IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
and DLIST_DEMOTE() now take the type of the tmp pointer
not the tmp pointer itself anymore.
metze
(This used to be commit 2f58645b7094e81dff3734f11aa183ea2ab53d2d)
eDir, we already add 'sn' as required attribute on LDAP add
operations.
When we modify an entry, we need to request 'sn' as well in our
attribute lists, so that we don't try to add it a second time.
Guenther
(This used to be commit e018ea3d1d70e68e6802843f88b3245dc09244c9)
alloc error back up the stack from smbldap_set_mod()
so ensure we abort correctly.
Jeremy.
(This used to be commit 9a1e35079af9404e1775e2a098990277b3771086)
LDAP operation. That way we avoid the replication sleep after a simple
redirected search operation
Guenther
(This used to be commit d236caac211ff45a3e2da73a3b0316194740a722)
call START_TLS again after rebinding to another LDAP server. (ldaps://
uri's are handled at by recent versions of OpenLDAP).
Guenther
(This used to be commit 3ccea032cb681426a1b29907a44b87b8a94e0840)
Also allow to use START_TLS in the pdb_nds_update_login_attempts
function when doing simple binds to eDir.
Guenther
(This used to be commit 04a3ac5e50e93f74dfddfead5cb3f335ce991e9a)
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
can be taken out of it, so I decided to commit this in one lump. It changes
the passdb enumerating functions to use ldap paged results where possible. In
particular the samr calls querydispinfo, enumdomusers and friends have
undergone significant internal changes. I have tested this extensively with
rpcclient and a bit with usrmgr.exe. More tests and the merge to trunk will
follow later.
The code is based on a first implementation by Günther Deschner, but has
evolved quite a bit since then.
Volker
(This used to be commit f0bb44ac58e190e19eb4e92928979b0446e611c9)
1. using smbc_getxattr() et al, one may now request all access control
entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
provided by smbc_getxattr() et al, when requesting all attributes,
all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
compiler flags are in use. removed -Wcast-qual flag from list, as that
is specifically to force warnings in the case of casting away qualifiers.
Note: In the process of eliminating compiler warnings, a few nasties were
discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces
are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
kerberos interfaces are being used. Someone who knows kerberos
should look at these and determine if there is an alternate method
of accomplishing the task.
(This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)
whole of samba comiles warning-free with the default compiler flags.
Temporarily defined -Wall to locate other potential problems. Found an
unused static function (#ifdefed out rather than deleted, in case it's
needed for something in progress).
There are also a number of uses of undeclared functions, mostly krb5_*.
Files with these problems need to have appropriate header files included,
but they are not fixed in this update.
oplock_linux.c.c has undefined functions capget() and capset(), which need
to have "#undef _POSIX_SOURCE" specified before including <sys/capability.h>,
but that could potentially have other side effects, so that remains uncorrected
as well.
The flag -Wall should be added permanently to CFLAGS, and all warnings then
generated should be eliminated.
(This used to be commit 5b19ede88ed80318e392f8017f4573fbb2ecbe0f)
use AF_UNIX instead of AF_LOCAL (thanks to Doug VanLeuven
<roamdad-at-sonic.net>) and make smbldap_open() a bit more readable.
Guenther
(This used to be commit 526d6a9493cd091f2a9b8e072f11e673133fe5c1)
Does automated migration from account_policy.tdb v1 and v2 and offers a
pdbedit-Migration interface. Jerry, please feel free to revert that if
you have other plans.
Guenther
(This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
controls or extensions.
* Check and remember if ldapsam's LDAP Server support paged results
(in preparation of adding async paged-results to set|get|end-sampwent in
ldapsam).
Guenther
(This used to be commit ced58bd8849cdef78513674dff1b1ec331945aa9)
retry-loop.
This fixes a deadlock-situation when ldapsam is used with the ldapi
interface: getpeername won't fail while trying to detect dead
connections on unix domain sockets. When the ldapi-connection was closed
server-side (due to OpenLDAP's idletimeout) we *never* got a new LDAP
connection.
Guenther
(This used to be commit ac8032bacff10451fa03f155d43f0d20389512fa)
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
setups on its way to open a pipe. This gets rid of many round-trips to the
LDAP server during logon by setting up the server_info_guest once and not
asking the LDAP server and nss every time. Make sure that the ldap connection
is reopened in the child. (I did not look at the sql backends.)
Volker
(This used to be commit 3298f6105e6a88c9390cac02245c8f2eee1e5046)
delete.
Richard, IMHO this is the better solution to the problem you currently
have. Please review.
Thanks,
Volker
(This used to be commit 6957d6a8921fbd97747258249d99b505a79cfcb4)
coding have passed, but I could not find a way to get the OpenLDAP libraries
to reliably time out on any of the queries we make, *and* get correct error
returns. No, async calls and ldap_result does NOT work, or I was simply too
stupid to correctly interpret the OpenLDAP manpage and source.
We can not allow to hang indefinitely in an ldap query, especially not for
winbindd. "ldap timeout" now specifies the overall timeout for the complete
operation, that's why I increased that to 15 seconds.
Volker
(This used to be commit 269f0750872e5f8757e0a9667e007a0410319fcd)
core dump) but compiles and links correctly. I will run the full set of
tests on the ldap sam and the tdb sam for password history tomorrow.
Jeremy.
(This used to be commit ac846420d0ef2c60d2dc71319b24401c73699249)
"Jianliang Lu" <j.lu@tiesse.com>. Multi-string attribute changed to
linearised pstring due to ordering issues. A few other changes to
fix race conditions. I will add the tdb backend code next. This code
compiles but has not yet been tested with password history policy
set to greater than zero. Targeted for 3.0.6.
Jeremy.
(This used to be commit dd54b2a3c45e202e504ad69d170eb798da4e6fc9)
sleep time is not more than 5 seconds. Should fix issue
reported by Chris Garrigues <cwg@deepeddy.com>.
Jeremy.
(This used to be commit fbc06831d3a7e8645409158ee1ae1f9f192913a7)
cache entry time comparisons in password lockout. Fixes problems where
pdb_ldap tries to delete the operational attribute modifyTimestamp when
deleting a user account.
(This used to be commit 5ebcb9081e435d54c39d4d3a1ef1d7b651ccb53f)
bad time locally, updating the directory only for hitting the policy limit
or resetting.
This needed to be done at the passdb level rather than auth, because some
of the functions need to be supported from tools such as pdbedit. It was
done at the LDAP backend level instead of generically after discussion,
because of the complexity of inserting it at a higher level.
The login cache read/write/delete is outside of the ldap backend, so it could
easily be called by other backends. tdbsam won't call it for obvious
reasons, and authors of other backends need to decide if they want to
implement it.
(This used to be commit 2a679cbc87a2a9111e9e6cdebbb62dec0ab3a0c0)
boolean parameter that allows broken iconv conversions to work. Gets rid of the
nasty errno checks in mangle_hash2 and check_path_syntax and allows correct
return code checking.
Jeremy.
(This used to be commit 7b96765c23637613f079d37566d95d5edd511f05)
I know this isn't pretty, but neither was our assumption that all strings
from the directory fit inside a pstring. There was no way this worked
before will all versions of usrmgr (for example, the only version of
mine that has the TS Confic button).
(This used to be commit d275c0e384db08c2a6efc28e52844f676ff71fb6)
