| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This adds some extra information to the failure message, to chase down
which test is failing.
Andrew Bartlett
(This used to be commit 281bc76d3d7605f18ee914cf01dbf09062f5a5f0)
|
|
things that we will create later.
Andrew Bartlett
(This used to be commit 9b47b551a3762590fefa5308310d91c6d8b378e5)
|
|
Untested code is broken code, so rework the module until it passes...
It turns out that AD puts search attributes onto the wire in the
reverse order to what Samba does. This complicates exact value
matching, so this is skipped for now.
Andrew Bartlett
(This used to be commit 91bcb60d31d54e52128d5bd107df4ceb87389889)
|
|
Andrew Bartlett
(This used to be commit 11c153163c359fd07402daa61b93872387e12568)
|
|
errors that occour.
Andrew Bartlett
(This used to be commit bf5b2f467f57528aa64d4af0e68ef2dffd00f8f6)
|
|
incoming LDAP filter.
Warning: Any anr search will perform a full index search. Untill ldb
gets substring indexes, this is unavoidable.
Also implement a testsutie to show we match AD behaviour for this
important extension (used in the Active Directory Users and Computers
MMC plugin, as a genereral 'find').
This will also be useful to OpenChange, as their server needs to
implement this.
Andrew Bartlett
(This used to be commit 044b50947254ccd516c21cb156ab60ab9e3a582d)
|
|
modifications, and then extend our implementation to match.
Andrew Bartlett
(This used to be commit 65d17f0ad7ead438333abcccb0bd56b038ffb88e)
|
|
implement these in the simple ldap mapping module.
We still don't pass this test, because we must get linked attributes
into OpenLDAP.
Andrew Bartlett
(This used to be commit d41f34e979bb119f71ab3cc2fdb3c08e4b92849c)
|
|
Andrew Bartlett
(This used to be commit e178df4a180e7ce3eba1a14fb45b2fcc582f06c3)
|
|
invalid entries with a linked attribute.
Make Samba4 pass that test, by fixing a silly bug in the
linked_attributes module. (By passing down the 'original' request
structure, tdb would override our handle, and therefore we would never
be called for the 'wait', which collects the errors).
Fix up the provision templates to handle the newly required
referential integrity.
Andrew Bartlett
(This used to be commit 0377d85bbdcb2c4f110b0519005f0d1d10bc0c0b)
|
|
them any more group memberships.
Andrew Bartlett
(This used to be commit c805934017af2c983b31738cb888103a5f972fdc)
|
|
linked_attributs code.
This drasticly reduces the code duplication here.
Andrew Bartlett
(This used to be commit c66e188e6729a8e12854017d62067b4ae4a23af8)
|
|
including when we delete members from the DB.
Andrew Bartlett
(This used to be commit 2c95274e257da1d392a8a91bc291debc41c18f30)
|
|
Andrew Bartlett
(This used to be commit 56d9dd5140b6d7d7bbaa2f59ecdff7ee70c4faac)
|
|
the objectclass module.
Andrew Bartlett
(This used to be commit 16a292fcb134adec110cbc4c8f0fb03323750a45)
|
|
This prevents CN=test,dc=samba,dc=example,dc=com being renamed into
CN=test2,cn=test,dc=samba,dc=example,dc=com
Andrew Bartlett
(This used to be commit 958a92ed0c6bee19d8b86df7c66330d2bba23e46)
|
|
Andrew Bartlett
(This used to be commit 0019596b715f888e7b7dbd71de832c6e2941c625)
|
|
This patch is to ensure that all attributes are in the same case as
the schema specifies. In the process, I ensure that all attributes
are indeed in the schema.
This ensures we use the schema case, not the user supplied case for
future responses, which assists any (incorrect, but possible) case
sensitive processing on a client.
I've also removed more of the subtle 'schema &&' that metze objected
to in the for loops, moving to a much more explicit 'if (schema)'.
Andrew Bartlett
(This used to be commit bfc96fff063e7cc278755c043b9da0ed4b75a615)
|
|
The aim here is to ensure that if we have
CN=Users,DC=samba,DC=example,DC=com
that we cannot have a DN of the form
cn=admin ,cn=useRS,DC=samba,DC=example,DC=com
This module pulls apart the DN, fixes up the relative DN part, and
searches for the parent to copy the base from.
I've used the objectclass module, as I intend to also validate the
placement of child objects, by reading the allowedChildClasses virtual
attribute.
In the future, I'll also force the attribute names to be consistant
(using the case from the schema).
Andrew Bartlett
(This used to be commit c0a0c69ac5a81cfcb7c7d5ba38db59f8686c30ab)
|
|
case an oddity of the javascript caused the test to 'pass'.
For the same oddity, we have a failure in ldb's handling of spaces in
DNs. We need to resolve that too.
Andrew Bartlett
(This used to be commit e8cbac1a46f4d3b083e6bb5a509ef1ba47bebff1)
|
|
The module is scary: On a rename, it does a search for all entries
under that entry (including itself), and fires off a seperate rename
call for each result. This will fail miserably on an LDAP backend,
but I'll need to work on using hdb for OpenLDAP, and hope Fedora DS
can implement subtree renames at some point.
Andrew Bartlett
(This used to be commit 13908a8cb4dd810503213203efb8d51f77f1f379)
|
|
to test the behaviour of objectCategory=user searches.
It turns out (thanks to a hint on
http://blog.joeware.net/2005/12/08/147/) that objectCategory=user maps
into objectCategory=CN=Person,... (by the defaultObjectCategory of
that objectclass).
Simplify the entryUUID module by using the fact that we now set the DN
as the canoncical form of objectCategory.
Andrew Bartlett
(This used to be commit b474be9507df51982a604289215bb1868124fc24)
|
|
Computers).
We now generate a security descriptor for each object, when it is
created. This seems to keep MMC happy. The next step is to honour
it.
Andrew Bartlett
(This used to be commit 72f4ae82463c5c1f9f6b7f18f125c4c8fb56ae4f)
|
|
on this error code, but allow both for now).
Also prove that bug #4829 needs a different solution: we can't fix
this by changing the template. I think this fix needs to be in the
SAMR server.
Andrew Bartlett
(This used to be commit c3554e3ee79cdb15f05e7968ccde62c086748c80)
|
|
test to prove the behaviour of LDAP renames etc.
Fix LDB to return correct error code when failing to rename one DN
onto another.
Andrew Bartlett
(This used to be commit 3f3da9c4710b7752ed97f55c2fc3d32a63d352af)
|
|
We can't ever allow duplicates, even if the client sends them
Andrew Bartlett
(This used to be commit 10277f27246b9e16ed36fb72eb4c318b43cb9395)
|
|
dereferencing attributes.
Fix the case to match between the attributes searched for and the ejs
element. (Fixes LDAP-backend selftest)
Andrew Bartlett
(This used to be commit 51cf66bb96e5a58693a40d920d78632ac442ca1c)
|
|
patch).
- samba3sam.js: rework the samba3sam test to not use objectCategory,
as it's has special rules (dnsName a simple match)
- ldap.js: Test the ordering of the objectClass attributes for the baseDN
- schema_init.c: Load the mayContain and mustContain (and system...) attributes when
reading the schema from ldb
- To make the schema load not suck in terms of performance, write the
schema into a static global variable
- ldif_handlers.c: Match objectCategory for equality and canonicolisation
based on the loaded schema, not simple tring manipuation
- ldb_msg.c: don't duplicate attributes when adding attributes to a list
- kludge_acl.c: return allowedAttributesEffective based on schema results
and privilages
Andrew Bartlett
(This used to be commit dcff83ebe463bc7391841f55856d7915c204d000)
|
|
Andrew Bartlett
(This used to be commit f86d3b47850a9f3f773226807bbafd1830182c59)
|
|
(This used to be commit fed42cf5a359e8dcbabd82dba5b18058260ddc07)
|
|
'phantom_root' flag in the search_options control
- Add in support for LDB controls to the js layer
- Test the behaviour
- Implement support for the 'phantom_root' flag in the partitions module
- Make the LDAP server set the 'phantom_root' flag in the search_options control
- This replaces the global_catalog flag passed down as an opaque pointer
- Rework the string-format control parsing function into
ldb_parse_control_strings(), returning errors by ldb_errorstring()
method, rather than with printf to stderr
- Rework some of the ldb_control handling logic
Andrew Bartlett
(This used to be commit 2b3df7f38d7790358dbb4de1b8609bf794a351fb)
|
|
We were returning just true/false and discarding error number and string.
This checking probably breaks swat, will fix it in next round as swat
is what made me look into this as I had no way to get back error messages
to show to the users.
Simo.
(This used to be commit 35886b4ae68be475b0fc8b2689ca04d766661261)
|
|
- and add some 'netlogon' attriubte related tests
metze
(This used to be commit d643c3cc5cd4547dbb7cead768993a9abee4e2eb)
|
|
servers
metze
(This used to be commit 463ed4c0040f52ef2b06337e122aac325ec01026)
|
|
Andrew Bartlett
(This used to be commit eadc24ed291dcdb456139a206c6c8acf92bab6da)
|
|
commented out until we fix some more things on our server.
Andrew Bartlett
(This used to be commit ac9d3cb5b004ef1f8e06537634f8f5c33b6c0965)
|
|
Andrew Bartlett
(This used to be commit 0201f0df3f3768f0d831c84c573b27bff58d00c6)
|
|
Unfortunetly this didn't find the wildcard bug, but at least it tests
something...
Andrew Bartlett
(This used to be commit f763970caf37a9191abd9c40f297c3f413fe9a56)
|
|
Andrew Bartlett
(This used to be commit 52b4e83a1c2cd47bf2f8b6d65419dae12631725a)
|
|
both fully qualified and in the 'short' form. Now we test and support
this query format.
Andrew Bartlett
(This used to be commit 9ddcfacbcedc5eea2730d4bf902c0fcd02bcfa11)
|
|
things.
With this fix, we now correctly detect computers again, and get the
correct objectCategory, which is important for the OSX AD plugin.
Andrew Bartlett
(This used to be commit 4e39d7bb245bc337ac496c7e39a510d1c5611c71)
|
|
Add a test to show that we need this, and to prove it works (for add
at least).
Andrew Bartlett
(This used to be commit f72079029abb594677bf8c2b63e40c07e910004f)
|
|
(This used to be commit 7ddec83a602372765711bff7207657b73922aaea)
|
|
This updates the module to handle both SID allocation and nextRid
updating while importing users. (As imported users already have a
SID, so don't go via the allocation step). We also ensure that SIDs
in the database are unquie at create time.
Furthermore, at allocation time, we double-check the SID isn't already
in use, and that we don't create a foriegnSecurityPrincipal for a
'local' sid.
Also create random samAccountName entries for users without one (we
were setting $000000-000000000000).
We may want to seperate the uniqueness code from the rest of samldb,
and into a module with the objectguid code, which needs similar
checks. These checks also need to apply to modification, or those
modifications denied outright.
Also update part of the testsuite to validate this.
Andrew Bartlett
(This used to be commit 7a9c8eee4bea88f5f0bb7c62f701476384b7dc84)
|
|
(This used to be commit f4f99f9af33699ac8fe43b09fa7542aab72a031a)
|
|
syntax. Mimir, its
a good idea to use grep -r to find places that need fixing when you change the syntax of
a call :-)
(This used to be commit 1ead49f8e823a69dbd9cd3df3f5be04dc17e0d1f)
|
|
(This used to be commit 3a1c6a176ed37b4d696dab52b2f2e8ce5b681ff5)
|
|
(This used to be commit bdca9537a260369a53cbb286642db86bc3ea0828)
|
|
dn: cn=foo,ou=bar
objectClass: person
implies
dn: cn=foo,ou=bar
objectClass: person
cn: foo
(as well as a pile more default attributes)
We also correct the case in the attirbute to match that in the DN
(win2k3 behaviour) and I have a testsuite (in ejs) to prove it.
This module also found a bug in our provision.ldif, so and reduces
code complexity in the samdb module.
Andrew Bartlett
(This used to be commit 0cc58f5c3cce12341ad0f7a90cdd85a3fab786b3)
|
