IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This makes getting the module order correct, the obligation of Samba4
developers, and not system administrators. In particular, once an ldb
is updated to use only the 'samba_dsdb' module, no further changes to the
ldb should be required when upgrading to later Samba4 versions.
(thanks to metze for the suggestion of samba_dsdb as a long-term
stable name for the module)
Andrew Bartlett
The previous patches to the provision system cut down on the number of
reconnects, and disabled the partition handling for part of the
process. This means we lost the setting of @OPTIONS as a replicated
attribute into the partitions.
Andrew Bartlett
We now set these as part of the schema load, and we now load the
schema before the provision loads the DB, so setting them here is
pointless
Andrew Bartlett
This changes the @ATTRIBUTES record to be for bootstrapping only,
before we find the schema.
Andrew Bartlett
(This used to be commit 358477fcc041d5fb2e6ac5641c2f899cc49cfb69)
This attribute is used in a very similar way (virtual attribute
updating the password) in AD on Win2003, so eliminate the difference.
This should not cause a problem for on-disk passwords, as by default
we do not store the plaintext at all.
Andrew Bartlett
(This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)
Remove bogus check to return NO_SUCH_ENTRY in ldap_backend.c, as this
error is now correctly emited from ldb.
Andrew Bartlett
(This used to be commit ed57862b90812e5a38ca81935b131338112fb19f)
don't delete their contents until we have specified the new partition
locations.
However, preserve the important part of tridge's change, that is to
ensure that no database index is present when the mass delete occours.
In my testing, it is best to leave the index until the provision is
compleated.
Andrew Bartlett
(This used to be commit 962219df7dc53ce6f6889f4b71ee19850c7ff7b5)
DB_CONFIG file, we now get reasonable enought performance to pass
'make test' against OpenLDAP.
We do have to double the maximum runtime for the torture client however.
Andrew Bartlett
(This used to be commit 5b3c8cc036c1180c9e96d9aaacd3f2e0a83460e5)
Do not change unixName right now, we don't have an attribute to use in the posixGroup class,
and I think we should remove its usage altogether and look up users and groups by their uid/gid only.
Simo.
(This used to be commit d57b521aadf24a277152ec1ff1dac3210bd14316)
This module redirects various samdb requests into different modules,
depending on the prefix. It also makes moving to an LDAP backend
easier, as it is just a different partition backend.
This adds yet another stage to the provision process, as we must setup
the partitions before we setup the magic attributes.
Andrew Bartlett
(This used to be commit 31225b9cb6ef6fcb7bd831043999b1b44ef1b128)
Add a test to show that we need this, and to prove it works (for add
at least).
Andrew Bartlett
(This used to be commit f72079029abb594677bf8c2b63e40c07e910004f)
This means that some modules have been disabled as well as they
have not been ported to the async interface
One of them is the ugly objectclass module.
I hope that the change in samldb module will make the MMC happy
without the need of this crappy module, we need proper handling
in a decent schema module.
proxy and ldb_map have also been disabled
ldb_sqlite3 need to be ported as well (currenlty just broken).
(This used to be commit 51083de795bdcbf649de926e86969adc20239b6d)
It passess all my tests, but I still need to work on a lot of stuff.
Shouldn't impact anybody else work, so I want to commit now and see what happens
Will work to remove the old code from modules and backends soon, and make some
more restyling in ldb internals.
So, if there is something you don't like in this desgin please speak now.
Simo.
(This used to be commit 8b2a563e716a789ea77cbfbf2f372724de5361ce)
want to see what it does ?
do aq make test and try:
./bin/ldbsearch -H st/private/sam.ldb --controls=asq:1:member -s base -b 'CN=Administrators,CN=Builtin,DC=samba,DC=example,DC=com' 'objectclass=*'
have fun.
simo.
(This used to be commit 900f4fd3435aacc3351f30afb77d3488d2cb4804)
passwords) be moved into the database, and not be hard-coded in the
module source.
Andrew Bartlett
(This used to be commit 1fbe09ce818ac1603bd747610262865b8698fe04)
This should be replaced with real ACLs, which tridge is working on.
In the meantime, the rules are very simple:
- SYSTEM and Administrators can read all.
- Users and anonymous cannot read passwords, can read everything else
- list of 'password' attributes is hard-coded
Most of the difficult work in this was fighting with the C/js
interface to add a system_session() all, as it still doesn't get on
with me :-)
Andrew Bartlett
(This used to be commit be9d0cae8989429ef47a713d8f0a82f12966fc78)
command line to ldbsearch. Very rough work, no checks are
done on the input yet (will segfault if you make it wrong).
Controls are passed via the --controls switch an are comma
separated (no escaping yet).
General syntax is <ctrl_name>:<criticality>
<ctrl_name> is a string
<criticality> is 1 or 0
Current semi-parsed controls are:
server_sort
syntax: server_sort:1:0:attributename
1st parm: criticality
2nd parm: reversed
3rd parm: attribute name to be used for sorting
todo: still missing suport for multiple sorting
attributes and ordering rule
no check on result code
paged_results
syntax: paged_results:1:100
1st parm: criticality
2nd parm: number of results to be returned
todo: ldbsearch will return only the first batch
(missing code to cycle over conditionally)
no check on result code
extended_dn
syntax: extended_dn:1:0
1st parm: criticality
2nd parm: type, see MS docs on meaning
Simo.
(This used to be commit 4c685ac0d1638a1d5392dfe733baf0db77e84858)
sambaNTPassword. Likewise lmPwdHistory -> sambaLMPwdHistory.
The idea here is to avoid having conflicting formats when we get to
replication. We know the base data matches, but we may need to use a
module to munge formats.
Andrew Bartlett
(This used to be commit 8e608dd4bf4f108e02274a9977ced04a0a270570)
Because we don't know the syntax of unicodePwd, we want to avoid using
that attribute name. It may cause problems later when we get
replication form windows.
I'm doing this before the tech preview, so we don't get too many
supprises as folks upgrade databases into later versions.
Andrew Bartlett
(This used to be commit 097d9d0b7fd3b1a10fb7039f0671fd459bed2d1b)
Get this out of the server credentials, and push it down to ldb via an
opaque pointer.
Andrew Bartlett
(This used to be commit 61700252e05e0be6b4ffa72ffc24a95c665597e3)
module is perhaps not the most efficient, but I think it is
reasonable.
This should restore operation of MMC against Samba4 (broken by the
templating fixes).
Andrew Bartlett
(This used to be commit 41948c4bdbfca1160a01a92994324f9e22422afe)
using pre-calculated passwords for all kerberos key types.
(Previously we could only use these for the NT# type).
The module handles all of the hash/string2key tasks for all parts of
Samba, which was previously in the rpc_server/samr/samr_password.c
code. We also update the msDS-KeyVersionNumber, and the password
history. This new module can be called at provision time, which
ensures we start with a database that is consistent in this respect.
By ensuring that the krb5key attribute is the only one we need to
retrieve, this also simplifies the run-time KDC logic. (Each value of
the multi-valued attribute is encoded as a 'Key' in ASN.1, using the
definition from Heimdal's HDB. This simplfies the KDC code.).
It is hoped that this will speed up the KDC enough that it can again
operate under valgrind.
(This used to be commit e9022743210b59f19f370d772e532e0f08bfebd9)
- removed the timestamps module, replacing it with the operational module
- added a ldb_msg_copy_shallow() function which should be used when a module
wants to add new elements to a message on add/modify. This is needed
because the caller might be using a constant structure, or may want to
re-use the structure again
- enabled the UTC time attribute syntaxes in the operational module
(This used to be commit 61e8b010223ac6a0573185008f3719ba29574688)
boilerplate attributes in every entry in provision.ldif.
The next step will be to use templates.
Andrew Bartlett
(This used to be commit 940ed9827f5ab83b668a60a2b0110567dd54c3e2)
