IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
To allow us to use the repl_meta_data module in standalone mode (and
thus not have two module stacks to test), we need a invocationID
stored somewhere when standalone. This creates a random one, and
stores it in @SAMBA_DSDB.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This is done by sorting the classes by subClass_order, which will
check if the last structural class is valid to add (in
objectclass_do_add instead checking the last class in the list).
They were being sorted by building a class tree, and adding the
classes to the list in that order. However, AUX classes usually don't
fit into that tree, so LDB_ERR_OBJECT_CLASS_VIOLATION was returned. I
have changed the behavior to sort the classes by subClass_order
instead.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Makes sure samAccountName has been specified before adding a
user. This happened while I was trying to add a user with the
posixAccount objectclass. I forgot to specify the user objectClass,
and samba segfaulted. It now returns LDB_ERR_CONSTRAINT_VIOLATION.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
It can now also be used by objectclass.c
get_last_structural_class now ignores AUX classes, because they are
not structural
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Check to see if there were any messages passed to acl_modify before
debugging the first one. I think I caused this by some malformed
LDIF.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
They won't work when the LDB change is done using "samdb_replace"
(consider "samr_password.c" functions).
I think this has been a relict which has been useful before the "password_hash"
module existed. Basically it itself does now the updates.
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with
the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights
to an account over itself.
removing a control means it can't be seen by any other modules, which
is usually not what is wanted. Better to just mark it non-critical,
which means anyone else who wants to look at it can, but if nobody
does its not an error.
For controls that need to be seen by more than one module, it is best
to just mark them non-critical when handled, instead of removing
them. Otherwise lower modules can't see them.
In this case we want the operational module to see the SD_FLAGS
control
This is based on the code from Eduardo Lima <eduardoll@gmail.com>, but
uses the new helper functions added in the last couple of commits
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This is based on the function of the same name from Eduardo Lima
<eduardoll@gmail.com>, but using ldb_dn_compare, to give us
comparisons consistent with what the rest of the code uses.
We will use this function in combination with dsdb_wellknown_dn() to
find the Deleted Objects container for any object.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
- We should clean up such "helper" objects created in this function to don't
have them around until "mem_ctx" is destroyed
- Remove a from my view pointless comment "This is a password set, not change"
since an external argument "user_change" decides this ("modify" or "(re)set")
