a *lot* of duplicated code and the cause of much
administrator frustration. We now handle starting and stopping the
slapd (at least for the provision), and ensure that there is only one
'right' way to configure the OpenLDAP and Fedora DS backend
We now run OpenLDAP in 'cn=config' mode for online configuration.
To test what was the provision-backend code, a new --ldap-dryrun-mode
option has been added to provision. It quits the provision just
before it would start the LDAP binaries
Andrew Bartlett
|
|
(These will be added back in a future commit)
|
|
We now set these as part of the schema load, and we now load the
schema before the provision loads the DB, so setting them here is
pointless
Andrew Bartlett
|
|
This makes it possible to do a bit more of the provision with Samba
helpers, but without some of the otherwise useful things (such as
loading in the global schema) that SamDB does.
Rewrite provision_erase to use a recursive search, rather than a
looping subtree search. This is much more efficient, particularly now
we have one-level indexes enabled.
Delete the @INDEX and similar records *after* deleting all other
visible records, this hopefully also assists performance.
Andrew Bartlett
|
|
This helps ensure we don't load the schema too often in the provision
(allowing a reference in of the schema before the modules load).
Andrew Bartlett
|
|
We need to find a better way to apply this (used in the Fedora DS LDAP
backend), not by trying to tunnel this down the module stack.
Andrew Bartlett
|
|
This allows us to load the schema against one ldb context, but apply
it to another. This will be useful in the provision script, as we
need the schema before we start the LDAP server backend.
Adnrew Bartlett
|
|
|
|
|
|
Either the username or the filter are allowed. If both are given the filter is
going to be used due to a higher precedence.
|
|
|
|
one-line wrapper)
|
|
With the previous check I got random failures when trying to connect to the
LDAP server.
|
|
This corrects commit 7a82aed71b74af8bc2a8a4381541adbb22452d20. The
steal did not set ent->attributes, so it was incorrect to assign to
ent->attributes.
Andrew Bartlett
|
|
This talloc_steal also conflicts with the ldb_map code, and like the
previous commit, is rudundent given the talloc_steal of the whole msg
above.
Andrew Bartlett
|
|
There may or may not be a need to take a reference to the 'name' in
the ldb_map code, but given we seal the whole msg just above here, it
makes no senst to steal the name, but not the values.
Andrew Bartlett
|
|
I want to use this in source3/smbd/
metze
|
|
This will hold code that's shared between source3 and source4.
metze
|
|
|
|
|
|
Tests for the right behaviour of this introduced constructed attribute.
Since we don't support the read-only-ness of those attributes yet, I commented
some lines out.
Also I had to add a function for python which converts domain SIDs in RIDs.
And a small fix for the "groupType" test.
|
|
|
|
This moves the "operational" LDB module to the right place under "dsdb/samdb/ldb_modules"
(suggested by abartlet) and enhances it for supporting dynamic generated
"primaryGroupToken" for AD groups. This should fix bug #6466.
|
|
This fixes the problem with the setting and getting of the "minPwdAge" and
"maxPwdAge" attributes. I wanted to handle them in days but forgot to add
conversions (from "ticks" (tenth of microsecond) -> "days" and backwards).
|
|
the last unlink
Through a suggestion pointed out in bug #6622 the test file sometimes doesn't exist on
the last turn anymore. So we haven't to fail here since it could have been deleted by
a concurrent process (e.g. when the same test runs multiple times). Therefore also
NT_STATUS_OBJECT_NAME_NOT_FOUND is an acceptable result.
|
|
This commit includes:
- Additional static object data in SAMBA 4's AD to start supporting of
- forest updates, - lost and found, - quotas on DS, - physical locations,
- licensing of sites, - subnets, - policies for WMI, - DNS entries in AD
- Reordering of provision*.ldif files to be able to find entries and make future
additions easier
- Add comments in provision*.ldif files to point out where subentries are located
when they are based in other LDIFs
- Removations of autogenerated "cn" attributes
|
|
|
|
|