IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- Centralise the lookups for the default domain (root) in the call "domain_dn"
- Reduce the LDB connections attempts ("connect" calls) from three to one
- tools should load faster
- Make the LDB connection init more like the "ldb_wrap_connection" call
- Load the right UTF8 casefolder which fixes up problems with special characters
(discovered by me: e.g. small "Umlaute" (ä, ö, ü, ...) in the DN weren't upcased
- so records "seemed" lost in TDB)
This reverts commit 53ef426e6f.
As abartlet pointed out this causes to load all attributes and therefore gives
us more here than we need (only the check for the DN)!
Andrew, can you please check this? The idmap.setup_name_mapping tests
look totally out of place here. I'm also not sure I captured your
intention with the other changes
The Samba4 schema code (called via
samdb.set_schema_from_ldb(schema.ldb)) manages the @ATTRIBUTES and
@INDEXLIST records, so don't wipe them early. The chances are that we
will not change them anyway.
Andrew Bartlett
The expression time.strftime("%s", time.gmtime())[3:] leads to a
string with a leading 0. When added then read back from the prefix map
this leads to a different string, so it is never found.
Use the simpler str(random.randint(a,b)) expression instead
The extra filter is no use for 'testenv', as we are not running tests,
but an xterm. The filter also breaks running 'GDB_PROVISION=yes make
test', but at least if we can run 'GDB_PROVISION=yes make testenv'
then we can debug provision.
Andrew Bartlett
This fixes the recursive delete in erase_partitions()
For reasons I cannot understand, it is possible to get 'no such
object' trying to delete a DN I just search for without error. Oh
well...
Andrew Bartlett
Using a single transaction to both erase the bulk of the data and the
rebuild of that data means that the in-memory index list is
maintained, and not written out to disk until it is all compleated.
All the writes then occour at the end.
Andrew Bartlett
This removes a *lot* of duplicated code and the cause of much
administrator frustration. We now handle starting and stopping the
slapd (at least for the provision), and ensure that there is only one
'right' way to configure the OpenLDAP and Fedora DS backend
We now run OpenLDAP in 'cn=config' mode for online configuration.
To test what was the provision-backend code, a new --ldap-dryrun-mode
option has been added to provision. It quits the provision just
before it would start the LDAP binaries
Andrew Bartlett
We now set these as part of the schema load, and we now load the
schema before the provision loads the DB, so setting them here is
pointless
Andrew Bartlett
This makes it possible to do a bit more of the provision with Samba
helpers, but without some of the otherwise useful things (such as
loading in the global schema) that SamDB does.
Rewrite provision_erase to use a recursive search, rather than a
looping subtree search. This is much more efficient, particularly now
we have one-level indexes enabled.
Delete the @INDEX and similar records *after* deleting all other
visible records, this hopefully also assists performance.
Andrew Bartlett
This allows us to load the schema against one ldb context, but apply
it to another. This will be useful in the provision script, as we
need the schema before we start the LDAP server backend.
Adnrew Bartlett
This talloc_steal also conflicts with the ldb_map code, and like the
previous commit, is rudundent given the talloc_steal of the whole msg
above.
Andrew Bartlett
There may or may not be a need to take a reference to the 'name' in
the ldb_map code, but given we seal the whole msg just above here, it
makes no senst to steal the name, but not the values.
Andrew Bartlett
Tests for the right behaviour of this introduced constructed attribute.
Since we don't support the read-only-ness of those attributes yet, I commented
some lines out.
Also I had to add a function for python which converts domain SIDs in RIDs.
And a small fix for the "groupType" test.
This moves the "operational" LDB module to the right place under "dsdb/samdb/ldb_modules"
(suggested by abartlet) and enhances it for supporting dynamic generated
"primaryGroupToken" for AD groups. This should fix bug #6466.
