IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
private dir to contain a valid machine account.
It isn't really valid it use the DC's account any more, so extend this
script to also join the domain. This nicely tests out some previously
untested code too!
Andrew Bartlett
(This used to be commit 12f4e6033e)
few authentication tests. Now that the tests correctly 'fail', I was
able to fix the credentials subsystem to honour USER and PASSWD.
To get --machine-pass working, I needed ldb to always load it's static
modules, so I put this in ldb_connect().
Andrew Bartlett
(This used to be commit 3430d8c072)
This changes the main selftest code to be in perl rather than in shell script.
The selftest script is now no longer a black box but a regular executable that takes
--help.
This adds the following features:
* "make test TESTS=foo" will run only the tests that match the regex "foo"
* ability to deal with expected failures. the suite will not warn about tests
that fail and are known to fail, but will warn about other failing tests and
tests that are succeeding tests but incorrectly marked as failing.
* ability to print a summary with all failures at the end of the run
It also opens up the way to the following features, which I hope to implement later:
* "environments", for example having a complete domains with DCs and domain members
in a testenvironment
* only set up smbd if necessary (not when running LOCAL tests, for example)
* different mktestsetup scripts per target. except for the mktestsetup script, we can
use the same infrastructure for samba 3 or windows.
(This used to be commit 38f867880b)
'phantom_root' flag in the search_options control
- Add in support for LDB controls to the js layer
- Test the behaviour
- Implement support for the 'phantom_root' flag in the partitions module
- Make the LDAP server set the 'phantom_root' flag in the search_options control
- This replaces the global_catalog flag passed down as an opaque pointer
- Rework the string-format control parsing function into
ldb_parse_control_strings(), returning errors by ldb_errorstring()
method, rather than with printf to stderr
- Rework some of the ldb_control handling logic
Andrew Bartlett
(This used to be commit 2b3df7f38d)
We were returning just true/false and discarding error number and string.
This checking probably breaks swat, will fix it in next round as swat
is what made me look into this as I had no way to get back error messages
to show to the users.
Simo.
(This used to be commit 35886b4ae6)
- use ${SCHEMADN} instead of CN=Schema,CN=Configuration,${BASEDN}
- do not include autogenerated values: instanceType, cn and name in the ldif output
- take care of the systemOnly attribute and a resulting NO-USER-MODIFICATION
metze
(This used to be commit 30a0e8b26e)
attributes to backend (remote) attributes.
We can't do a reverse mapping safely where the remote attribute may be
a source for multiple local attributes. (We end up with the wrong
attributes returned).
In doing this, I've modified the samba3sam.js test to be more
realistic, and fixed some failures in the handling of primaryGroupID.
I've added a new (private) helper function ldb_msg_remove_element() to
avoid a double lookup of the element name.
I've also re-formatted many of the function headers, to fit into
standard editor widths.
Andrew Bartlett
(This used to be commit 186766e309)
This commit extends the samba3sam test suite, which contains tests for
the samba3sam and ldb_map modules, with a lot of tests for inbound,
i.e. add, modify, rename and delete requests.
The tests each add a single record, modify it, rename it, and then
delete it, at each step checking that the operations were successful
and that the right data went into the right partitions.
They are run for an unmapped record, a mapped record with data only in
the remote partition, a mapped record with remote data that is later
modified to include local data, and a mapped record with data in both
the local and remote partitions.
It also adds a function to the backend objects that makes construction
of DNs for their respective partitions more comfortable.
Cheers,
Martin
(This used to be commit 1ddd06f24d)
this version returns also oMSyntax and oMObjectClass and also
use the right value for the objects CNs
add a nasty hack to ejs' mprLdbMessage() to handle binary blobs situations
(This used to be commit 8dd1c1c05b)
suite, which contains tests for the samba3sam and ldb_map modules,
with a lot of tests for search requests.
The tests add a small set of known records to the database, half of
them with only remote data, half of them split across the local and
remote backends, and test searching these records by DN, by attribute
and with a range of parse trees.
This suite should be extensive enough to ensure that behaviour of
search requests doesn't break.
(This used to be commit 120f7891fa)
<mkhl@samba.org>.
Martin took over the work done last year by Jelmer, in last year's
SoC. This was a substanital task, as the the ldb modules API changed
significantly during the past year, with the addition of async calls.
This changeset reimplements and enables the ldb_map ldb module and
adapts the example module and test case, both named samba3sam, to the
implementation.
The ldb_map module supports splitting an ldb database into two parts
(called the "local" and "remote" part) and storing the data in one of
them (the remote database) in a different format while the other acts
as a fallback.
This allows ldb to e.g. store to and load data from a remote LDAP
server and present it according to the Samba4 schema while still
allowing the LDAP to present and modify its data separately.
A complex example of this is the samba3sam module (by Jelmer
Vernooij), which maps data between the samba3 and samba4 schemas.
A simpler example is given by the entryUUID module (by Andrew
Bartlett), which handles some of the differences between AD and
OpenLDAP in operational attributes. It principally maps objectGUID,
to and from entryUUID elements. This is also an example of a module
that doesn't use the local backend as fallback storage.
This merge also splits the ldb_map.c file into smaller, more
manageable parts.
(This used to be commit af2bece4d3)
This confirms that records are replicated into the correct databases,
and that the case insensitive flags really work.
Andrew Bartlett
(This used to be commit ad463c1a52)
With this fix, we now correctly detect computers again, and get the
correct objectCategory, which is important for the OSX AD plugin.
Andrew Bartlett
(This used to be commit 4e39d7bb24)
This updates the module to handle both SID allocation and nextRid
updating while importing users. (As imported users already have a
SID, so don't go via the allocation step). We also ensure that SIDs
in the database are unquie at create time.
Furthermore, at allocation time, we double-check the SID isn't already
in use, and that we don't create a foriegnSecurityPrincipal for a
'local' sid.
Also create random samAccountName entries for users without one (we
were setting $000000-000000000000).
We may want to seperate the uniqueness code from the rest of samldb,
and into a module with the objectguid code, which needs similar
checks. These checks also need to apply to modification, or those
modifications denied outright.
Also update part of the testsuite to validate this.
Andrew Bartlett
(This used to be commit 7a9c8eee4b)
Doing this required reworking ejsnet, particularly so it could take a
set of credentials, not just a username and password argument.
This required fixing the ejsnet.js test script, which now adds and
deletes a user, and is run from 'make test'. This should prevent it
being broken again.
Deleting a user from ejsnet required that the matching backend be
added to libnet, hooking fortunetly onto already existing code for the
actual deletion.
The js credentials interface now handles the 'set machine account' flag.
New functions have been added to provision.js to wrap the basic
operations (so we can write a command line version, as well as the web
based version).
Andrew Bartlett
(This used to be commit a5e7c17c34)
mappings right for the attributeTypes field of the aggregate schema
now to add the display specifiers and I won't need the proxy module
any more
(This used to be commit 69264362bd)
except the attributeTypes fields of the Aggregrate record. Proxying
just that field and the display specifiers gives us a working mmc
client
hopefully i'll work out what it doesn't like about the attributeTypes
field soon
(This used to be commit 3af867a3f4)
ldap server. It's still not quite right, and I'm chasing down a few
errors that mmc throws up, but its a lot closer than it was. I had to
change the approach quite substantially over the last couple of days,
but this approach now seems to be working out.
(This used to be commit 38ea11510c)
needed to represent all the current records on a ADS LDAP server. The
idea is we will use something based on this code to work out exactly
what schema elements we will need for our initial ADS schema. I plan
on expanding this code to automatically work out attribute properties,
and write out a schema file that we can load into ldb.
Interestingly, it looks like we only need 43 objectclasses and around
200 attributes to represent all records of a newly installed w2k3 ADS
server.
(This used to be commit 7b0ae77757)
functionality. It now completely enumerates a winreg tree.
This would make a good basis for a js version of regshell if someone
felt like taking that on.
(This used to be commit 75d0cf78ec)
calls. This changes the generated RPC and IRPC calls to use the 'this'
object pointer instead of requiring the passing of the object on each
call. So typical usage is now:
var echo = echo_init();
var io = irpcObj();
status = echo.connect("ncacn_np:server");
assert(status.is_ok);
io.input.in_data = 7;
status = echo.AddOne(io);
assert(status.is_ok);
(This used to be commit f7b49ecd08)
dn: cn=foo,ou=bar
objectClass: person
implies
dn: cn=foo,ou=bar
objectClass: person
cn: foo
(as well as a pile more default attributes)
We also correct the case in the attirbute to match that in the DN
(win2k3 behaviour) and I have a testsuite (in ejs) to prove it.
This module also found a bug in our provision.ldif, so and reduces
code complexity in the samdb module.
Andrew Bartlett
(This used to be commit 0cc58f5c3c)
into an object. To keep existing code working I have added:
string_init(global);
into base.js. That brings the functions into the global scope for our
existing scripts
(This used to be commit a978484738)
a 'db' variable around. The ldb object knows what it is connected to.
Added a simple ldb testsuite in testprogs/ldb.js
(This used to be commit cf35818648)
means we don't pollute the name space, and also makes for faster
startup times as we only create variables for the pipes that we use,
not all pipes
(This used to be commit 57d7a585e8)
var ldb = ldb_init();
res = ldb.search(dbfile, "(objectClass=user)");
you can also do:
ldbSearch = ldb.search;
res = ldbSearch(dbfile, "(objectClass=user)");
if you want the old interface (ie. you can use this to import
functions into the global or local namespace).
(This used to be commit 3093057d97)
This is a demo script that shows the nbt server statistics. For example:
nbt_server statistics:
total_received: 185
total_sent: 59
query_count: 13
release_count: 21
register_count: 7
(This used to be commit cd1ea857ce)
information from QueryUserInfo for all users in the domain.
If you want to see why I am putting the effort into ejs, then please
read swat/scripting/samr.js, and compare it to other methods of rpc
access for our web management interface. Using ejs like this will make
building a rich interface _much_ easier.
(This used to be commit eb354f6da7)
calls from js. I chose the new syntax to match the C calling syntax,
so if you are familiar with using the Samba4 rpc libraries from C,
then using them from js should be easy
(This used to be commit 757bb7f31c)
- Define __PIDL__ when preprocessing IDL files.
- Remove a couple of useless defines from rpcecho.idl
rpcecho.idl now works in both pidl and midl
(althought pidl is a bit pedantic and gives two warnings)
(This used to be commit 6731e0a654)