1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

217 Commits

Author SHA1 Message Date
Andrew Kroeger
8f8c56bfbc Convert some more files to GPLv3.
(This used to be commit ebe5e83994)
2008-03-28 01:08:49 -05:00
Andrew Kroeger
b2c6ba69a4 provision: Increase max NetBIOS name length from 13 to 15.
Issue originally reported by user Julsa-FR on IRC.
(This used to be commit ee9ad77009)
2008-03-27 16:30:18 -05:00
Kai Blin
895874d966 idmap: Handle uid->SID mapping
(This used to be commit 6ac6de8476)
2008-02-21 11:21:59 +01:00
Kai Blin
176f32cc97 provision: Fix new user creation.
Spotted by nobody88 in IRC.
(This used to be commit 38d4e2407a)
2008-02-11 10:38:19 +01:00
Andrew Bartlett
6e5c528f87 Ensure we set subobj.BACKEND_MOD for the 'partitions only' case.
Andrew Bartlett
(This used to be commit be5eb2da24)
2008-01-24 16:25:35 +11:00
Andrew Bartlett
48e79659d1 Make the repl_meta_data module the default for domain controllers.
Andrew Bartlett
(This used to be commit ae2ea1bd0c)
2008-01-24 16:17:45 +11:00
Andrew Bartlett
a2d7a3b627 Use the repl_meta_data module by default.
This means that, except when we back onto LDAP, when it will be
replaced with the mapping backend, we will keep this codepath tested.

Andrew Bartlett
(This used to be commit e8fb5da5a1)
2008-01-24 14:28:25 +11:00
Andrew Bartlett
1557e7b930 Kill another sub that the modules will handle for us.
(This used to be commit e9bb130d63)
2008-01-24 11:33:37 +11:00
Andrew Bartlett
08f94e2754 Remove useless subs from the ejs provision
The less things we manually place into the templates, the easier the
conversion to python will be.

Andrew Bartlett
(This used to be commit f65e5c1644)
2008-01-24 11:26:21 +11:00
Andrew Bartlett
8d36d43e52 Add in a new module to handle instanceType
This code raided from the repl_meta_data module, which probably needs
to be downsized to just handling the replication data.

Andrew Bartlett
(This used to be commit 2a418f3370)
2008-01-18 10:13:43 +11:00
Andrew Bartlett
f1e177a7b8 provision: simplfy by removing old code to manually create baseDNs.
Previously, we would create the first record in the DB as an LDIF
file, with the expectation that the administrator would use slapadd to
create the database.

We now do everything over LDAP, which is far simpler, and allows the
LDB module chain to do its work, without special cases.

Also fix naming of the output schema when suggesting the comamnd line
to run ad2oLschema in provision-backend.

Andrew Bartlett
(This used to be commit e77375758d)
2008-01-17 12:00:27 +11:00
Andrew Bartlett
48c2d871ea Use 'dn' less, as this is not a valid attribute in AD, and I want to
remove it from ldb.  It is not longer mapped against OpenLDAP.

Andrew Bartlett
(This used to be commit f917ccec85)
2008-01-11 15:21:23 +11:00
Jelmer Vernooij
7c146c42d2 r26593: - More work on the python versions of samba3dump and the samba3sam tests.
- Initial work converting the upgrade code to Python.
- Removed the old EJS upgrade code because it has been broken for a long time.
(This used to be commit 150cf39fbd)
2007-12-26 11:57:07 -06:00
Andrew Bartlett
9d4d41f65d r26419: Add a module to implement 'ambigious name resolution' by munging the
incoming LDAP filter.

Warning: Any anr search will perform a full index search.  Untill ldb
gets substring indexes, this is unavoidable.

Also implement a testsutie to show we match AD behaviour for this
important extension (used in the Active Directory Users and Computers
MMC plugin, as a genereral 'find').

This will also be useful to OpenChange, as their server needs to
implement this.

Andrew Bartlett
(This used to be commit 044b509472)
2007-12-21 05:49:48 +01:00
Jelmer Vernooij
dd7e5ed88c r26352: Don't make lp_load create a new context.
(This used to be commit d0d5c1a823)
2007-12-21 05:48:56 +01:00
Jelmer Vernooij
cc35894fb5 r26317: Fix typos.
(This used to be commit 4c7e3843a0)
2007-12-21 05:48:31 +01:00
Andrew Bartlett
439f85c609 r26304: More work to remove silly error printouts.
Andrew Bartlett
(This used to be commit ba23dac031)
2007-12-21 05:48:18 +01:00
Andrew Bartlett
c3c27fadc0 r26303: Fix up error reporting during the delete of previous entries in the
provision, and ignore 'no such entry' as an error (it is normal, and
just means the partition is compleatly empty).

Andrew Bartlett
(This used to be commit 1fb8c31a3d)
2007-12-21 05:48:18 +01:00
Andrew Bartlett
d8b9103111 r26302: Print the error string for failed rootdse searches.
Andrew Bartlett
(This used to be commit a7595d009a)
2007-12-21 05:48:17 +01:00
Andrew Bartlett
f5860b5a85 r26298: Use metze's schema loading code to pre-initialise the schema into the
samdb before we start writing entries into it.

In doing so, I realised we still used 'dnsDomain', which is not part
of the standard schema (now removed).

We also set the 'wrong' side of the linked attributes for the
masteredBy on each partition - this is now set in provision_self_join
and backlinks via the linked attributes code.

When we have the schema loaded, we must also have a valid domain SID
loaded, so that the objectclass module works.  This required some ejs
glue.

Andrew Bartlett
(This used to be commit b0de08916e)
2007-12-21 05:48:15 +01:00
Andrew Bartlett
bb07e58531 r26246: Make it easier to debug assert()s in the provision, if messages are
suppressed with --quiet.  Hopefully this will be easier with python.

Andrew Bartlett
(This used to be commit f6e0e15fa5)
2007-12-21 05:47:24 +01:00
Andrew Bartlett
a2a4aba5fd r26245: Make it easier to handle the LDAP backend, with it's differing needs,
by seperating the modules list into parts.  That way, we can remove
the modules that the backend will provide.

Andrew Bartlett
(This used to be commit d67e5c7896)
2007-12-21 05:47:24 +01:00
Andrew Bartlett
cd1f19d7d3 r26244: Add a module (sans tests for the moment) that implements ranged
results, as used particularly by MMC's Active Directory Users and
Computers to list group members.

This may be used on any attribute, but is useful to obtain attributes
that may be lengthy in 'pages'.  The implementation presumes that
attributes will always be returned by the DB in the same order.

Andrew Bartlett
(This used to be commit c789a91e00)
2007-12-21 05:47:23 +01:00
Andrew Bartlett
c4d7646f29 r26139: Based on a report by Theodor Chirana, don't assert() on invalid
netbios names at this point, the calling order has changed, and we
have a more informative place to do it.

Andrew Bartlett
(This used to be commit 3136dccd54)
2007-12-21 05:46:20 +01:00
Andrew Bartlett
8959af0a6f r25950: Enable seperate module to prevent subtree deletes.
Andrew Bartlett
(This used to be commit a71414ec3e)
2007-12-21 05:45:15 +01:00
Andrew Bartlett
3f2ca10d2d r25940: Rework the samldb and templates handling.
Templates just don't belong in the sam.ldb, as they don't obey any of
the other rules.  This moves them to a seperate templates.ldb.

In samldb, this patch reworks the duplicate SID and Name detection
code, to use ldb_search_exp_fmt() rather than gendb_search.  This
returns far more useful errors, which we now handle and report better.

The call to samdb_search_for_parent_domain() has been moved in samldb,
to allow both the account and SID uniqueness checks to be in the same
domain.  This function also returns better errors.

dcesrv_drsuapi.c is updated for the new prototype of
samdb_search_for_parent_domain()

Andrew Bartlett
(This used to be commit f1ab90c88c)
2007-12-21 05:45:10 +01:00
Stefan Metzmacher
6c41194961 r25936: provision/newuser: don't try to set the 'memberOf' attribute
metze
(This used to be commit c6d959e52c)
2007-12-21 05:45:09 +01:00
Andrew Bartlett
716391f106 r25921: Now also listen on ldapi by default in the LDAP server
Create a phpLDAPadmin configuration file example to use ldapi to talk
to Samba4

Andrew Bartlett
(This used to be commit 54f4c8ba61)
2007-12-21 05:45:03 +01:00
Andrew Bartlett
16d0395047 r25750: Update the objectclass module to improve consistency in Samba4.
The aim here is to ensure that if we have

CN=Users,DC=samba,DC=example,DC=com

that we cannot have a DN of the form

cn=admin ,cn=useRS,DC=samba,DC=example,DC=com

This module pulls apart the DN, fixes up the relative DN part, and
searches for the parent to copy the base from.

I've used the objectclass module, as I intend to also validate the
placement of child objects, by reading the allowedChildClasses virtual
attribute.

In the future, I'll also force the attribute names to be consistant
(using the case from the schema).

Andrew Bartlett
(This used to be commit c0a0c69ac5)
2007-12-21 05:43:43 +01:00
Andrew Bartlett
7c721a1f49 r25747: Implement linked attributes, for add operations.
Much more work is still required here, particularly to handle this
better during the provision, and to handle modifies and deletes, but
this is a start.

Andrew Bartlett
(This used to be commit 2ba99d58e9)
2007-12-21 05:43:41 +01:00
Andrew Bartlett
4bb52bfcb7 r25694: Move subtree_rename above the partitions module. The next step is to
built a linked_attributes module under this.

Andrew Bartlett
(This used to be commit 4f47e687e5)
2007-12-21 05:43:17 +01:00
Andrew Bartlett
21c65d93eb r25693: Implement the rest of subtree renames, now that tridge waved his magic
over the ldb_tdb part of the problem.

Andrew Bartlett
(This used to be commit daca0cfd2f)
2007-12-21 05:43:17 +01:00
Andrew Tridgell
62078f17ba r25691: make "server role" case insensitive
(This used to be commit f61a9b7068)
2007-12-21 05:43:15 +01:00
Andrew Bartlett
db6c6cfdec r25383: Patch from Amin Azez <azez@ufomechanic.net> to give better message
when a template file is missing.

Andrew Bartlett
(This used to be commit 5093ea1cef)
2007-10-10 15:07:22 -05:00
Andrew Bartlett
bd4dc88e7b r25304: Thankyou to Amin Azez <azez@ufomechanic.net> for pointing out that I
used subobj.ROLE and not subobj.SERVERROLE as the rest of the code
does.

Andrew Bartlett
(This used to be commit dd1cb33591)
2007-10-10 15:07:10 -05:00
Andrew Bartlett
ee257e902a r25299: Modify the provision script to take an additional argument: --server-role
This must be set to either 'domain controller', 'domain member' or 'standalone'.

The default for the provision now changes to 'standalone'.

This is not because Samba4 is particularlly useful in that mode, but
because we still want a positive sign from the administrator that we
should advertise as a DC.

We now do more to ensure the 'standalone' and 'member server'
provision output is reasonable, and try not to set odd things into the
database that only belong for the DC.

Andrew Bartlett
(This used to be commit 4cc4ed7719)
2007-10-10 15:07:09 -05:00
Andrew Bartlett
15c1801a5c r25051: Move SWAT back to the old-style form-submit modal.
The Web 2.0, async client tools were really interesting, but without
developer backing they remain impossible to support into a release.

The most interesting app was the LDB browser, and I intend to replace
this with phpLdapAdmin, preconfigured for Apache during provision.

This also removes the need to 'compile' SWAT on SVN checkouts.

Andrew Bartlett
(This used to be commit cda965e908)
2007-10-10 15:05:50 -05:00
Andrew Bartlett
ced6fc995f r24911: Make better use of substituted variables in example named.conf
Andrew Bartlett
(This used to be commit 9f18a97117)
2007-10-10 15:03:36 -05:00
Andrew Bartlett
50017a0075 r24793: The subtree_rename module is a work of fiction. An resemblance to a
working module, live or dead, is purely co-incidental.

Andrew Bartlett
(This used to be commit 64cc31642f)
2007-10-10 15:03:10 -05:00
Andrew Bartlett
4e1d0cc8e3 r24761: Permit subtree renames in Samba4.
The module is scary: On a rename, it does a search for all entries
under that entry (including itself), and fires off a seperate rename
call for each result.  This will fail miserably on an LDAP backend,
but I'll need to work on using hdb for OpenLDAP, and hope Fedora DS
can implement subtree renames at some point.

Andrew Bartlett
(This used to be commit 13908a8cb4)
2007-10-10 15:03:05 -05:00
Andrew Bartlett
f681306335 r24760: Ensure we base64 encode any password being put into LDIF, to avoid
provision failures when some of the random password values are illigal
LDIF.

Andrew Bartlett
(This used to be commit 876003f6c6)
2007-10-10 15:03:05 -05:00
Andrew Bartlett
73388ce54c r24729: First try and publishing a DNS service account, for folks to play with.
The keytab in dns.keytab should (I hope) do the job.

Andrew Bartlett
(This used to be commit af4d331eef)
2007-10-10 15:02:58 -05:00
Jelmer Vernooij
2edf63b6d6 r24703: Use standard registry diff files when provisioning rather than
LDIF files for the registry files.
(This used to be commit 67ad556b73)
2007-10-10 15:02:50 -05:00
Andrew Bartlett
2da0be9d5e r24640: Add a suggested BIND configuration snippit, to help with DNS configuration.
When we sort out GSS-TSIG on the server, we can expand this to have
the 'right stuff'.

Andrew Bartlett
(This used to be commit 8f02ade1b2)
2007-10-10 15:02:28 -05:00
Andrew Bartlett
d1bfe56048 r23907: Fix bug 4790 reported by mwallnoefer@yahoo.de:
Before the provisioning enters to the function provision_default_paths (in
scripting/libjs/provision.js), the variable subobj.DNSDOMAIN isn't properly set
(for example for the filename of the DNS zonefile).

Andrew Bartlett
(This used to be commit 07a9db1438)
2007-10-10 15:01:09 -05:00
Andrew Bartlett
d9a5e18ce0 r23875: As pointed out by mwallnoefer@yahoo.de:
On default Active Directory installations, the NETLOGON share isn't
an indipendent directory. In fact it's mapped to the subdirectory
"scripts" from the share SYSVOL under <Domain name>.

Andrew Bartlett
(This used to be commit 923d67ea9d)
2007-10-10 15:01:06 -05:00
Andrew Bartlett
10f6e16573 r23859: Work to have Group Policy work 'out of the box' in Samba4.
This involves creating the SYSVOL and NETLOGON shares at provision
time, and creating the right subdirectories.

This also changes the behaviour of lp.get("foo") in ejs - we now
return undefined, rather than syntax error, if the parameter doesn't
exist (perhaps because the share isn't defined).

Andrew Bartlett
(This used to be commit 45cadf3bc0)
2007-10-10 15:01:05 -05:00
Andrew Bartlett
967866f170 r23720: Allow the member server to work against an LDAP Backend. Another case
where LDB isn't as strict as OpenLDAP, the self join record contains
duplicate servicePrincipalNames once the DNS name and domain name are
made equal.  (Easier to just skip the useless self-join).

Andrew Bartlett
(This used to be commit 49ff929be6)
2007-10-10 14:59:08 -05:00
Andrew Bartlett
90b49dc520 r23717: We need to remove the _ in LDAP_MANAGERPASS for the
--ldap-manager-pass= option to work.

Andrew Bartlett
(This used to be commit fbcb1ec141)
2007-10-10 14:59:07 -05:00
Andrew Bartlett
97172e1120 r23716: Clarify LDAP Manager DN and fix slapd startup syntax.
Andrew Bartlett
(This used to be commit 17dad5d8c3)
2007-10-10 14:59:06 -05:00