IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
To make Samba4, using the python provision system, pass this test
required some major rework. Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.
Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).
In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.
Andrew Bartlett
(This used to be commit 1169e8d7be)
Make the EJS provision and the selftest scripts both use the new
syntax for speicifying the ldap backend type.
Andrew Bartlett
(This used to be commit b1d2584277)
Previously, we would create the first record in the DB as an LDIF
file, with the expectation that the administrator would use slapadd to
create the database.
We now do everything over LDAP, which is far simpler, and allows the
LDB module chain to do its work, without special cases.
Also fix naming of the output schema when suggesting the comamnd line
to run ad2oLschema in provision-backend.
Andrew Bartlett
(This used to be commit e77375758d)
by seperating the modules list into parts. That way, we can remove
the modules that the backend will provide.
Andrew Bartlett
(This used to be commit d67e5c7896)
simple ldap mapping (a complex mapping will follow).
Fix the module to handle 'name' better, rather than using the 'name'
attribute built into OpenLDAP, rename to samba4RDN. We need to see if
this can be handled in the backend.
Also rename the functions and inernal module name to entryuuid for
consistancy.
Andrew Bartlett
(This used to be commit a7be80766f)
This must be set to either 'domain controller', 'domain member' or 'standalone'.
The default for the provision now changes to 'standalone'.
This is not because Samba4 is particularlly useful in that mode, but
because we still want a positive sign from the administrator that we
should advertise as a DC.
We now do more to ensure the 'standalone' and 'member server'
provision output is reasonable, and try not to set odd things into the
database that only belong for the DC.
Andrew Bartlett
(This used to be commit 4cc4ed7719)
This involves creating the SYSVOL and NETLOGON shares at provision
time, and creating the right subdirectories.
This also changes the behaviour of lp.get("foo") in ejs - we now
return undefined, rather than syntax error, if the parameter doesn't
exist (perhaps because the share isn't defined).
Andrew Bartlett
(This used to be commit 45cadf3bc0)
- samba3sam.js: rework the samba3sam test to not use objectCategory,
as it's has special rules (dnsName a simple match)
- ldap.js: Test the ordering of the objectClass attributes for the baseDN
- schema_init.c: Load the mayContain and mustContain (and system...) attributes when
reading the schema from ldb
- To make the schema load not suck in terms of performance, write the
schema into a static global variable
- ldif_handlers.c: Match objectCategory for equality and canonicolisation
based on the loaded schema, not simple tring manipuation
- ldb_msg.c: don't duplicate attributes when adding attributes to a list
- kludge_acl.c: return allowedAttributesEffective based on schema results
and privilages
Andrew Bartlett
(This used to be commit dcff83ebe4)
easily try this out.
I also intend to use this for the selftest, but I'm chasing issues
with the OpenlDAP (but not Fedora DS) backend.
Andrew Bartlett
(This used to be commit 0f457b1d2e)
--partitions-only (suggestions for a better name welcome) will setup
the partitions records, but no any data in those partitions. This can
then point at the already configured remote LDAP server.
Andrew Bartlett
(This used to be commit ee7b06fc83)
partitions onto the target LDAP server.
Make the LDAP provision run before smbd starts, then stop the LDAP
server. This ensures this occurs synchronously, We then restart it
for the 'real run' (with slapd's stdin being the FIFO).
This required fixing a few things in the provision scripts, with more
containers being created via a add/modify pair.
Andrew Bartlett
(This used to be commit 860dfa4ea1)
for all partitions and make it not use LDAP in the variable names
because it isn't specific to the ldap backend case.
metze
(This used to be commit 3e337ec276)
Add in a hook for adding an ACI, needed to allow anonymous access
until we hook across a SYSTEM token to the LDAP server.
Andrew Bartlett
(This used to be commit f45504e271)
Add a new module entrypoint to handle the new, interesting and
different mappings required for Fedora DS.
Andrew Bartlett
(This used to be commit 600c7f1a68)
Move default for subobj.LDAPMODULES into scripting/libjs/provision.js
so that SWAT can provision again.
Andrew Bartlett
(This used to be commit a4aafe307d)
needs to be renamed (operation_add?).
This allows me to match the behaviour and substitute with the
entryUUID module for remote LDAP connections.
Andrew Bartlett
(This used to be commit af02b4d7c6)
This required changes to the rootDSE module, to allow registration of
partitions. In doing so I renamed the 'register' operation to
'register_control' and 'register_partition', which changed a few more
modules.
Due to the behaviour of certain LDAP servers, we create the baseDN
entry in two parts: Firstly, we allow the admin to export a simple
LDIF file to add to their server. Then we perform a modify to add the
remaining attributes.
To delete all users in partitions, we must now search and delete all
objects in the partition, rather than a simple search from the root.
Against LDAP, this might not delete all objects, so we allow this to
fail.
In testing, we found that the 'Domain Controllers' container was
misnamed, and should be 'CN=', rather than 'OU='.
To avoid the Templates being found in default searches, they have been
moved to CN=Templates from CN=Templates,${BASEDN}.
Andrew Bartlett
(This used to be commit b49a4fbb57)
This should be replaced with real ACLs, which tridge is working on.
In the meantime, the rules are very simple:
- SYSTEM and Administrators can read all.
- Users and anonymous cannot read passwords, can read everything else
- list of 'password' attributes is hard-coded
Most of the difficult work in this was fighting with the C/js
interface to add a system_session() all, as it still doesn't get on
with me :-)
Andrew Bartlett
(This used to be commit be9d0cae89)
This should allow us to provision to a 'normal' LDAP server.
Also add in 'session info' hooks (unused). Both of these need to be
hooked in on the webserver.
Andrew Bartlett
(This used to be commit b349d2fbfe)
code. Especially as this is a new language for most Samba developers,
it is far better to err strongly on the side of readability rather
than trying to save a line of code by using fancy tricks
(This used to be commit 3228644cf8)
templating support for foreignSecurityPrincipals to the samdb module.
This is an extension beyond what microsoft does, and has been very
useful :-)
The setup scripts have been modified to use the new template, as has
the SAMR and LSA code.
Other cleanups in LSA remove the assumption that the short domain name
is the first component of the realm.
Also add a lot of useful debug messages, to make it clear how/why the
SamSync may have gone wrong. Many of these should perhaps be hooked
into an error string.
Andrew Bartlett
(This used to be commit 1f071b0609)
- get rid of redundeny dyn_CONFIGFILE argument to lp_load()
- fixed provisioning to work with completely pristine install,
creating an initial smb.conf is none is present
- added lp.set() and lp.reload() to loadparm ejs object interface
(This used to be commit c2691ef712)