IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- I added a comment to the "new user" operation to point out that this works
only on s4, since we add also ID mapping entries for winbind there
- The "new user" operation adds now the password through the "set password"
operation which I find better due to the re-use principle
- Remove the word "DC" after "SAMBA 4" in the comment over the "set password"
operation since this note and operation applies also to s4 in standalone mode
- When a user account is requested by a call always the search filter will be
passed as argument. This helps us to unify the API
- Add/fix some comments; in particular new comments inform the developer which
requirements exist if he wants to use calls which manipulate the
"userPassword" attribute (On s4 no problem - but on certain domain levels on
Windows Server)
This reverts commit fdd62e9699.
abartlet and I agreed that this isn't the right way to enforce the password
policies. Sooner or later we've to control them anyway on the directory level.
The "setpassword" script should use the "samdb_set_password" call to change
the NT user password. Windows Server tests show that "userPassword" is not the
right place to save the NT password and does not inherit the password complexity.
- Centralise the lookups for the default domain (root) in the call "domain_dn"
- Reduce the LDB connections attempts ("connect" calls) from three to one
- tools should load faster
- Make the LDB connection init more like the "ldb_wrap_connection" call
- Load the right UTF8 casefolder which fixes up problems with special characters
(discovered by me: e.g. small "Umlaute" (ä, ö, ü, ...) in the DN weren't upcased
- so records "seemed" lost in TDB)
This reverts commit 53ef426e6f.
As abartlet pointed out this causes to load all attributes and therefore gives
us more here than we need (only the check for the DN)!
This makes it possible to do a bit more of the provision with Samba
helpers, but without some of the otherwise useful things (such as
loading in the global schema) that SamDB does.
Rewrite provision_erase to use a recursive search, rather than a
looping subtree search. This is much more efficient, particularly now
we have one-level indexes enabled.
Delete the @INDEX and similar records *after* deleting all other
visible records, this hopefully also assists performance.
Andrew Bartlett
This allows us to load the schema against one ldb context, but apply
it to another. This will be useful in the provision script, as we
need the schema before we start the LDAP server backend.
Adnrew Bartlett
This removes a level of indirection via external binaries in the
provision-backend code, and also makes better use of our internal code
for loading schema from an LDIF file.
Remaining to do: Sort the output again, as the load from LDIF is
unsorted (also needed because the normal LDB load from sorted input is too slow
anyway, and is only needed here).
Andrew Bartlett
This attribute is used in a very similar way (virtual attribute
updating the password) in AD on Win2003, so eliminate the difference.
This should not cause a problem for on-disk passwords, as by default
we do not store the plaintext at all.
Andrew Bartlett
(This used to be commit 1cf0d75149)
The new idmap world does not use the unixUser any more, so we need to
set up the entry (if wanted) in the idmap database. Users without a
backing unix user will get an allocated uid by idmap later.
Andrew Bartlett
(This used to be commit 8bd8bc1475)
