| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
We now load the schema early enough that we can generate this too!
Andrew Bartlett
(This used to be commit 1adc74c65a3219fc110964ccdf9a9d60a84831da)
|
|
Now we verify sAMAccountType and userAccountControl, as well as rename and
DN mismatch semantics.
Andrew Bartlett
(This used to be commit 0a5fa41dd7ed76e4848fe4a779edff2a12e8ea67)
|
|
(This used to be commit 13deb25214b2711836e243a87166b63a4a87270b)
|
|
(This used to be commit 7aff2ddd8ca1ff68fc704fdb139d81d6daa51115)
|
|
Andrew Bartlett
(This used to be commit 41309dc8627e707cee226a76238b9a70d417a345)
|
|
(We may need to include more defaults in the template, but I want to
start small for now).
Andrew Bartlett
(This used to be commit a466dda118f785bf784548106637577a5e25a30e)
|
|
This adds some extra information to the failure message, to chase down
which test is failing.
Andrew Bartlett
(This used to be commit 281bc76d3d7605f18ee914cf01dbf09062f5a5f0)
|
|
things that we will create later.
Andrew Bartlett
(This used to be commit 9b47b551a3762590fefa5308310d91c6d8b378e5)
|
|
Untested code is broken code, so rework the module until it passes...
It turns out that AD puts search attributes onto the wire in the
reverse order to what Samba does. This complicates exact value
matching, so this is skipped for now.
Andrew Bartlett
(This used to be commit 91bcb60d31d54e52128d5bd107df4ceb87389889)
|
|
Andrew Bartlett
(This used to be commit 11c153163c359fd07402daa61b93872387e12568)
|
|
errors that occour.
Andrew Bartlett
(This used to be commit bf5b2f467f57528aa64d4af0e68ef2dffd00f8f6)
|
|
incoming LDAP filter.
Warning: Any anr search will perform a full index search. Untill ldb
gets substring indexes, this is unavoidable.
Also implement a testsutie to show we match AD behaviour for this
important extension (used in the Active Directory Users and Computers
MMC plugin, as a genereral 'find').
This will also be useful to OpenChange, as their server needs to
implement this.
Andrew Bartlett
(This used to be commit 044b50947254ccd516c21cb156ab60ab9e3a582d)
|
|
modifications, and then extend our implementation to match.
Andrew Bartlett
(This used to be commit 65d17f0ad7ead438333abcccb0bd56b038ffb88e)
|
|
implement these in the simple ldap mapping module.
We still don't pass this test, because we must get linked attributes
into OpenLDAP.
Andrew Bartlett
(This used to be commit d41f34e979bb119f71ab3cc2fdb3c08e4b92849c)
|
|
Andrew Bartlett
(This used to be commit e178df4a180e7ce3eba1a14fb45b2fcc582f06c3)
|
|
restrictions imposed by the samldb module.
This module is worth keeping, because when we go back to do more
extensive backend mapping, the testing of this module shows it is
still possible.
Andrew Bartlett
(This used to be commit a10d2554dc1f9b57ce2a98ea20969b3b3c8aec53)
|
|
invalid entries with a linked attribute.
Make Samba4 pass that test, by fixing a silly bug in the
linked_attributes module. (By passing down the 'original' request
structure, tdb would override our handle, and therefore we would never
be called for the 'wait', which collects the errors).
Fix up the provision templates to handle the newly required
referential integrity.
Andrew Bartlett
(This used to be commit 0377d85bbdcb2c4f110b0519005f0d1d10bc0c0b)
|
|
them any more group memberships.
Andrew Bartlett
(This used to be commit c805934017af2c983b31738cb888103a5f972fdc)
|
|
linked_attributs code.
This drasticly reduces the code duplication here.
Andrew Bartlett
(This used to be commit c66e188e6729a8e12854017d62067b4ae4a23af8)
|
|
including when we delete members from the DB.
Andrew Bartlett
(This used to be commit 2c95274e257da1d392a8a91bc291debc41c18f30)
|
|
Andrew Bartlett
(This used to be commit 56d9dd5140b6d7d7bbaa2f59ecdff7ee70c4faac)
|
|
the objectclass module.
Andrew Bartlett
(This used to be commit 16a292fcb134adec110cbc4c8f0fb03323750a45)
|
|
This prevents CN=test,dc=samba,dc=example,dc=com being renamed into
CN=test2,cn=test,dc=samba,dc=example,dc=com
Andrew Bartlett
(This used to be commit 958a92ed0c6bee19d8b86df7c66330d2bba23e46)
|
|
Andrew Bartlett
(This used to be commit 0019596b715f888e7b7dbd71de832c6e2941c625)
|
|
This patch is to ensure that all attributes are in the same case as
the schema specifies. In the process, I ensure that all attributes
are indeed in the schema.
This ensures we use the schema case, not the user supplied case for
future responses, which assists any (incorrect, but possible) case
sensitive processing on a client.
I've also removed more of the subtle 'schema &&' that metze objected
to in the for loops, moving to a much more explicit 'if (schema)'.
Andrew Bartlett
(This used to be commit bfc96fff063e7cc278755c043b9da0ed4b75a615)
|
|
restrictions.
Andrew Bartlett
(This used to be commit f3390c9054244c0e4381007b36bbac9a17800570)
|
|
The aim here is to ensure that if we have
CN=Users,DC=samba,DC=example,DC=com
that we cannot have a DN of the form
cn=admin ,cn=useRS,DC=samba,DC=example,DC=com
This module pulls apart the DN, fixes up the relative DN part, and
searches for the parent to copy the base from.
I've used the objectclass module, as I intend to also validate the
placement of child objects, by reading the allowedChildClasses virtual
attribute.
In the future, I'll also force the attribute names to be consistant
(using the case from the schema).
Andrew Bartlett
(This used to be commit c0a0c69ac5a81cfcb7c7d5ba38db59f8686c30ab)
|
|
case an oddity of the javascript caused the test to 'pass'.
For the same oddity, we have a failure in ldb's handling of spaces in
DNs. We need to resolve that too.
Andrew Bartlett
(This used to be commit e8cbac1a46f4d3b083e6bb5a509ef1ba47bebff1)
|
|
Subclass support was designed to avoid needing to spell out the full
list of objectClasses that an entry was in. However, Samba4 now
enforces this restriction in the objectClass module, and the way
subclass matching was handled was complex and counter-intuitive in my
opinion (and did not match LDAP).
Andrew Bartlett
(This used to be commit f5ce04b904e14445a2a7e7f92e7e1f64b645c6f2)
|
|
rename of ldb entries for a case change (only).
I've modified the testsuite to verify this.
Andrew Bartlett
(This used to be commit 9cccd00dac44dd9152ec03cecf5ffac24f918445)
|
|
The module is scary: On a rename, it does a search for all entries
under that entry (including itself), and fires off a seperate rename
call for each result. This will fail miserably on an LDAP backend,
but I'll need to work on using hdb for OpenLDAP, and hope Fedora DS
can implement subtree renames at some point.
Andrew Bartlett
(This used to be commit 13908a8cb4dd810503213203efb8d51f77f1f379)
|
|
to test the behaviour of objectCategory=user searches.
It turns out (thanks to a hint on
http://blog.joeware.net/2005/12/08/147/) that objectCategory=user maps
into objectCategory=CN=Person,... (by the defaultObjectCategory of
that objectclass).
Simplify the entryUUID module by using the fact that we now set the DN
as the canoncical form of objectCategory.
Andrew Bartlett
(This used to be commit b474be9507df51982a604289215bb1868124fc24)
|
|
Computers).
We now generate a security descriptor for each object, when it is
created. This seems to keep MMC happy. The next step is to honour
it.
Andrew Bartlett
(This used to be commit 72f4ae82463c5c1f9f6b7f18f125c4c8fb56ae4f)
|
|
than using templates.
Modify the samba3sam test to be less fussy, and not use the
objectclass module (which requires proper schema stuff now).
Andrew Bartlett
(This used to be commit 53c248c2645e86fbc8720860aed92a479483b528)
|
|
on this error code, but allow both for now).
Also prove that bug #4829 needs a different solution: we can't fix
this by changing the template. I think this fix needs to be in the
SAMR server.
Andrew Bartlett
(This used to be commit c3554e3ee79cdb15f05e7968ccde62c086748c80)
|
|
test to prove the behaviour of LDAP renames etc.
Fix LDB to return correct error code when failing to rename one DN
onto another.
Andrew Bartlett
(This used to be commit 3f3da9c4710b7752ed97f55c2fc3d32a63d352af)
|
|
We can't ever allow duplicates, even if the client sends them
Andrew Bartlett
(This used to be commit 10277f27246b9e16ed36fb72eb4c318b43cb9395)
|
|
dereferencing attributes.
Fix the case to match between the attributes searched for and the ejs
element. (Fixes LDAP-backend selftest)
Andrew Bartlett
(This used to be commit 51cf66bb96e5a58693a40d920d78632ac442ca1c)
|
|
patch).
- samba3sam.js: rework the samba3sam test to not use objectCategory,
as it's has special rules (dnsName a simple match)
- ldap.js: Test the ordering of the objectClass attributes for the baseDN
- schema_init.c: Load the mayContain and mustContain (and system...) attributes when
reading the schema from ldb
- To make the schema load not suck in terms of performance, write the
schema into a static global variable
- ldif_handlers.c: Match objectCategory for equality and canonicolisation
based on the loaded schema, not simple tring manipuation
- ldb_msg.c: don't duplicate attributes when adding attributes to a list
- kludge_acl.c: return allowedAttributesEffective based on schema results
and privilages
Andrew Bartlett
(This used to be commit dcff83ebe463bc7391841f55856d7915c204d000)
|
|
schema.
Andrew Bartlett
(This used to be commit ef1899054e2532c8975d03810b52a0636d2d5f8c)
|
|
ejsnet command line utility (perhaps to be moved to utils later...)
rafal
(This used to be commit 43f9d9ba71f51007e80b340600a55fb07d89fd4c)
|
|
Andrew Bartlett
(This used to be commit 1c4d376d547df46cb036f088918562bd2493e087)
|
|
Andrew Bartlett
(This used to be commit f86d3b47850a9f3f773226807bbafd1830182c59)
|
|
partitions onto the target LDAP server.
Make the LDAP provision run before smbd starts, then stop the LDAP
server. This ensures this occurs synchronously, We then restart it
for the 'real run' (with slapd's stdin being the FIFO).
This required fixing a few things in the provision scripts, with more
containers being created via a add/modify pair.
Andrew Bartlett
(This used to be commit 860dfa4ea1ab2b62d4d4fe0644e0a9b882fdafa1)
|
|
(This used to be commit fed42cf5a359e8dcbabd82dba5b18058260ddc07)
|
|
'phantom_root' flag in the search_options control
- Add in support for LDB controls to the js layer
- Test the behaviour
- Implement support for the 'phantom_root' flag in the partitions module
- Make the LDAP server set the 'phantom_root' flag in the search_options control
- This replaces the global_catalog flag passed down as an opaque pointer
- Rework the string-format control parsing function into
ldb_parse_control_strings(), returning errors by ldb_errorstring()
method, rather than with printf to stderr
- Rework some of the ldb_control handling logic
Andrew Bartlett
(This used to be commit 2b3df7f38d7790358dbb4de1b8609bf794a351fb)
|
|
jelmer: what should this test really test?
metze
(This used to be commit c8d903b606afb5dd11b8f1048a36943db02370e0)
|
|
We were returning just true/false and discarding error number and string.
This checking probably breaks swat, will fix it in next round as swat
is what made me look into this as I had no way to get back error messages
to show to the users.
Simo.
(This used to be commit 35886b4ae68be475b0fc8b2689ca04d766661261)
|
|
default is dump everything
metze
(This used to be commit 4ceb12f5d3c750273bb6ad58cefb1fd1b47643d4)
|
|
objects
- use ${SCHEMADN} instead of CN=Schema,CN=Configuration,${BASEDN}
- do not include autogenerated values: instanceType, cn and name in the ldif output
- take care of the systemOnly attribute and a resulting NO-USER-MODIFICATION
metze
(This used to be commit 30a0e8b26e4b49927d733ac05e6032350fe22e9f)
|
