IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- use "sambaPassword" only as virtual attribute for passing
the cleartext password (in unix charset) into the ldb layer
- store des-cbc-crc, des-cbc-md5 keys in the Primary:Kerberos
blob to match w2k and w2k3
- aes key support is disabled by default, as we don't know
exacly how longhorn stores them. use password_hash:create_aes_key=yes
to force creation of them.
- store the cleartext password in the Primary:CLEARTEXT blob
if configured
TODO:
- find out how longhorn stores aes keys
- find out how the Primary:WDigest blob needs to be constructed
(not supported by w2k)
metze
"ntPwdHash" => "unicodePwd"
"lmPwdHash" => "dBCSPwd"
"sambaLMPwdHistory" => "lmPwdHistory"
"sambaNTPwdHistory" => "ntPwdHistory"
Note: you need to reprovision after this change!
metze
we can use such a filter:-)
we should only update the keytab for records matching this filter,
that means we need to do a search before calling cli_credentials_set_secrets()
metze
them as a hook on ldb modify, via a module.
This should allow the secrets.ldb to be edited by the admin, and to
have things update in the on-disk keytab just as an in-memory keytab
would.
This isn't really a dsdb plugin, but I don't have any other good ideas
about where to put it.
Andrew Bartlett
there're a few things TODO, but it's a good start
we need to research if an originating change causes the replUpToDateVector
attribute to change...(I assume it, but needs testing)
metze
we'll soon pass this down as DSDB_CONTROL_CURRENT_PARTITION_OID control
so that the repl_meta_data module knows where to update the replUpToDateVector
attribute
metze
the merging of existing objects is not implemented yet...
there are a few ifdef REPLMD_FULL_ASYNC because we need to workarouns
ldb's async infrastructure (which don't handle full async sub requests nicely)
metze
- by default the operations goes to all partitions
- but some wellkown ones will go to just one partition
(DSDB_EXTENDED_REPLICATED_OBJECTS_OID for now)
I'll soon change the partitions module so that it'll attach a
DSDB_CONTROL_PARTITION_CONTEXT_OID control to give
the repl_meta_data or other partition specific modules a chance to
to know for which partition it should work.
metze
when applying replicated objects.
the samldb module ignores such requests now...
and the repl_meta_data module has different functions
for the replicated and originating cases...
metze
But this is currently needed to make regpatch linking in
the dsdb/schema/schema_*.o object files.
the problem is that the linker doesn't find any references to public symbols
in this files and removes them from the link list.
gnu ld has a --whole-archive option, but it seems to be not portable...
I think the solution with prelinking using 'ld -r' to create one object file
for a subsystem instead of using 'ar -rcs' to create an archive for a subsystem...
jelmer: any ideas about this problem?
metze
