IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
to be created as foreign, even if they are in a local domain.
Also we do need the user to exist for the life of the test, as we add
it to a group.
Andrew Bartlett
In particular, this removes one use of the LDB_DN_NULL_FAILED macro,
which was being used on more than DNs, had an embedded goto, and
confused the IBM checker.
In the password_hash code, ensure that sambaAttr is not, before
checking the number of values.
In GENSEC, note that this switch value can't occour. This seems to be
the only way to quiet both the IBM checker and gcc, as well as cope
with possibly invalid inputs.
Andrew Bartlet
- creation of ForeignSecurityPrincipals
- template duplication code
Rework much of the LSA server to pass the RPC-LSA test. Much of the
server code was untested. In implementing the LSA Accounts feature, I
have opted to have it only create entires when privilages are applied,
and not to delete entries, but to delete the privilages.
We skip some parts of the test, but it is much better than not testing
it at all.
Andrew Bartlett
password changes which only include the LM and NT hash, such as the
original ChangePassword.
It also fixes setting passwords on the BUILTIN domain.
Finally, the msDS-KeyVersionNumber is only incremented if not
explicity set by the modify.
Andrew Bartlett
This required changes to the rootDSE module, to allow registration of
partitions. In doing so I renamed the 'register' operation to
'register_control' and 'register_partition', which changed a few more
modules.
Due to the behaviour of certain LDAP servers, we create the baseDN
entry in two parts: Firstly, we allow the admin to export a simple
LDIF file to add to their server. Then we perform a modify to add the
remaining attributes.
To delete all users in partitions, we must now search and delete all
objects in the partition, rather than a simple search from the root.
Against LDAP, this might not delete all objects, so we allow this to
fail.
In testing, we found that the 'Domain Controllers' container was
misnamed, and should be 'CN=', rather than 'OU='.
To avoid the Templates being found in default searches, they have been
moved to CN=Templates from CN=Templates,${BASEDN}.
Andrew Bartlett
Remove duplicate attribute in search request
Search for the domain by NDR-encoded SID, not string (consistant with
the rest of the C code, and helps partially-constructed LDAP
backends).
Use the default basedn for the domain search.
Andrew Bartlett
We were not using the correct baseDN for the templates search. Using NULL is no longer valid (like against AD).
While chasing that down, return proper error codes, and use the
ldb_set_errstr() to get a good error string back up to the UI layer.
Andrew Bartlett
the whole ldb structure.
Because the sequence number was a fn pointer on the main ldb context,
turn it into a full request (currently sync).
Andrew Bartlett
A while(1) loop may end up looping forever consuming all valid RIDs because of a secondary bug.
And anyway nextRid is supposed to always give back a new unique RID, if someone messed up the database let him
fix the problem first, trying to be smart here would probably end up in worst results.
Simo.
This means that some modules have been disabled as well as they
have not been ported to the async interface
One of them is the ugly objectclass module.
I hope that the change in samldb module will make the MMC happy
without the need of this crappy module, we need proper handling
in a decent schema module.
proxy and ldb_map have also been disabled
ldb_sqlite3 need to be ported as well (currenlty just broken).
sublte - please have a look at the change if you are not certain you
know the semantics of constant arrays declared on the stack (they must
be static if you return them from the function)
It passess all my tests, but I still need to work on a lot of stuff.
Shouldn't impact anybody else work, so I want to commit now and see what happens
Will work to remove the old code from modules and backends soon, and make some
more restyling in ldb internals.
So, if there is something you don't like in this desgin please speak now.
Simo.
Recursive dependencies are now forbidden (the build system
will bail out if there are any).
I've split up auth_sam.c into auth_sam.c and sam.c. Andrew,
please rename sam.c / move its contents to whatever/wherever you think suits
best.
