| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Subclass support was designed to avoid needing to spell out the full
list of objectClasses that an entry was in. However, Samba4 now
enforces this restriction in the objectClass module, and the way
subclass matching was handled was complex and counter-intuitive in my
opinion (and did not match LDAP).
Andrew Bartlett
(This used to be commit f5ce04b904e14445a2a7e7f92e7e1f64b645c6f2)
|
|
rename of ldb entries for a case change (only).
I've modified the testsuite to verify this.
Andrew Bartlett
(This used to be commit 9cccd00dac44dd9152ec03cecf5ffac24f918445)
|
|
The module is scary: On a rename, it does a search for all entries
under that entry (including itself), and fires off a seperate rename
call for each result. This will fail miserably on an LDAP backend,
but I'll need to work on using hdb for OpenLDAP, and hope Fedora DS
can implement subtree renames at some point.
Andrew Bartlett
(This used to be commit 13908a8cb4dd810503213203efb8d51f77f1f379)
|
|
to test the behaviour of objectCategory=user searches.
It turns out (thanks to a hint on
http://blog.joeware.net/2005/12/08/147/) that objectCategory=user maps
into objectCategory=CN=Person,... (by the defaultObjectCategory of
that objectclass).
Simplify the entryUUID module by using the fact that we now set the DN
as the canoncical form of objectCategory.
Andrew Bartlett
(This used to be commit b474be9507df51982a604289215bb1868124fc24)
|
|
Computers).
We now generate a security descriptor for each object, when it is
created. This seems to keep MMC happy. The next step is to honour
it.
Andrew Bartlett
(This used to be commit 72f4ae82463c5c1f9f6b7f18f125c4c8fb56ae4f)
|
|
than using templates.
Modify the samba3sam test to be less fussy, and not use the
objectclass module (which requires proper schema stuff now).
Andrew Bartlett
(This used to be commit 53c248c2645e86fbc8720860aed92a479483b528)
|
|
on this error code, but allow both for now).
Also prove that bug #4829 needs a different solution: we can't fix
this by changing the template. I think this fix needs to be in the
SAMR server.
Andrew Bartlett
(This used to be commit c3554e3ee79cdb15f05e7968ccde62c086748c80)
|
|
test to prove the behaviour of LDAP renames etc.
Fix LDB to return correct error code when failing to rename one DN
onto another.
Andrew Bartlett
(This used to be commit 3f3da9c4710b7752ed97f55c2fc3d32a63d352af)
|
|
We can't ever allow duplicates, even if the client sends them
Andrew Bartlett
(This used to be commit 10277f27246b9e16ed36fb72eb4c318b43cb9395)
|
|
dereferencing attributes.
Fix the case to match between the attributes searched for and the ejs
element. (Fixes LDAP-backend selftest)
Andrew Bartlett
(This used to be commit 51cf66bb96e5a58693a40d920d78632ac442ca1c)
|
|
patch).
- samba3sam.js: rework the samba3sam test to not use objectCategory,
as it's has special rules (dnsName a simple match)
- ldap.js: Test the ordering of the objectClass attributes for the baseDN
- schema_init.c: Load the mayContain and mustContain (and system...) attributes when
reading the schema from ldb
- To make the schema load not suck in terms of performance, write the
schema into a static global variable
- ldif_handlers.c: Match objectCategory for equality and canonicolisation
based on the loaded schema, not simple tring manipuation
- ldb_msg.c: don't duplicate attributes when adding attributes to a list
- kludge_acl.c: return allowedAttributesEffective based on schema results
and privilages
Andrew Bartlett
(This used to be commit dcff83ebe463bc7391841f55856d7915c204d000)
|
|
schema.
Andrew Bartlett
(This used to be commit ef1899054e2532c8975d03810b52a0636d2d5f8c)
|
|
ejsnet command line utility (perhaps to be moved to utils later...)
rafal
(This used to be commit 43f9d9ba71f51007e80b340600a55fb07d89fd4c)
|
|
Andrew Bartlett
(This used to be commit 1c4d376d547df46cb036f088918562bd2493e087)
|
|
Andrew Bartlett
(This used to be commit f86d3b47850a9f3f773226807bbafd1830182c59)
|
|
partitions onto the target LDAP server.
Make the LDAP provision run before smbd starts, then stop the LDAP
server. This ensures this occurs synchronously, We then restart it
for the 'real run' (with slapd's stdin being the FIFO).
This required fixing a few things in the provision scripts, with more
containers being created via a add/modify pair.
Andrew Bartlett
(This used to be commit 860dfa4ea1ab2b62d4d4fe0644e0a9b882fdafa1)
|
|
(This used to be commit fed42cf5a359e8dcbabd82dba5b18058260ddc07)
|
|
'phantom_root' flag in the search_options control
- Add in support for LDB controls to the js layer
- Test the behaviour
- Implement support for the 'phantom_root' flag in the partitions module
- Make the LDAP server set the 'phantom_root' flag in the search_options control
- This replaces the global_catalog flag passed down as an opaque pointer
- Rework the string-format control parsing function into
ldb_parse_control_strings(), returning errors by ldb_errorstring()
method, rather than with printf to stderr
- Rework some of the ldb_control handling logic
Andrew Bartlett
(This used to be commit 2b3df7f38d7790358dbb4de1b8609bf794a351fb)
|
|
jelmer: what should this test really test?
metze
(This used to be commit c8d903b606afb5dd11b8f1048a36943db02370e0)
|
|
We were returning just true/false and discarding error number and string.
This checking probably breaks swat, will fix it in next round as swat
is what made me look into this as I had no way to get back error messages
to show to the users.
Simo.
(This used to be commit 35886b4ae68be475b0fc8b2689ca04d766661261)
|
|
default is dump everything
metze
(This used to be commit 4ceb12f5d3c750273bb6ad58cefb1fd1b47643d4)
|
|
objects
- use ${SCHEMADN} instead of CN=Schema,CN=Configuration,${BASEDN}
- do not include autogenerated values: instanceType, cn and name in the ldif output
- take care of the systemOnly attribute and a resulting NO-USER-MODIFICATION
metze
(This used to be commit 30a0e8b26e4b49927d733ac05e6032350fe22e9f)
|
|
(This used to be commit 0b7a5b7284f7820e5b2f48f40e85830243189b58)
|
|
rafal
(This used to be commit a20b05183d274a3a780ae197dc7014428739cc7a)
|
|
rafal
(This used to be commit 3cdd43ebcedfa7d1d59bd33b3bfed4e80560ec82)
|
|
rafal
(This used to be commit 2586958881f9be513e155d1e8fb9a34a8ccba3b6)
|
|
attributes to backend (remote) attributes.
We can't do a reverse mapping safely where the remote attribute may be
a source for multiple local attributes. (We end up with the wrong
attributes returned).
In doing this, I've modified the samba3sam.js test to be more
realistic, and fixed some failures in the handling of primaryGroupID.
I've added a new (private) helper function ldb_msg_remove_element() to
avoid a double lookup of the element name.
I've also re-formatted many of the function headers, to fit into
standard editor widths.
Andrew Bartlett
(This used to be commit 186766e3095e71ba716c69e681592e217a3bc420)
|
|
- and add some 'netlogon' attriubte related tests
metze
(This used to be commit d643c3cc5cd4547dbb7cead768993a9abee4e2eb)
|
|
servers
metze
(This used to be commit 463ed4c0040f52ef2b06337e122aac325ec01026)
|
|
module. I forgot to commit this last night.
Andrew Bartlett
(This used to be commit 6c5f4af01fea1e3b38d18d5b1491cb22701317cf)
|
|
(This used to be commit d062e101664a90f2f7bf0980449f920aa719ee76)
|
|
(This used to be commit 5c0451842b50e914bcc86ea59b066e86af5cae06)
|
|
Jelmer, we need to fix pidl to be able to handle the double pointers
in the ejs generated code
(This used to be commit 63760acbb7ef6bc32e82ac843adf4f0155f0cb0a)
|
|
Andrew Bartlett
(This used to be commit 5ff3f10d4fbd47419797890f87df3a50b3bb31fa)
|
|
trim duplicate may attributes
(This used to be commit 4975659fd70abdbae42ee378b7be766102f4df55)
|
|
with a nasty hack in minschema.js that I really hate
(This used to be commit 74c40719f2965e2bc055e539f0933d95df070fbf)
|
|
This commit extends the samba3sam test suite, which contains tests for
the samba3sam and ldb_map modules, with a lot of tests for inbound,
i.e. add, modify, rename and delete requests.
The tests each add a single record, modify it, rename it, and then
delete it, at each step checking that the operations were successful
and that the right data went into the right partitions.
They are run for an unmapped record, a mapped record with data only in
the remote partition, a mapped record with remote data that is later
modified to include local data, and a mapped record with data in both
the local and remote partitions.
It also adds a function to the backend objects that makes construction
of DNs for their respective partitions more comfortable.
Cheers,
Martin
(This used to be commit 1ddd06f24d71c606241863cf4fe047833c64a6d2)
|
|
and update the schema with the latest additions
(This used to be commit 09a32726111200e421b6fcacf1586bfbe6024fa6)
|
|
this version returns also oMSyntax and oMObjectClass and also
use the right value for the objects CNs
add a nasty hack to ejs' mprLdbMessage() to handle binary blobs situations
(This used to be commit 8dd1c1c05bc592d76d6e34b303048faf05c0fa6e)
|
|
Andrew Bartlett
(This used to be commit 67c9cd508ed9b28b4d605b79f6de421071177fa7)
|
|
suite, which contains tests for the samba3sam and ldb_map modules,
with a lot of tests for search requests.
The tests add a small set of known records to the database, half of
them with only remote data, half of them split across the local and
remote backends, and test searching these records by DN, by attribute
and with a range of parse trees.
This suite should be extensive enough to ensure that behaviour of
search requests doesn't break.
(This used to be commit 120f7891faf241057457db7234ce381bfe3fd847)
|
|
(This used to be commit 25cde0f7300f37fec6c4a897ba0a80a3e5c26e15)
|
|
Andrew Bartlett
(This used to be commit c2c72565e4efef44068c4f176619942f60a9cf6e)
|
|
Andrew Bartlett
(This used to be commit 1a5ade30dcdf40da8d0a6d7395f1a2e93388fca3)
|
|
Andrew Bartlett
(This used to be commit c1349cfd8d7e150489b94ccb005bfdffe88e4697)
|
|
samba3sam test cases for ldb_map, and to include this into our default
'make test'.
(This used to be commit f69a842314b3d5c57c3fa1f5b1bae3ee6d42da2b)
|
|
Martin Kühl
<mkhl@samba.org>.
Martin took over the work done last year by Jelmer, in last year's
SoC. This was a substanital task, as the the ldb modules API changed
significantly during the past year, with the addition of async calls.
This changeset reimplements and enables the ldb_map ldb module and
adapts the example module and test case, both named samba3sam, to the
implementation.
The ldb_map module supports splitting an ldb database into two parts
(called the "local" and "remote" part) and storing the data in one of
them (the remote database) in a different format while the other acts
as a fallback.
This allows ldb to e.g. store to and load data from a remote LDAP
server and present it according to the Samba4 schema while still
allowing the LDAP to present and modify its data separately.
A complex example of this is the samba3sam module (by Jelmer
Vernooij), which maps data between the samba3 and samba4 schemas.
A simpler example is given by the entryUUID module (by Andrew
Bartlett), which handles some of the differences between AD and
OpenLDAP in operational attributes. It principally maps objectGUID,
to and from entryUUID elements. This is also an example of a module
that doesn't use the local backend as fallback storage.
This merge also splits the ldb_map.c file into smaller, more
manageable parts.
(This used to be commit af2bece4d343a9f787b2e3628848b266cec2b9f0)
|
|
Andrew Bartlett
(This used to be commit eadc24ed291dcdb456139a206c6c8acf92bab6da)
|
|
This confirms that records are replicated into the correct databases,
and that the case insensitive flags really work.
Andrew Bartlett
(This used to be commit ad463c1a5243019548bdbeea3070ec2e6cbcfcdf)
|
|
partitions.
Test that we do that correctly.
Andrew Bartlett
(This used to be commit 90c07b88010b848423dee9556a24e8d181c365dd)
|
