IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
allow the objectclass module to reconstruct the objectclass hierarchy,
rather than using templates.
The issue being fixed in particular is that 'top' was not being set on
containers.
This should ensure we do this right for all objects.
Andrew Bartlett
The module is scary: On a rename, it does a search for all entries
under that entry (including itself), and fires off a seperate rename
call for each result. This will fail miserably on an LDAP backend,
but I'll need to work on using hdb for OpenLDAP, and hope Fedora DS
can implement subtree renames at some point.
Andrew Bartlett
<mwallnoefer@yahoo.de> noticing that:
> The error was caused by info1 that is'nt talloced but rather static.
In fact, no caller supplies info1 as a valid talloc context - other
callers supply an element into the array.
Andrew Bartlett
with a patch from Andrew Kroeger <andrew@sprocks.gotdns.com>.
The changes to samldb_fill_foreignSecurityPrincipal_object() look much
larger then they are: We just skip all the objectSid generation if the
SID is supplied.
By providing a few more objects, standard dialogs on the clients are
better behaved, for these 'well known' users.
Andrew Bartlett
> When you change to the SAMBA private directory on a shell (default
> /usr/local/samba/private) and start there for example ldbedit with the sam.ldb,
> the application crashes if you don't put the "./" before the filename.
I've adapted Matthias's patch.
Andrew Bartlett
machine accounts are not subject to password policy in Win2k3 R2 (at
least in terms of password quality).
In testing this, I found that Win2k3 R2 has changed the way the old
ChangePassword RPC call is handled - the 'cross-checks' between new LM
and NT passwords are not required.
Andrew Bartlett
to test the behaviour of objectCategory=user searches.
It turns out (thanks to a hint on
http://blog.joeware.net/2005/12/08/147/) that objectCategory=user maps
into objectCategory=CN=Person,... (by the defaultObjectCategory of
that objectclass).
Simplify the entryUUID module by using the fact that we now set the DN
as the canoncical form of objectCategory.
Andrew Bartlett
Computers).
We now generate a security descriptor for each object, when it is
created. This seems to keep MMC happy. The next step is to honour
it.
Andrew Bartlett
include the attribute allowedChildClassesEffective for MMC to allow
the creation of containers.
This may need further refinement, but it seems to work for now.
Andrew Bartlett
This patch prevents non-root and non-administrator users from running
the provision, upgrade and vampire pages. *I think* the rest of SWAT
is LDB operations, or otherwise authenticated, so we should now be
secure.
I wish I had a better way to 'prove' we got this right, but this is better than nothing, and moves us closer to an alpha.
Andrew Bartlett
This includes some of the original ildap ldap client API. ldb
provides a much easier abstraction on this to use, and doesn't use
these functions.
Andrew Bartlett
When we set up the schema, we don't have a partitions container yet.
The LDAP error differs from that given by LDB, so I think we still
have some conformance work to do.
Andrew Bartlett
- samba3sam.js: rework the samba3sam test to not use objectCategory,
as it's has special rules (dnsName a simple match)
- ldap.js: Test the ordering of the objectClass attributes for the baseDN
- schema_init.c: Load the mayContain and mustContain (and system...) attributes when
reading the schema from ldb
- To make the schema load not suck in terms of performance, write the
schema into a static global variable
- ldif_handlers.c: Match objectCategory for equality and canonicolisation
based on the loaded schema, not simple tring manipuation
- ldb_msg.c: don't duplicate attributes when adding attributes to a list
- kludge_acl.c: return allowedAttributesEffective based on schema results
and privilages
Andrew Bartlett
loaded from ldif files. The first file should contain
the info's about the 'prefixMap' attribute in the first ldif chunk.
The 2nd file should contain all attributes and classes.
metze
* Change license to LGPL, so it can be used by non-Samba users of
LDB (cleared with Martin as well).
* Include ldb_map in standalone build.
* Move ldb_map to its own directory
