IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Samba4. This only broke on global catalog queries, which turned out to
be due to changes in the partitions module that metze needed for his
DRSUAPI work.
I've reworked partitions.c to always include the 'problematic' control,
and therefore demonstrated that this is the issue. This ensures
consistency, and should help with finding issues like this in future.
As this control (DSDB_CONTROL_CURRENT_PARTITION_OID) is not intended to
be linearised, I've added logic to allow it to be skipped when creating
network packets.
I've likewise make our LDAP server skip unknown controls, when marked
'not critical' on it's input, rather than just dropping the entire
request. I need some help to generate a correct error packet when it is
marked critical.
Further work could perhaps be to have the ldap_encode routine return a
textual description of what failed to encode, as that would have saved
me a lot of time...
Andrew Bartlett
correct, or we try and do a memcmp on the trailing '\0'.
This happens because we now use memcmp for the prefix matching.
I just wish I had a test other than a particular invocation of the OSX
client. (I've tried and failed so far)
Andrew Bartlett
Currently only ldb_ildap is async, the plan
is to first make all backend support the async calls,
and then remove the sync functions from backends and
keep the only in the API.
Modules will need to be transformed along the way.
Simo
responses...
Also trust OpenLDAP to be pedantic about it, breaking connections to AD.
In any case, we now get this 'right' (by nasty overloading hacks, but
hey), and we can now use system-supplied OpenLDAP libs and SASL/GSSAPI
to talk to Samba4.
Andrew Bartlett
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(
I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes
In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.
Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
- hooked into events system, so requests can be truly async and won't
interfere with other processing happening at the same time
- uses NTSTATUS codes for errors (previously errors were mostly
ignored). In a similar fashion to the DOS error handling, I have
reserved a range of the NTSTATUS code 32 bit space for LDAP error
codes, so a function can return a LDAP error code in a NTSTATUS
- much cleaner packet handling
ldif parsing code in libcli/ldap/ldap_ldif.c, and instead use the ldb
ldif code. To do that I have changed the ldap code to use 'struct
ldb_message_element' instead of 'struct ldap_attribute'. They are
essentially the same structure anyway, so by making them really the
same it will be much easier to use the ldb code in libcli/ldap/
I have also made 'struct ldb_val' the same as a DATA_BLOB, which will
simplify data handling in quite a few places (I haven't yet removed
all the code that maps between these two, that will come later)
allows us to parse and handle the complex queries we are getting from
w2k, such as
(|(|(&(!(groupType:1.2.840.113556.1.4.803=1))(groupType:1.2.840.113556.1.4.803=2147483648)(groupType:1.2.840.113556.1.4.804=6))(samAccountType=805306368))(samAccountType=805306369))
instead of a search expression. This allows our ldap server to pass
its ASN.1 parsed search expressions straight to ldb, instead of going
via strings.
- updated all the ldb modules code to handle the new interface
- got rid of the separate ldb_parse.h now that the ldb_parse
structures are exposed externally
- moved to C99 structure initialisation in ldb
- switched ldap server to using ldb_search_bytree()
ldb_parse_tree. This also fixes the error handling.
next step will be to pass the parse tree straight into ldb, avoiding
the string encoding completely.
less likely that anyone will use pstring for new code
- got rid of winbind_client.h from includes.h. This one triggered a
huge change, as winbind_client.h was including system/filesys.h and
defining the old uint32 and uint16 types, as well as its own
pstring and fstring.
