Age | Commit message (Collapse) | Author | Files | Lines |
|
segfault.
Andrew Bartlett
(This used to be commit d2fe61a13a8368ceae30c6e7320c8d3d62fbc485)
|
|
This fixes up the python credentials interface in a number of areas,
with the aim of supporting '-k yes' as a command line option. (This
enables the use of kerberos).
As such, I've had to change the get_credentials call to take a
loadparm context, so that the credentials can be initialised
correctly.
The test_kinit script has been modified to prove that this continues
to work, as well as to provide greater code coverage of the kerberos
paths.
Andrew Bartlett
(This used to be commit 727ef40c2b56910028ef3c1092b8eab1bfa6ce63)
|
|
Try to provide more information to see why OpenLDAP isn't quite up to
being a Samba4 Backend.
Andrew Bartlett
(This used to be commit 89458c7d8b46cf5cf6c0dc514bb7e658f48c2adf)
|
|
We now load the schema early enough that we can generate this too!
Andrew Bartlett
(This used to be commit 1adc74c65a3219fc110964ccdf9a9d60a84831da)
|
|
Now we verify sAMAccountType and userAccountControl, as well as rename and
DN mismatch semantics.
Andrew Bartlett
(This used to be commit 0a5fa41dd7ed76e4848fe4a779edff2a12e8ea67)
|
|
(This used to be commit 716345fd38dfd8c6e610fbd6ba84c4f33e3edbb9)
|
|
(This used to be commit 05a110123df2372418e2ef2fd8f269b92054069c)
|
|
(This used to be commit 625ea49a95cbdb507ea5b191f75ffa27e25cdb90)
|
|
(This used to be commit af6484f78d273407dd9b264bc4adb33497eee48b)
|
|
(This used to be commit 13deb25214b2711836e243a87166b63a4a87270b)
|
|
(This used to be commit 7aff2ddd8ca1ff68fc704fdb139d81d6daa51115)
|
|
(This used to be commit 3f24136b56d281580410bf69841c6dece5508d17)
|
|
Andrew Bartlett
(This used to be commit 41309dc8627e707cee226a76238b9a70d417a345)
|
|
(We may need to include more defaults in the template, but I want to
start small for now).
Andrew Bartlett
(This used to be commit a466dda118f785bf784548106637577a5e25a30e)
|
|
(This used to be commit 16382999bebf158996e16219e7053ef4821550c1)
|
|
You have to define idl, call the client function
and add a server implementation.
Then you need to compile midltests.exe
and run it, it will dump the generated NDR on the
screen.
metze
(This used to be commit dc15c8833599a1cb8f51c2b5390925410cbf4e12)
|
|
This adds some extra information to the failure message, to chase down
which test is failing.
Andrew Bartlett
(This used to be commit 281bc76d3d7605f18ee914cf01dbf09062f5a5f0)
|
|
Andrew Bartlett
(This used to be commit 89053bc564f1d736da48fbe20e7f8f244b0c67fa)
|
|
things that we will create later.
Andrew Bartlett
(This used to be commit 9b47b551a3762590fefa5308310d91c6d8b378e5)
|
|
(This used to be commit 9ad2de6e9900aadc3171c5376972ce4d3ed3fb24)
|
|
blackbox.smbclient test.
(This used to be commit 1d703dcf3a888e4c8301a4f53a289ff18bf89f75)
|
|
Untested code is broken code, so rework the module until it passes...
It turns out that AD puts search attributes onto the wire in the
reverse order to what Samba does. This complicates exact value
matching, so this is skipped for now.
Andrew Bartlett
(This used to be commit 91bcb60d31d54e52128d5bd107df4ceb87389889)
|
|
Andrew Bartlett
(This used to be commit 11c153163c359fd07402daa61b93872387e12568)
|
|
errors that occour.
Andrew Bartlett
(This used to be commit bf5b2f467f57528aa64d4af0e68ef2dffd00f8f6)
|
|
incoming LDAP filter.
Warning: Any anr search will perform a full index search. Untill ldb
gets substring indexes, this is unavoidable.
Also implement a testsutie to show we match AD behaviour for this
important extension (used in the Active Directory Users and Computers
MMC plugin, as a genereral 'find').
This will also be useful to OpenChange, as their server needs to
implement this.
Andrew Bartlett
(This used to be commit 044b50947254ccd516c21cb156ab60ab9e3a582d)
|
|
MMC uses.
It appears that the control value is optional, implying type 0 responses.
Failing to parse this was causing LDAP disconnects with 'unavailable
critical extension'.
Andrew Bartlett
(This used to be commit 833dfc2f2af84c45f954e428c9ea6babf100ba92)
|
|
modifications, and then extend our implementation to match.
Andrew Bartlett
(This used to be commit 65d17f0ad7ead438333abcccb0bd56b038ffb88e)
|
|
implement these in the simple ldap mapping module.
We still don't pass this test, because we must get linked attributes
into OpenLDAP.
Andrew Bartlett
(This used to be commit d41f34e979bb119f71ab3cc2fdb3c08e4b92849c)
|
|
Andrew Bartlett
(This used to be commit e178df4a180e7ce3eba1a14fb45b2fcc582f06c3)
|
|
restrictions imposed by the samldb module.
This module is worth keeping, because when we go back to do more
extensive backend mapping, the testing of this module shows it is
still possible.
Andrew Bartlett
(This used to be commit a10d2554dc1f9b57ce2a98ea20969b3b3c8aec53)
|
|
invalid entries with a linked attribute.
Make Samba4 pass that test, by fixing a silly bug in the
linked_attributes module. (By passing down the 'original' request
structure, tdb would override our handle, and therefore we would never
be called for the 'wait', which collects the errors).
Fix up the provision templates to handle the newly required
referential integrity.
Andrew Bartlett
(This used to be commit 0377d85bbdcb2c4f110b0519005f0d1d10bc0c0b)
|
|
them any more group memberships.
Andrew Bartlett
(This used to be commit c805934017af2c983b31738cb888103a5f972fdc)
|
|
linked_attributs code.
This drasticly reduces the code duplication here.
Andrew Bartlett
(This used to be commit c66e188e6729a8e12854017d62067b4ae4a23af8)
|
|
including when we delete members from the DB.
Andrew Bartlett
(This used to be commit 2c95274e257da1d392a8a91bc291debc41c18f30)
|
|
Andrew Bartlett
(This used to be commit 56d9dd5140b6d7d7bbaa2f59ecdff7ee70c4faac)
|
|
the objectclass module.
Andrew Bartlett
(This used to be commit 16a292fcb134adec110cbc4c8f0fb03323750a45)
|
|
This prevents CN=test,dc=samba,dc=example,dc=com being renamed into
CN=test2,cn=test,dc=samba,dc=example,dc=com
Andrew Bartlett
(This used to be commit 958a92ed0c6bee19d8b86df7c66330d2bba23e46)
|
|
Andrew Bartlett
(This used to be commit 0019596b715f888e7b7dbd71de832c6e2941c625)
|
|
This patch is to ensure that all attributes are in the same case as
the schema specifies. In the process, I ensure that all attributes
are indeed in the schema.
This ensures we use the schema case, not the user supplied case for
future responses, which assists any (incorrect, but possible) case
sensitive processing on a client.
I've also removed more of the subtle 'schema &&' that metze objected
to in the for loops, moving to a much more explicit 'if (schema)'.
Andrew Bartlett
(This used to be commit bfc96fff063e7cc278755c043b9da0ed4b75a615)
|
|
restrictions.
Andrew Bartlett
(This used to be commit f3390c9054244c0e4381007b36bbac9a17800570)
|
|
The aim here is to ensure that if we have
CN=Users,DC=samba,DC=example,DC=com
that we cannot have a DN of the form
cn=admin ,cn=useRS,DC=samba,DC=example,DC=com
This module pulls apart the DN, fixes up the relative DN part, and
searches for the parent to copy the base from.
I've used the objectclass module, as I intend to also validate the
placement of child objects, by reading the allowedChildClasses virtual
attribute.
In the future, I'll also force the attribute names to be consistant
(using the case from the schema).
Andrew Bartlett
(This used to be commit c0a0c69ac5a81cfcb7c7d5ba38db59f8686c30ab)
|
|
case an oddity of the javascript caused the test to 'pass'.
For the same oddity, we have a failure in ldb's handling of spaces in
DNs. We need to resolve that too.
Andrew Bartlett
(This used to be commit e8cbac1a46f4d3b083e6bb5a509ef1ba47bebff1)
|
|
Subclass support was designed to avoid needing to spell out the full
list of objectClasses that an entry was in. However, Samba4 now
enforces this restriction in the objectClass module, and the way
subclass matching was handled was complex and counter-intuitive in my
opinion (and did not match LDAP).
Andrew Bartlett
(This used to be commit f5ce04b904e14445a2a7e7f92e7e1f64b645c6f2)
|
|
rename of ldb entries for a case change (only).
I've modified the testsuite to verify this.
Andrew Bartlett
(This used to be commit 9cccd00dac44dd9152ec03cecf5ffac24f918445)
|
|
(This used to be commit 8616bfa0ae5762ae45b8339c84b8e4ae499f5897)
|
|
The module is scary: On a rename, it does a search for all entries
under that entry (including itself), and fires off a seperate rename
call for each result. This will fail miserably on an LDAP backend,
but I'll need to work on using hdb for OpenLDAP, and hope Fedora DS
can implement subtree renames at some point.
Andrew Bartlett
(This used to be commit 13908a8cb4dd810503213203efb8d51f77f1f379)
|
|
(This used to be commit aeb2e714f22abe68f89218967a55d7abd2d04ae1)
|
|
Andrew Bartlett
(This used to be commit 9f45b5553a53d2e8a1c2643bf58fb90db8217b66)
|
|
(This used to be commit c3a138627487ec0ed5a4c4c4457df35275f4cada)
|
|
to test the behaviour of objectCategory=user searches.
It turns out (thanks to a hint on
http://blog.joeware.net/2005/12/08/147/) that objectCategory=user maps
into objectCategory=CN=Person,... (by the defaultObjectCategory of
that objectclass).
Simplify the entryUUID module by using the fact that we now set the DN
as the canoncical form of objectCategory.
Andrew Bartlett
(This used to be commit b474be9507df51982a604289215bb1868124fc24)
|