IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This patch changes the behavior of LDAPCmp in a single domain
scenario. No place-holders will be applied during comparison
so replication will be fully tested and even the silightest
difference will pop up.
There is a second smaller fix when we compre hosts in different
domains. This fix disables ${SERVERNAME} paace-holder when there
are more then one serevr (domain controller) in the given domain.
when adding a user with the RODC_JOIN control, the samAccountName is
automatically set to the krbtgt_NNNNN form
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
when we deny a EXOP_REPL_SECRET call we should set the exop error code
to NONE, and the main return code to WERR_DS_DRA_ACCESS_DENIED (based
on observing windows server behaviour)
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
The rules for when a RODC can replicate secrets are:
- it can always replicate its own acct
- it can also replicate its krbtgt acct
- it can't replicate other krbtgt accts
- it can't replicate interdomain trust accounts
- it can't replicate users in the denied group list
- it can replicate users in the allowed group list
otherwise it can't replicate
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
When a RODC uses extended getncchanges operation
DRSUAPI_EXOP_REPL_SECRET it gets an override on the ability to
replicate the secret attributes.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
The getncchanges call needs to be able to access the sam as the system
user for RODC clients. To do this it needs a sam_ctx connection with
system credentials
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
DOS error codes were being lost with the conversion to async
libsmbclient. If we're passing around NTSTATUS internally,
let's just convert it when we get it.
DOS ACCESS_DENIED on nautilus was not prompting for other credentials,
because it was not being mapped.
Full schema reloading is needed when we modify exisiting elements that
have attributes that comes from not from the default schema (ie.
openchange schema, user schema ..)
https://launchpad.net/bugs/276472
This patch adds the translation of Unix Error code -ENOTSUP to NT Error Code
NT_STATUS_NOT_SUPPORTED. The absense of this translation wrongly sends back to
the client a STATUS_DENIED message in samba3.
Signed-off-by: Surbhi Palande <surbhi.palande@canonical.com>
Depending on which NC is being replicated, GetNCChanges() returns
either ATTID based on local prefixMap or msDs-IntId value of
the attributeSchema class for the attribute being replicated.
If set, msDs-IntId value is always returned when replicating
object form NC other than Schema NC.
Objects in Schema NC replica always use prefixMap based ATTIDs.
This structure is intended to hold context-dependent data.
Syntax-conversion and object-conversion functions need
that data to convert objects and attributes from drs-to-ldb
and ldb-to-drs correctly.
For instance: ATTID value depends on whether we are converting
object from partition different that Schema partition.
