IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This reworks quite a few parts of our provision system to use
CN=NETBIOSNAME as the domain for member servers.
This makes it clear that these domains are not in the DNS structure,
while complying with our own schema (found by OpenLDAP's schema
validation).
Andrew Bartlett
To make Samba4, using the python provision system, pass this test
required some major rework. Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.
Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).
In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.
Andrew Bartlett
Slowly work away at the samldb module again, it is clear that AD does
not use much of a templating system. samAccountType is managed, as
far as I can tell, when groupType or userAccountControl changes.
Andrew Bartlett
The main change here is to work with the current module stack,
replacing only the objectGUID module, rather than a number of modules.
However, two changes were key:
- Fixing a typo search_req->handle -> change_req->handle
- Allowing an error of NO_SUCH_OBJECT - it is quite valid
for the object not to exist when being replicated in.
Other small changes were required to the ejs provision to match
changes in that code.
Andrew Bartlett
This allows objectClass munging to be removed, or modified to not
include adding an objectClass, or for that objectClass to be something
different.
Andrew Bartlett
This moves to a smarter 'find the delta' based operation of the linked
attributes module, when the caller asks for a 'replace' of the link
source. Previously we would spray operations all over the database,
even if the net result was just to modify one record.
This also means we need the transaction safety less, which may be
useful for some LDAP backends that don't provide this functionality on
the LDAP server.
Andrew Bartlett
Also remove the search_options control earlier, before, rather than
after duplicating the request.
When we generate referalls in the partition module, the domain_scope
control with suppress them.
Andrew Bartlett
problems with ldap.js test with OpenLDAP as the backend.
Likewise, remove it from the template lookup (for consistancy).
TODO: see if it can be removed from ldb
Andrew Bartlett
Untested code is broken code, so rework the module until it passes...
It turns out that AD puts search attributes onto the wire in the
reverse order to what Samba does. This complicates exact value
matching, so this is skipped for now.
Andrew Bartlett
incoming LDAP filter.
Warning: Any anr search will perform a full index search. Untill ldb
gets substring indexes, this is unavoidable.
Also implement a testsutie to show we match AD behaviour for this
important extension (used in the Active Directory Users and Computers
MMC plugin, as a genereral 'find').
This will also be useful to OpenChange, as their server needs to
implement this.
Andrew Bartlett
