IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
samdb before we start writing entries into it.
In doing so, I realised we still used 'dnsDomain', which is not part
of the standard schema (now removed).
We also set the 'wrong' side of the linked attributes for the
masteredBy on each partition - this is now set in provision_self_join
and backlinks via the linked attributes code.
When we have the schema loaded, we must also have a valid domain SID
loaded, so that the objectclass module works. This required some ejs
glue.
Andrew Bartlett
results, as used particularly by MMC's Active Directory Users and
Computers to list group members.
This may be used on any attribute, but is useful to obtain attributes
that may be lengthy in 'pages'. The implementation presumes that
attributes will always be returned by the DB in the same order.
Andrew Bartlett
It appears that the control value is optional, implying type 0 responses.
Failing to parse this was causing LDAP disconnects with 'unavailable
critical extension'.
Andrew Bartlett
simple ldap mapping (a complex mapping will follow).
Fix the module to handle 'name' better, rather than using the 'name'
attribute built into OpenLDAP, rename to samba4RDN. We need to see if
this can be handled in the backend.
Also rename the functions and inernal module name to entryuuid for
consistancy.
Andrew Bartlett
ldb_search_exp_fmt(). While it is a bit more verbose to code with, it
returns better error codes, and allows us to handle the case where the
base DN doesn't exist better.
Andrew Bartlett
of Base DNs in searches (returning an error of LDB_ERR_NO_SUCH_ENTRY).
We need to handle this if ldb_tdb is to behave correctly compared with
LDAP, as well as if we are using an LDAP backend.
In doing so, I realised that subtree_rename and subtree_delete
(prevention) need rather different wait loops, so it seemed easier to
split it out into it's own module.
I've fixed the licence on both of these modules to be GPLv3.
Andrew Bartlett
Templates just don't belong in the sam.ldb, as they don't obey any of
the other rules. This moves them to a seperate templates.ldb.
In samldb, this patch reworks the duplicate SID and Name detection
code, to use ldb_search_exp_fmt() rather than gendb_search. This
returns far more useful errors, which we now handle and report better.
The call to samdb_search_for_parent_domain() has been moved in samldb,
to allow both the account and SID uniqueness checks to be in the same
domain. This function also returns better errors.
dcesrv_drsuapi.c is updated for the new prototype of
samdb_search_for_parent_domain()
Andrew Bartlett
invalid entries with a linked attribute.
Make Samba4 pass that test, by fixing a silly bug in the
linked_attributes module. (By passing down the 'original' request
structure, tdb would override our handle, and therefore we would never
be called for the 'wait', which collects the errors).
Fix up the provision templates to handle the newly required
referential integrity.
Andrew Bartlett
This patch is to ensure that all attributes are in the same case as
the schema specifies. In the process, I ensure that all attributes
are indeed in the schema.
This ensures we use the schema case, not the user supplied case for
future responses, which assists any (incorrect, but possible) case
sensitive processing on a client.
I've also removed more of the subtle 'schema &&' that metze objected
to in the for loops, moving to a much more explicit 'if (schema)'.
Andrew Bartlett
The aim here is to ensure that if we have
CN=Users,DC=samba,DC=example,DC=com
that we cannot have a DN of the form
cn=admin ,cn=useRS,DC=samba,DC=example,DC=com
This module pulls apart the DN, fixes up the relative DN part, and
searches for the parent to copy the base from.
I've used the objectclass module, as I intend to also validate the
placement of child objects, by reading the allowedChildClasses virtual
attribute.
In the future, I'll also force the attribute names to be consistant
(using the case from the schema).
Andrew Bartlett
