IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Samld is NOT yet async itself, but as that module only intercepts
user,groups or foreign principal creation and nothing else we can
accept it not to be asynchronous for now.
Simo.
Applications that use LDB modules will now have to run ldb_global_init()
before they can use LDB.
The next step will be adding support for loading LDB modules from .so
files. This will also allow us to use one LDB without difference between the
standalone and the Samba-specific build
This updates the module to handle both SID allocation and nextRid
updating while importing users. (As imported users already have a
SID, so don't go via the allocation step). We also ensure that SIDs
in the database are unquie at create time.
Furthermore, at allocation time, we double-check the SID isn't already
in use, and that we don't create a foriegnSecurityPrincipal for a
'local' sid.
Also create random samAccountName entries for users without one (we
were setting $000000-000000000000).
We may want to seperate the uniqueness code from the rest of samldb,
and into a module with the objectguid code, which needs similar
checks. These checks also need to apply to modification, or those
modifications denied outright.
Also update part of the testsuite to validate this.
Andrew Bartlett
We need to add to the multivalued objectClass, not ignore it because
the user has already specified a value.
Also rename the template again.
This was caught by more stringent tests in the unicodePwd module, but
breaks MMC. A later commit will sort the objectClass.
Andrew Bartlett
different computer account types. (Earlier code changes removed the
BDC case).
We don't use the TemplateDomainController, so just have a
TemplateServer in provision_templates.ldif
Andrew Bartlett
This patch changes the way lsb_search is called and the meaning of the returned integer.
The last argument of ldb_search is changed from struct ldb_message to struct ldb_result
which contains a pointer to a struct ldb_message list and a count of the number of messages.
The return is not the count of messages anymore but instead it is an ldb error value.
I tryed to keep the patch as tiny as possible bu as you can guess I had to change a good
amount of places. I also tried to double check all my changes being sure that the calling
functions would still behave as before. But this patch is big enough that I fear some bug
may have been introduced anyway even if it passes the test suite. So if you are currently
working on any file being touched please give it a deep look and blame me for any error.
Simo.
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(
I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes
In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.
Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
a search() function, instead each module now only implements the
bytree method, and the expression based search is handled generically
by the modules code. This makes for more consistency and less code
duplication.
fixed the tdb backend to handle BASE searches much more
efficiently. They now always only lookup one record, regardless of the
search expression
do not autostart transactions on ldb operations if a transaction is already in place
test transactions on winsdb
all my tests passes so far
tridge please confirm this is ok for you
dn: cn=foo,ou=bar
objectClass: person
implies
dn: cn=foo,ou=bar
objectClass: person
cn: foo
(as well as a pile more default attributes)
We also correct the case in the attirbute to match that in the DN
(win2k3 behaviour) and I have a testsuite (in ejs) to prove it.
This module also found a bug in our provision.ldif, so and reduces
code complexity in the samdb module.
Andrew Bartlett
This ensures the templating code is used, and also makes it clearer
what I need to duplicate in the vampire area.
Also fix a silly bug in the template application code (the samdb
module) that caused templates to be compleatly unused (my fault, from
my commit last night).
Andrew Bartlett
quite a large change as we had lots of code that assumed that
objectSid was a string in S- format.
metze and simo tried to convince me to use NDR format months ago, but
I didn't listen, so its fair that I have the pain of fixing all the
code now :-)
This builds on the ldb_register_samba_handlers() and ldif handlers
code I did earlier this week. There are still three parts of this
conversion I have not finished:
- the ltdb index records need to use the string form of the objectSid
(to keep the DNs sane). Until that it done I have disabled indexing on
objectSid, which is a big performance hit, but allows us to pass
all our tests while I rejig the indexing system to use a externally
supplied conversion function
- I haven't yet put in place the code that allows client to use the
"S-xxx-yyy" form for objectSid in ldap search expressions. w2k3
supports this, presumably by looking for the "S-" prefix to
determine what type of objectSid form is being used by the client. I
have been working on ways to handle this, but am not happy with
them yet so they aren't part of this patch
- I need to change pidl to generate push functions that take a
"const void *" instead of a "void*" for the data pointer. That will
fix the couple of new warnings this code generates.
Luckily it many places the conversion to NDR formatted records
actually simplified the code, as it means we no longer need as many
calls to dom_sid_parse_talloc(). In some places it got more complex,
but not many.
instead of a search expression. This allows our ldap server to pass
its ASN.1 parsed search expressions straight to ldb, instead of going
via strings.
- updated all the ldb modules code to handle the new interface
- got rid of the separate ldb_parse.h now that the ldb_parse
structures are exposed externally
- moved to C99 structure initialisation in ldb
- switched ldap server to using ldb_search_bytree()
- This module will take care of properly filling an user or group object
with required fields. You just need to provide the dn and the objectclass
and a user/group get created
Simo.
