1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

54 Commits

Author SHA1 Message Date
Jim McDonough
3b1d922ab4 sync IBM Directory Server schema with openldap schema...add munged dial 0001-01-01 00:00:00 +00:00
Gerald Carter
86e0015b06 fix case in objectclass name (not that it really matters); patch from Darren Chew <darrenc@vicscouts.asn.au> 0001-01-01 00:00:00 +00:00
Jeremy Allison
6ce7932520 Small fix from Jérôme Tournier <jerome.tournier@IDEALX.com>
Jeremy.
0001-01-01 00:00:00 +00:00
Gerald Carter
9a7774306d removing RCS tags 0001-01-01 00:00:00 +00:00
Gerald Carter
3249e69274 * removing extra file
* updating version in Makefile
0001-01-01 00:00:00 +00:00
Gerald Carter
b798f30f0a updating top 0.8.2-1 of the smbldap tools 0001-01-01 00:00:00 +00:00
Gerald Carter
d463abb035 sync OID with HEAD 0001-01-01 00:00:00 +00:00
Gerald Carter
1c3c16abc9 support munged dial for ldapsam; patch from Aurlien Degrmont; bug 800 0001-01-01 00:00:00 +00:00
Gerald Carter
3f67b2bbfd added note about stripping comments from LDIF; bug 642 0001-01-01 00:00:00 +00:00
Gerald Carter
c1546a5311 update smbldap-tool sscripts from Jérôme Tournier 0001-01-01 00:00:00 +00:00
Gerald Carter
5c45b799d1 fix from Brad Langhorst to correctly check if the primaryGroupID has been set 0001-01-01 00:00:00 +00:00
Gerald Carter
bd9b90a391 updates to SunOne DS schema from André Fiebach 0001-01-01 00:00:00 +00:00
Gerald Carter
64fa24dbab insert missing sh-bang 0001-01-01 00:00:00 +00:00
Jim McDonough
5dcf974c22 Updated 3.0 schema files for IBM Directory Server 5.1
Keeps with IBM convention of separate attributetype and objectclass definitions.
0001-01-01 00:00:00 +00:00
Gerald Carter
88725350d2 syncing files 0001-01-01 00:00:00 +00:00
Gerald Carter
3f97a5ce47 samba 3.0 schema filr netscape DS 5.x from Darren Chew 0001-01-01 00:00:00 +00:00
Gerald Carter
c9c7150a62 updated schema for 3.0 for eDirectory 8.7 and Netscape DS 4.x 0001-01-01 00:00:00 +00:00
Gerald Carter
9013355807 updating README file after I removed some scripts 0001-01-01 00:00:00 +00:00
Gerald Carter
7105f4bcab remove rcs tag 0001-01-01 00:00:00 +00:00
Gerald Carter
29885eae59 removing outdated scripts and adding comments about 'ldap password syc' 0001-01-01 00:00:00 +00:00
Gerald Carter
5b20494aff add --help to script 0001-01-01 00:00:00 +00:00
Gerald Carter
5f41cd76b7 sync with changes from Jerome Tournier @ IDEALX; should now work with sambaSamAccount schema 0001-01-01 00:00:00 +00:00
Gerald Carter
49457669f3 include enhancements from Buchan Milne to generate LDIF modify output in addition to add 0001-01-01 00:00:00 +00:00
Gerald Carter
25753e2a33 adding old NDS schema so I can update it 0001-01-01 00:00:00 +00:00
Gerald Carter
766a5070d5 checlking in initial version of 2.2 scripts so I can start updating them 0001-01-01 00:00:00 +00:00
Gerald Carter
f72f51d39f fix comments about schema dependencies 0001-01-01 00:00:00 +00:00
Andrew Bartlett
9c595c8c23 This patch cleans up some of our ldap code, for better behaviour:
We now always read the Domain SID out of LDAP.  If the local secrets.tdb
is ever different to LDAP, it is overwritten out of LDAP.   We also
store the 'algorithmic rid base' into LDAP, and assert if it changes.
(This ensures cross-host synchronisation, and allows for possible
integration with idmap).  If we fail to read/add the domain entry, we just
fallback to the old behaviour.

We always use an existing DN when adding IDMAP entries to LDAP, unless
no suitable entry is available.  This means that a user's posixAccount
will have a SID added to it, or a user's sambaSamAccount will have a UID
added.  Where we cannot us an existing DN, we use
'sambaSid=S-x-y-z,....' as the DN.

The code now allows modifications to the ID mapping in many cases.

Likewise, we now check more carefully when adding new user entires to LDAP,
to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount
onto the idmap entry for that user, if it is already established (ensuring
we do not duplicate sambaSid entries in the directory).

The allocated UID code has been expanded to take into account the space
between '1000 - algorithmic rid base'.  This much better fits into what
an NT4 does - allocating in the bottom part of the RID range.

On the code cleanup side of things, we now share as much code as
possible between idmap_ldap and pdb_ldap.

We also no longer use the race-prone 'enumerate all users' method for
finding the next RID to allocate.  Instead, we just start at the bottom
of the range, and increment again if the user already exists.  The first
time this is run, it may well take a long time, but next time will just
be able to use the next Rid.

Thanks to metze and AB for double-checking parts of this.

Andrew Bartlett
0001-01-01 00:00:00 +00:00
Gerald Carter
6237fae9b8 applying fix for group map conversion (patch from Kristyan Osborne) 0001-01-01 00:00:00 +00:00
John Terpstra
56d2049561 This patch is Vorlon's fault! 0001-01-01 00:00:00 +00:00
Gerald Carter
be82b3d9df fix typo in description 0001-01-01 00:00:00 +00:00
Gerald Carter
8c18174a89 check that an attribute is defined and not just non-zero 0001-01-01 00:00:00 +00:00
Gerald Carter
8241758544 working draft of the idmap_ldap code.
Includes sambaUnixIdPool objectclass

Still needs cleaning up wrt to name space.
More changes to come, but at least we now have a
a working distributed winbindd solution.
0001-01-01 00:00:00 +00:00
Gerald Carter
469c5ad1ac moving the sambaAccount objectclass to 'historical' to prevent confusion on which one should be used for new servers. I'll add a note about uncommenting the older items for ldapsam_compat in the release notes 0001-01-01 00:00:00 +00:00
Gerald Carter
0714dda7cc fix group mapping in LDAP under new schema 0001-01-01 00:00:00 +00:00
Gerald Carter
925c60f5e2 s/primaryGroupSID/sambaPrimaryGroupSID/ 0001-01-01 00:00:00 +00:00
Gerald Carter
9cde1aa32a perl script to convert from sambaAccount to sambaSamAccount; requires Net::LDAP::LDIF 0001-01-01 00:00:00 +00:00
Gerald Carter
998586e652 *****LDAP schema changes*****
New objectclass named sambaSamAccount which uses attribute
prefaced with the phrase 'samba' to prevent future name clashes.

Change in functionality of the 'ldap filter' parameter.  This always
defaults to "(uid=%u)" now and is and'd with the approriate objectclass
depending on whether you are using ldapsam_compat or ldapsam

conversion script for migrating from sambaAccount to
sambaSamAccount will come next.
0001-01-01 00:00:00 +00:00
Andrew Bartlett
0e432817cb As discussed on samba-technical - move to 'primaryGroupSid' insted of
primaryGroupID (rid).  This is consistant with the move from 'rid' to ntSid
for the primary user identifier.

Also cope with legacy installations where primaryGroupID might have been
stored as 0.

Andrew Bartlett
0001-01-01 00:00:00 +00:00
Gerald Carter
94780f0947 syncing README to go along with scripts 0001-01-01 00:00:00 +00:00
Gerald Carter
ee1374cabf syncing import/export smbpasswd file scripts from 2.2 0001-01-01 00:00:00 +00:00
Andrew Bartlett
3e07406ade A new pdb_ldap!
This patch removes 'non unix account range' (same as idra's change in HEAD),
and uses the winbind uid range instead.

More importanly, this patch changes the LDAP schema to use 'ntSid' instead
of 'rid' as the primary attribute.  This makes it in common with the group
mapping code, and should allow it to be used closely with a future idmap_ldap.

Existing installations can use the existing functionality by using the
ldapsam_compat backend, and users who compile with --with-ldapsam will get
this by default.

More importantly, this patch adds a 'sambaDomain' object to our schema -
which contains 2 'next rid' attributes, the domain name and the domain sid.
Yes, there are *2* next rid attributes.  The problem is that we don't 'own'
the entire RID space - we can only allocate RIDs that could be 'algorithmic'
RIDs.  Therefore, we use the fact that UIDs in 'winbind uid' range will be
mapped by IDMAP, not the algorithm.

Andrew Bartlett
0001-01-01 00:00:00 +00:00
Gerald Carter
7f0fd03f69 uidPool and gidPool don't use cn anymore (but we don't use thsi anyways) 0001-01-01 00:00:00 +00:00
Volker Lendecke
5acb9f421c Fix schema error not detected by OpenLDAP 2.0.23 but by 2.1.16.
Volker
0001-01-01 00:00:00 +00:00
Volker Lendecke
da83d97eb5 Put group mapping into LDAP.
Volker
0001-01-01 00:00:00 +00:00
Tim Potter
902a1dc1d5 Minor merges from HEAD. 0001-01-01 00:00:00 +00:00
Gerald Carter
cd16064784 removed idpool from schema file (experimental) to remove the dependency
on nis.schema.

add $(LDFLAGS) to libsmbclient build
0001-01-01 00:00:00 +00:00
Jelmer Vernooij
19ab776bf9 sync 3_0 branch with HEAD 0001-01-01 00:00:00 +00:00
Gerald Carter
e8ede079b5 merging some changes from SAMBA_2_2 0001-01-01 00:00:00 +00:00
Gerald Carter
bb574aab8f merge from 2.2 0001-01-01 00:00:00 +00:00
Gerald Carter
46bd77a02a fixes from 2,2 0001-01-01 00:00:00 +00:00