IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Untested code is broken code, so rework the module until it passes...
It turns out that AD puts search attributes onto the wire in the
reverse order to what Samba does. This complicates exact value
matching, so this is skipped for now.
Andrew Bartlett
(This used to be commit 91bcb60d31)
incoming LDAP filter.
Warning: Any anr search will perform a full index search. Untill ldb
gets substring indexes, this is unavoidable.
Also implement a testsutie to show we match AD behaviour for this
important extension (used in the Active Directory Users and Computers
MMC plugin, as a genereral 'find').
This will also be useful to OpenChange, as their server needs to
implement this.
Andrew Bartlett
(This used to be commit 044b509472)
implement these in the simple ldap mapping module.
We still don't pass this test, because we must get linked attributes
into OpenLDAP.
Andrew Bartlett
(This used to be commit d41f34e979)
restrictions imposed by the samldb module.
This module is worth keeping, because when we go back to do more
extensive backend mapping, the testing of this module shows it is
still possible.
Andrew Bartlett
(This used to be commit a10d2554dc)
invalid entries with a linked attribute.
Make Samba4 pass that test, by fixing a silly bug in the
linked_attributes module. (By passing down the 'original' request
structure, tdb would override our handle, and therefore we would never
be called for the 'wait', which collects the errors).
Fix up the provision templates to handle the newly required
referential integrity.
Andrew Bartlett
(This used to be commit 0377d85bbd)
This prevents CN=test,dc=samba,dc=example,dc=com being renamed into
CN=test2,cn=test,dc=samba,dc=example,dc=com
Andrew Bartlett
(This used to be commit 958a92ed0c)
This patch is to ensure that all attributes are in the same case as
the schema specifies. In the process, I ensure that all attributes
are indeed in the schema.
This ensures we use the schema case, not the user supplied case for
future responses, which assists any (incorrect, but possible) case
sensitive processing on a client.
I've also removed more of the subtle 'schema &&' that metze objected
to in the for loops, moving to a much more explicit 'if (schema)'.
Andrew Bartlett
(This used to be commit bfc96fff06)
The aim here is to ensure that if we have
CN=Users,DC=samba,DC=example,DC=com
that we cannot have a DN of the form
cn=admin ,cn=useRS,DC=samba,DC=example,DC=com
This module pulls apart the DN, fixes up the relative DN part, and
searches for the parent to copy the base from.
I've used the objectclass module, as I intend to also validate the
placement of child objects, by reading the allowedChildClasses virtual
attribute.
In the future, I'll also force the attribute names to be consistant
(using the case from the schema).
Andrew Bartlett
(This used to be commit c0a0c69ac5)
case an oddity of the javascript caused the test to 'pass'.
For the same oddity, we have a failure in ldb's handling of spaces in
DNs. We need to resolve that too.
Andrew Bartlett
(This used to be commit e8cbac1a46)
Subclass support was designed to avoid needing to spell out the full
list of objectClasses that an entry was in. However, Samba4 now
enforces this restriction in the objectClass module, and the way
subclass matching was handled was complex and counter-intuitive in my
opinion (and did not match LDAP).
Andrew Bartlett
(This used to be commit f5ce04b904)
The module is scary: On a rename, it does a search for all entries
under that entry (including itself), and fires off a seperate rename
call for each result. This will fail miserably on an LDAP backend,
but I'll need to work on using hdb for OpenLDAP, and hope Fedora DS
can implement subtree renames at some point.
Andrew Bartlett
(This used to be commit 13908a8cb4)
to test the behaviour of objectCategory=user searches.
It turns out (thanks to a hint on
http://blog.joeware.net/2005/12/08/147/) that objectCategory=user maps
into objectCategory=CN=Person,... (by the defaultObjectCategory of
that objectclass).
Simplify the entryUUID module by using the fact that we now set the DN
as the canoncical form of objectCategory.
Andrew Bartlett
(This used to be commit b474be9507)
Computers).
We now generate a security descriptor for each object, when it is
created. This seems to keep MMC happy. The next step is to honour
it.
Andrew Bartlett
(This used to be commit 72f4ae8246)
Modify the samba3sam test to be less fussy, and not use the
objectclass module (which requires proper schema stuff now).
Andrew Bartlett
(This used to be commit 53c248c264)
on this error code, but allow both for now).
Also prove that bug #4829 needs a different solution: we can't fix
this by changing the template. I think this fix needs to be in the
SAMR server.
Andrew Bartlett
(This used to be commit c3554e3ee7)
test to prove the behaviour of LDAP renames etc.
Fix LDB to return correct error code when failing to rename one DN
onto another.
Andrew Bartlett
(This used to be commit 3f3da9c471)
dereferencing attributes.
Fix the case to match between the attributes searched for and the ejs
element. (Fixes LDAP-backend selftest)
Andrew Bartlett
(This used to be commit 51cf66bb96)
- samba3sam.js: rework the samba3sam test to not use objectCategory,
as it's has special rules (dnsName a simple match)
- ldap.js: Test the ordering of the objectClass attributes for the baseDN
- schema_init.c: Load the mayContain and mustContain (and system...) attributes when
reading the schema from ldb
- To make the schema load not suck in terms of performance, write the
schema into a static global variable
- ldif_handlers.c: Match objectCategory for equality and canonicolisation
based on the loaded schema, not simple tring manipuation
- ldb_msg.c: don't duplicate attributes when adding attributes to a list
- kludge_acl.c: return allowedAttributesEffective based on schema results
and privilages
Andrew Bartlett
(This used to be commit dcff83ebe4)
partitions onto the target LDAP server.
Make the LDAP provision run before smbd starts, then stop the LDAP
server. This ensures this occurs synchronously, We then restart it
for the 'real run' (with slapd's stdin being the FIFO).
This required fixing a few things in the provision scripts, with more
containers being created via a add/modify pair.
Andrew Bartlett
(This used to be commit 860dfa4ea1)
'phantom_root' flag in the search_options control
- Add in support for LDB controls to the js layer
- Test the behaviour
- Implement support for the 'phantom_root' flag in the partitions module
- Make the LDAP server set the 'phantom_root' flag in the search_options control
- This replaces the global_catalog flag passed down as an opaque pointer
- Rework the string-format control parsing function into
ldb_parse_control_strings(), returning errors by ldb_errorstring()
method, rather than with printf to stderr
- Rework some of the ldb_control handling logic
Andrew Bartlett
(This used to be commit 2b3df7f38d)
We were returning just true/false and discarding error number and string.
This checking probably breaks swat, will fix it in next round as swat
is what made me look into this as I had no way to get back error messages
to show to the users.
Simo.
(This used to be commit 35886b4ae6)
- use ${SCHEMADN} instead of CN=Schema,CN=Configuration,${BASEDN}
- do not include autogenerated values: instanceType, cn and name in the ldif output
- take care of the systemOnly attribute and a resulting NO-USER-MODIFICATION
metze
(This used to be commit 30a0e8b26e)
attributes to backend (remote) attributes.
We can't do a reverse mapping safely where the remote attribute may be
a source for multiple local attributes. (We end up with the wrong
attributes returned).
In doing this, I've modified the samba3sam.js test to be more
realistic, and fixed some failures in the handling of primaryGroupID.
I've added a new (private) helper function ldb_msg_remove_element() to
avoid a double lookup of the element name.
I've also re-formatted many of the function headers, to fit into
standard editor widths.
Andrew Bartlett
(This used to be commit 186766e309)