1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

49 Commits

Author SHA1 Message Date
Sumit Bose
f864767034 s3-ldap: Add Posix offset and encryption types to LDAP schema
Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-31 12:52:40 +02:00
Sumit Bose
352de0d3ed Fix typos in LDAP schema files
Reported by: John Danks <john.danks@gmail.com>

Signed-off-by: Günther Deschner <gd@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Tue May 17 11:56:08 CEST 2011 on sn-devel-104
2011-05-17 11:56:08 +02:00
Sumit Bose
9ebbbb7456 s3-ldap: Add sambaTrustForestTrustInfo to LDAP schemata
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16 11:44:06 +01:00
Sumit Bose
ba28fb025f s3-ldap: Update LDAP schemata to include sambaTrustedDomain.
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16 11:44:05 +01:00
Michael Adam
b6c64fab5e r25090: Fix a syntax error just introduced into the LDAP schema.
Michael
(This used to be commit 7dc68ce0fb)
2007-10-10 12:30:39 -05:00
Michael Adam
c6df77f63f r25088: Change the objectclass sambaTrustedDomainPassword to
have the current and possibly the previous trust password
stored as clear text passwords. (Previous use of NTPassword
was a mistake - this is a hash value.)

Michael
(This used to be commit 0beae52ff4)
2007-10-10 12:30:39 -05:00
Volker Lendecke
7556355b28 r20979: Fix description, thanks to Michael Adam <ma@sernet.de>
(This used to be commit 4610465d7f)
2007-10-10 12:17:22 -05:00
Gerald Carter
ed36771b3b r20884: patch from Michael Adam <ma@sernet.de> to add new sambaTrustedDomainPassword object class
(This used to be commit a209c30849)
2007-10-10 12:17:18 -05:00
Stefan Metzmacher
f450a65471 r20585: - allocate an OID range for LDB/LDAP extended operations
metze
(This used to be commit 5373897ef5)
2007-10-10 12:16:56 -05:00
Stefan Metzmacher
d1495cbda6 r20578: - allocate an OID range for samba4 LDB/LDAP Controls
- allocate an OID range for conflicting attributes/classes

metze
(This used to be commit 6fedd69f5e)
2007-10-10 12:16:56 -05:00
Andrew Bartlett
46e1ce559e r17487: Allocate some OID space for Samba4, so we don't trip on each other.
Andrew Bartlett
(This used to be commit 199a33ac80)
2007-10-10 11:38:37 -05:00
Gerald Carter
5133ab016e r14451: In order to get pdb_ldap searching for SID_NAME_ALIAS
groups in the ${MACHINESID} and S_1-5-32 domains correctly,
I had to add a substr search on sambaSID.

* add substr matching rule to OpenLDAP schema
  (we need to update the other schema as will since this
  is a pretty important change).  Sites will need to
  - install the new schema
  - add 'indea sambaSID   sub' to slapd.conf
  - run slapindex

* remove uses of SID_NAME_WKN_GRP in pdb_ldap.c
(This used to be commit 2c0a46d731)
2007-10-10 11:15:30 -05:00
Günther Deschner
3e80ef29a6 r12452: Fix Bug #3053 to allow esp. older eDirectory releases to load our LDAP
schema.

Maybe "Base64 encoded user parameter string" is not much clearer then
"munged dial" - anyone got a better description ?

Guenther
(This used to be commit 02ccde5f47)
2007-10-10 11:05:56 -05:00
Gerald Carter
54abd2aa66 r10656: BIG merge from trunk. Features not copied over
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
2007-10-10 11:04:48 -05:00
Gerald Carter
575ff39625 r5060: BUG 2286: fix typoe on sambaConfig oc definition
(This used to be commit e2ce048654)
2007-10-10 10:55:13 -05:00
Gerald Carter
b1288c61a9 r4965: comment out some unused attributes and oc's
(This used to be commit d95c9c4d74)
2007-10-10 10:55:09 -05:00
Günther Deschner
b4afdc08d5 r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).
Does automated migration from account_policy.tdb v1 and v2 and offers a
pdbedit-Migration interface. Jerry, please feel free to revert that if
you have other plans.

Guenther
(This used to be commit 75af83dfcd)
2007-10-10 10:55:08 -05:00
Gerald Carter
0211bf0dee r2189: adding some comments to the schema file
(This used to be commit 1438c2960f)
2007-10-10 10:52:35 -05:00
Gerald Carter
455bc1db41 r1964: more schema fixes syncing between branches
(This used to be commit 49fba32217)
2007-10-10 10:52:25 -05:00
Gerald Carter
feea4517e3 r1962: fixing schema file; synching with trunk; trying to prevent this from happening again
(This used to be commit f1a0fae13f)
2007-10-10 10:52:25 -05:00
Simo Sorce
7b56819678 r1960: sambaPasswordHistory had a duplicate OID
bump up the attribute number to 52 to avoid conflicts
(This used to be commit 9368f0c1d2)
2007-10-10 10:52:25 -05:00
Jeremy Allison
7af1265368 r1809: Patch from Richard Renard <rrenard@idealx.com> to store
logon hours attributes in an LDAP database.
Jeremy.
(This used to be commit ac0fdf9503)
2007-10-10 10:52:21 -05:00
Gerald Carter
161d3eeb4b r1663: fixing syntax error in OID for sambaUnixIdPool, sambaSidEntry, & sambaIdmapEntry
(This used to be commit 6e4c58b26d)
2007-10-10 10:52:18 -05:00
Jeremy Allison
76cf406197 r1390: Improve description of attribute.
Jeremy.
(This used to be commit ff7236a5f2)
2007-10-10 10:52:09 -05:00
Jeremy Allison
1c5867502a r1388: Adding password history code for ldap backend, based on a patch from
"Jianliang Lu" <j.lu@tiesse.com>. Multi-string attribute changed to
linearised pstring due to ordering issues. A few other changes to
fix race conditions. I will add the tdb backend code next. This code
compiles but has not yet been tested with password history policy
set to greater than zero. Targeted for 3.0.6.
Jeremy.
(This used to be commit dd54b2a3c4)
2007-10-10 10:52:09 -05:00
Gerald Carter
60670f27ab r119: missed a file in volker patch
(This used to be commit bccee79653)
2007-10-10 10:51:10 -05:00
Jim McDonough
b9c35e961d Add bad password count/time attributes
(This used to be commit 184bef8413)
2004-02-22 20:25:43 +00:00
Gerald Carter
83c64db054 sync OID with HEAD
(This used to be commit d463abb035)
2003-12-04 05:02:53 +00:00
Gerald Carter
5df2fd4175 support munged dial for ldapsam; patch from Aurlien Degrmont; bug 800
(This used to be commit 1c3c16abc9)
2003-12-04 04:52:00 +00:00
Gerald Carter
0722fc16a4 fix comments about schema dependencies
(This used to be commit f72f51d39f)
2003-08-20 16:08:39 +00:00
Andrew Bartlett
4168d61fb2 This patch cleans up some of our ldap code, for better behaviour:
We now always read the Domain SID out of LDAP.  If the local secrets.tdb
is ever different to LDAP, it is overwritten out of LDAP.   We also
store the 'algorithmic rid base' into LDAP, and assert if it changes.
(This ensures cross-host synchronisation, and allows for possible
integration with idmap).  If we fail to read/add the domain entry, we just
fallback to the old behaviour.

We always use an existing DN when adding IDMAP entries to LDAP, unless
no suitable entry is available.  This means that a user's posixAccount
will have a SID added to it, or a user's sambaSamAccount will have a UID
added.  Where we cannot us an existing DN, we use
'sambaSid=S-x-y-z,....' as the DN.

The code now allows modifications to the ID mapping in many cases.

Likewise, we now check more carefully when adding new user entires to LDAP,
to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount
onto the idmap entry for that user, if it is already established (ensuring
we do not duplicate sambaSid entries in the directory).

The allocated UID code has been expanded to take into account the space
between '1000 - algorithmic rid base'.  This much better fits into what
an NT4 does - allocating in the bottom part of the RID range.

On the code cleanup side of things, we now share as much code as
possible between idmap_ldap and pdb_ldap.

We also no longer use the race-prone 'enumerate all users' method for
finding the next RID to allocate.  Instead, we just start at the bottom
of the range, and increment again if the user already exists.  The first
time this is run, it may well take a long time, but next time will just
be able to use the next Rid.

Thanks to metze and AB for double-checking parts of this.

Andrew Bartlett
(This used to be commit 9c595c8c23)
2003-07-04 13:29:42 +00:00
Gerald Carter
af0ddc81d8 fix typo in description
(This used to be commit be82b3d9df)
2003-06-13 02:53:03 +00:00
Gerald Carter
3bdfd57a2d working draft of the idmap_ldap code.
Includes sambaUnixIdPool objectclass

Still needs cleaning up wrt to name space.
More changes to come, but at least we now have a
a working distributed winbindd solution.
(This used to be commit 8241758544)
2003-06-05 02:34:30 +00:00
Gerald Carter
c527856774 moving the sambaAccount objectclass to 'historical' to prevent confusion on which one should be used for new servers. I'll add a note about uncommenting the older items for ldapsam_compat in the release notes
(This used to be commit 469c5ad1ac)
2003-05-22 17:18:35 +00:00
Gerald Carter
df641bc7ca fix group mapping in LDAP under new schema
(This used to be commit 0714dda7cc)
2003-05-14 05:28:16 +00:00
Gerald Carter
5d16254f56 *****LDAP schema changes*****
New objectclass named sambaSamAccount which uses attribute
prefaced with the phrase 'samba' to prevent future name clashes.

Change in functionality of the 'ldap filter' parameter.  This always
defaults to "(uid=%u)" now and is and'd with the approriate objectclass
depending on whether you are using ldapsam_compat or ldapsam

conversion script for migrating from sambaAccount to
sambaSamAccount will come next.
(This used to be commit 998586e652)
2003-05-14 03:32:20 +00:00
Andrew Bartlett
2735fb0119 As discussed on samba-technical - move to 'primaryGroupSid' insted of
primaryGroupID (rid).  This is consistant with the move from 'rid' to ntSid
for the primary user identifier.

Also cope with legacy installations where primaryGroupID might have been
stored as 0.

Andrew Bartlett
(This used to be commit 0e432817cb)
2003-05-11 05:59:34 +00:00
Andrew Bartlett
49530d0db5 A new pdb_ldap!
This patch removes 'non unix account range' (same as idra's change in HEAD),
and uses the winbind uid range instead.

More importanly, this patch changes the LDAP schema to use 'ntSid' instead
of 'rid' as the primary attribute.  This makes it in common with the group
mapping code, and should allow it to be used closely with a future idmap_ldap.

Existing installations can use the existing functionality by using the
ldapsam_compat backend, and users who compile with --with-ldapsam will get
this by default.

More importantly, this patch adds a 'sambaDomain' object to our schema -
which contains 2 'next rid' attributes, the domain name and the domain sid.
Yes, there are *2* next rid attributes.  The problem is that we don't 'own'
the entire RID space - we can only allocate RIDs that could be 'algorithmic'
RIDs.  Therefore, we use the fact that UIDs in 'winbind uid' range will be
mapped by IDMAP, not the algorithm.

Andrew Bartlett
(This used to be commit 3e07406ade)
2003-04-28 10:20:55 +00:00
Gerald Carter
a53c63f99e uidPool and gidPool don't use cn anymore (but we don't use thsi anyways)
(This used to be commit 7f0fd03f69)
2003-04-18 22:19:04 +00:00
Volker Lendecke
878f9147bf Fix schema error not detected by OpenLDAP 2.0.23 but by 2.1.16.
Volker
(This used to be commit 5acb9f421c)
2003-03-27 14:25:30 +00:00
Volker Lendecke
7679811afb Put group mapping into LDAP.
Volker
(This used to be commit da83d97eb5)
2003-03-19 09:43:23 +00:00
Gerald Carter
52457e1093 removed idpool from schema file (experimental) to remove the dependency
on nis.schema.

add $(LDFLAGS) to libsmbclient build
(This used to be commit cd16064784)
2003-01-06 17:57:52 +00:00
Jelmer Vernooij
21d26afb2a sync 3_0 branch with HEAD
(This used to be commit 19ab776bf9)
2002-08-17 14:15:33 +00:00
Gerald Carter
72f4d55453 merge from 2.2
(This used to be commit bb574aab8f)
2002-02-11 13:57:44 +00:00
Gerald Carter
732f5e8f80 fixes from 2,2
(This used to be commit 46bd77a02a)
2002-02-11 13:49:02 +00:00
Gerald Carter
5f63565f2d sync up comments with 2.2
(This used to be commit 3d4adad150)
2002-01-06 23:21:23 +00:00
Gerald Carter
8942e906f0 sync with 2.2
(This used to be commit 9e3b432c57)
2002-01-04 00:05:23 +00:00
Gerald Carter
6a9ebf8b0c merge from 2.2
(This used to be commit 241b5218ea)
2001-12-28 02:03:36 +00:00
Gerald Carter
b6bbc39204 sync with 2.2
(This used to be commit aca58b0b72)
2001-12-26 05:35:40 +00:00