IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
incoming LDAP filter.
Warning: Any anr search will perform a full index search. Untill ldb
gets substring indexes, this is unavoidable.
Also implement a testsutie to show we match AD behaviour for this
important extension (used in the Active Directory Users and Computers
MMC plugin, as a genereral 'find').
This will also be useful to OpenChange, as their server needs to
implement this.
Andrew Bartlett
(This used to be commit 044b50947254ccd516c21cb156ab60ab9e3a582d)
It appears that the control value is optional, implying type 0 responses.
Failing to parse this was causing LDAP disconnects with 'unavailable
critical extension'.
Andrew Bartlett
(This used to be commit 833dfc2f2af84c45f954e428c9ea6babf100ba92)
implement these in the simple ldap mapping module.
We still don't pass this test, because we must get linked attributes
into OpenLDAP.
Andrew Bartlett
(This used to be commit d41f34e979bb119f71ab3cc2fdb3c08e4b92849c)
restrictions imposed by the samldb module.
This module is worth keeping, because when we go back to do more
extensive backend mapping, the testing of this module shows it is
still possible.
Andrew Bartlett
(This used to be commit a10d2554dc1f9b57ce2a98ea20969b3b3c8aec53)
invalid entries with a linked attribute.
Make Samba4 pass that test, by fixing a silly bug in the
linked_attributes module. (By passing down the 'original' request
structure, tdb would override our handle, and therefore we would never
be called for the 'wait', which collects the errors).
Fix up the provision templates to handle the newly required
referential integrity.
Andrew Bartlett
(This used to be commit 0377d85bbdcb2c4f110b0519005f0d1d10bc0c0b)
linked_attributs code.
This drasticly reduces the code duplication here.
Andrew Bartlett
(This used to be commit c66e188e6729a8e12854017d62067b4ae4a23af8)
This prevents CN=test,dc=samba,dc=example,dc=com being renamed into
CN=test2,cn=test,dc=samba,dc=example,dc=com
Andrew Bartlett
(This used to be commit 958a92ed0c6bee19d8b86df7c66330d2bba23e46)
This patch is to ensure that all attributes are in the same case as
the schema specifies. In the process, I ensure that all attributes
are indeed in the schema.
This ensures we use the schema case, not the user supplied case for
future responses, which assists any (incorrect, but possible) case
sensitive processing on a client.
I've also removed more of the subtle 'schema &&' that metze objected
to in the for loops, moving to a much more explicit 'if (schema)'.
Andrew Bartlett
(This used to be commit bfc96fff063e7cc278755c043b9da0ed4b75a615)
The aim here is to ensure that if we have
CN=Users,DC=samba,DC=example,DC=com
that we cannot have a DN of the form
cn=admin ,cn=useRS,DC=samba,DC=example,DC=com
This module pulls apart the DN, fixes up the relative DN part, and
searches for the parent to copy the base from.
I've used the objectclass module, as I intend to also validate the
placement of child objects, by reading the allowedChildClasses virtual
attribute.
In the future, I'll also force the attribute names to be consistant
(using the case from the schema).
Andrew Bartlett
(This used to be commit c0a0c69ac5a81cfcb7c7d5ba38db59f8686c30ab)
case an oddity of the javascript caused the test to 'pass'.
For the same oddity, we have a failure in ldb's handling of spaces in
DNs. We need to resolve that too.
Andrew Bartlett
(This used to be commit e8cbac1a46f4d3b083e6bb5a509ef1ba47bebff1)
Subclass support was designed to avoid needing to spell out the full
list of objectClasses that an entry was in. However, Samba4 now
enforces this restriction in the objectClass module, and the way
subclass matching was handled was complex and counter-intuitive in my
opinion (and did not match LDAP).
Andrew Bartlett
(This used to be commit f5ce04b904e14445a2a7e7f92e7e1f64b645c6f2)
rename of ldb entries for a case change (only).
I've modified the testsuite to verify this.
Andrew Bartlett
(This used to be commit 9cccd00dac44dd9152ec03cecf5ffac24f918445)
The module is scary: On a rename, it does a search for all entries
under that entry (including itself), and fires off a seperate rename
call for each result. This will fail miserably on an LDAP backend,
but I'll need to work on using hdb for OpenLDAP, and hope Fedora DS
can implement subtree renames at some point.
Andrew Bartlett
(This used to be commit 13908a8cb4dd810503213203efb8d51f77f1f379)
to test the behaviour of objectCategory=user searches.
It turns out (thanks to a hint on
http://blog.joeware.net/2005/12/08/147/) that objectCategory=user maps
into objectCategory=CN=Person,... (by the defaultObjectCategory of
that objectclass).
Simplify the entryUUID module by using the fact that we now set the DN
as the canoncical form of objectCategory.
Andrew Bartlett
(This used to be commit b474be9507df51982a604289215bb1868124fc24)
Computers).
We now generate a security descriptor for each object, when it is
created. This seems to keep MMC happy. The next step is to honour
it.
Andrew Bartlett
(This used to be commit 72f4ae82463c5c1f9f6b7f18f125c4c8fb56ae4f)
Modify the samba3sam test to be less fussy, and not use the
objectclass module (which requires proper schema stuff now).
Andrew Bartlett
(This used to be commit 53c248c2645e86fbc8720860aed92a479483b528)
on this error code, but allow both for now).
Also prove that bug #4829 needs a different solution: we can't fix
this by changing the template. I think this fix needs to be in the
SAMR server.
Andrew Bartlett
(This used to be commit c3554e3ee79cdb15f05e7968ccde62c086748c80)
consistantly report errors. (Some were being lost due to the "echo
foo | cmd" calling convention).
Andrew Bartlett
(This used to be commit d0a994d0ce7b1d4a33bbca5348c2da868401971f)
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
test to prove the behaviour of LDAP renames etc.
Fix LDB to return correct error code when failing to rename one DN
onto another.
Andrew Bartlett
(This used to be commit 3f3da9c4710b7752ed97f55c2fc3d32a63d352af)
dereferencing attributes.
Fix the case to match between the attributes searched for and the ejs
element. (Fixes LDAP-backend selftest)
Andrew Bartlett
(This used to be commit 51cf66bb96e5a58693a40d920d78632ac442ca1c)
- samba3sam.js: rework the samba3sam test to not use objectCategory,
as it's has special rules (dnsName a simple match)
- ldap.js: Test the ordering of the objectClass attributes for the baseDN
- schema_init.c: Load the mayContain and mustContain (and system...) attributes when
reading the schema from ldb
- To make the schema load not suck in terms of performance, write the
schema into a static global variable
- ldif_handlers.c: Match objectCategory for equality and canonicolisation
based on the loaded schema, not simple tring manipuation
- ldb_msg.c: don't duplicate attributes when adding attributes to a list
- kludge_acl.c: return allowedAttributesEffective based on schema results
and privilages
Andrew Bartlett
(This used to be commit dcff83ebe463bc7391841f55856d7915c204d000)
partitions onto the target LDAP server.
Make the LDAP provision run before smbd starts, then stop the LDAP
server. This ensures this occurs synchronously, We then restart it
for the 'real run' (with slapd's stdin being the FIFO).
This required fixing a few things in the provision scripts, with more
containers being created via a add/modify pair.
Andrew Bartlett
(This used to be commit 860dfa4ea1ab2b62d4d4fe0644e0a9b882fdafa1)
private dir to contain a valid machine account.
It isn't really valid it use the DC's account any more, so extend this
script to also join the domain. This nicely tests out some previously
untested code too!
Andrew Bartlett
(This used to be commit 12f4e6033ed11a010211a4295424588f44f7e5e0)
