1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Commit Graph

90 Commits

Author SHA1 Message Date
Jelmer Vernooij
c446fbc3bf s4-python: Fix formatting. 2010-06-11 01:47:55 +02:00
Kamen Mazdrashki
5bf12e101a Revert "s4/dsdb: Set schemaInfo attribute value during provisioning"
This reverts commit 8149094edd.

Windows implementation does not set schemaInfo attribute value
until first Schema update request.
This way, newly provisioned forest returns no schemaInfo value.

I think it won't be bad for us to have this value preset, but
I want to mimic Win AD behavior as close as possible.
2010-04-29 04:54:05 +03:00
Matthieu Patou
634caed116 s4 python: make the function dsdb_get_oid_from_attid reachable from a samDB object
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2010-04-15 18:45:41 +02:00
Kamen Mazdrashki
8149094edd s4/dsdb: Set schemaInfo attribute value during provisioning
After provisioning new Forest, schemaInfo should be set
to a value with revision=1 and current invocation_id
2010-04-09 12:21:34 +03:00
Jelmer Vernooij
a35d876537 s4-python: rename samba.glue to samba._glue to indicate it's private. 2010-04-08 23:20:36 +02:00
Jelmer Vernooij
cc6e2b8a81 s4-python: Fix formatting, import of FLG_NOSYNC. 2010-04-08 23:20:36 +02:00
Jelmer Vernooij
c76bd65b60 s4-samdb: Allow skipping global schema. 2010-04-07 17:40:00 +02:00
Jelmer Vernooij
449bdf3543 s4-python: Move set_session_info to PySambaLdb. 2010-04-06 13:12:43 +02:00
Jelmer Vernooij
55b98e9768 s4-python: Move register_samba_handlers to PySambaLdb. 2010-04-06 13:12:43 +02:00
Jelmer Vernooij
e9c3f2ef13 s4-python: Move ldb_set_utf8_casefold to pyldb-samba. 2010-04-06 13:12:43 +02:00
Jelmer Vernooij
b72a5c0336 Move glue.set_credentials hack to samba.Ldb. 2010-04-06 13:12:43 +02:00
Jelmer Vernooij
099fc00b60 Add C-based Samba-specific subclass of Ldb. 2010-04-06 13:12:43 +02:00
Matthias Dieter Wallnöfer
1b6e5a1b8d s4:python/samba/__init__.py - import "sys" for "ensure_external_module" method 2010-04-05 12:06:49 +02:00
Jelmer Vernooij
55aeb682ba s4-python: Move dsdb_convert_schema_to_openldap to dsdb. 2010-04-04 00:42:52 +02:00
Jelmer Vernooij
2a67eda98f s4-python: Move set_opaque_integer -> dsdb. 2010-04-04 00:40:01 +02:00
Jelmer Vernooij
ccd954f2a7 s4-python: Avoid importing glue directly. 2010-04-04 00:30:34 +02:00
Jelmer Vernooij
8afd52a641 s4-python: Move samdb_server_site_name to dsdb module. 2010-04-04 00:21:09 +02:00
Jelmer Vernooij
31a517e172 s4-python: Move dsdb constants to a separate python module. 2010-04-04 00:14:23 +02:00
Jelmer Vernooij
e5b33be2f2 s4-python: Remove remaining constants. 2010-04-03 23:47:26 +02:00
Jelmer Vernooij
13a6aee591 s4-python: Remove duplicate definition of GUID_DRS_* constants. 2010-04-03 23:47:25 +02:00
Jelmer Vernooij
84891b048d s4-python: Install external packages to a different directory but import into
the normal namespace when the system doesn't have it available.
2010-04-01 15:33:07 +02:00
Jelmer Vernooij
c873329500 s4-python: Simplify mechanism for finding included Python modules. 2010-03-29 18:05:29 +02:00
Nadezhda Ivanova
a212c1dedb Added a net acl ds command for modification of ACLs on directory objects
At present the command supports only addition of control access rigts, done
so DRS access checks can be tested. It will be expanded to deal with most
ways to modify and view a DS ACL.
Shifted commands a bit. What used to be net acl is now "net acl nt" as apposed
to this, which is "net acl ds"

./bin/net acl ds set --help
Usage: set --objectdn=objectdn --car=control right --action=[deny|allow] --trusteedn=trustee-dn

Options:
  -h, --help            show this help message and exit
  --host=HOST           LDB URL for database or target server
  --car=CAR              The access control right to allow or deny
  --action=ACTION       Deny or allow access
  --objectdn=OBJECTDN   DN of the object whose SD to modify
  --trusteedn=TRUSTEEDN
                        DN of the entity that gets access

  Samba Common Options:
    -s FILE, --configfile=FILE
                        Configuration file

  Credentials Options:
    --simple-bind-dn=DN
                        DN to use for a simple bind
    --password=PASSWORD
                        Password
    -U USERNAME, --username=USERNAME
                        Username
    -W WORKGROUP, --workgroup=WORKGROUP
                        Workgroup
    -N, --no-pass       Don't ask for a password
    -k KERBEROS, --kerberos=KERBEROS
                        Use Kerberos
2010-03-16 13:37:48 +02:00
Jelmer Vernooij
24d52dc362 Fix the build, add filtered subunit runner. 2010-03-01 16:24:59 +01:00
Jelmer Vernooij
86e2b25186 More formatting fixes, pointed out by pylint. 2010-03-01 16:24:58 +01:00
Jelmer Vernooij
31a718aa27 General cleanups of python code, hinted by pyflakes. 2010-03-01 04:46:51 +01:00
Andrew Tridgell
44f9d5aadc s4-provision: if we aren't doing variable substitution then don't check for vars 2010-02-26 14:27:38 +11:00
Andrew Tridgell
cb8d1e01f0 samdb: added get_ntds_GUID() method 2010-02-26 13:59:17 +11:00
Andrew Tridgell
390f7b535d py-samdb: added server_site_name method 2010-02-26 13:59:17 +11:00
Andrew Tridgell
8f763e046c py-samdb: added get_invocation_id() method 2010-02-26 13:59:17 +11:00
Andrew Tridgell
fcfb5d7b63 s4-provision: allow provision modifies to add records
we need to recognise a changetype of 'add'
2010-01-08 13:02:59 +11:00
Jelmer Vernooij
66f81d18ce samba: Fix whitespace, remove pointless 'pass' statement.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:31 +11:00
Jelmer Vernooij
ea5af6e30c pyldb: Add dom_sid.split in favor of less powerful dom_sid_to_rid().
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:30 +11:00
Nadezhda Ivanova
a760f169f4 Some changes to allow processing of ldap controls on modify requests.
ldap_backend used to filter out ldap controls on modify. Also, modified
python binding for ldap_modify to allow writing tests for such controls.
2009-11-20 13:22:38 +02:00
Matthias Dieter Wallnöfer
992d35d38a s4:samdb python bindings - make the python wrap connect more like the C one
Add call for setting the create permissions.
2009-11-05 11:56:22 +01:00
Andrew Bartlett
6439bdeb3a s4:provision Split ProvisionBackend out of the main provision script
This splits the code, while keeping the original behaviour.  The
provision.py file had become just too long.

Andrew Bartlett
2009-11-02 16:36:56 +11:00
Andrew Bartlett
4be253fe2f s4:provision Move 'Schema' into it's own file 2009-11-02 16:36:55 +11:00
Matthieu Patou
8bf517d340 s4: Improve provisioning: use relax control
Give the possibility to specify controls when loading ldif files.
  Relax control is specified by default for all ldb_add_diff (request Andrew B).
  Set domainguid if specified at the creation of object instead of modifying afterward
  Allow to specify objectGUID for NTDS object of the first DC this option is used during provision upgrade.
2009-10-02 12:45:01 +02:00
Matthias Dieter Wallnöfer
bfb3eaabe7 s4/python: flags
- Introduce the "userAccountControl", "groupType" and "sAMAccountType" flags
- Corrects the "domain/forestFunctionality" and "domainControllerFunctionality" flags
2009-09-17 12:40:27 +02:00
Matthias Dieter Wallnöfer
353481daa2 s4:provision - Add a new delete function only for users and computers
We need this new function to delete users and computers before other objects
on reprovisioning. Otherwise primary groups could be deleted before user/computer
accounts (which isn't allowed anymore by the reworked "samldb" module).
2009-09-07 08:37:23 +02:00
Andrew Bartlett
160c197b84 s4:python Add helper to get at the domain SID 2009-08-27 19:40:21 +10:00
Andrew Bartlett
a1da91174b s4:provison Add prefixes to ldb using same code a later modify will use
This allows us to test out the code that will do the modify of the
prefixMap, and to provide the bindings that may assist a future
upgrade script.

Andrew Bartlett
2009-08-26 13:49:10 +10:00
Andrew Bartlett
436d8b6e06 s4:python Fix the reprovision test by deleting 'deleted' objects too.
We were failing because CN=Deleted Objects, which is marked as
'deleted' itself, could not be re-added in a reprovision.

Andrew Bartlett
2009-08-25 16:28:44 +10:00
Andrew Tridgell
3dee92fcb9 fixed the build
the changes from Matthias didn't take account of url and lp being None
in some ldb python instances in 'make test'
2009-08-17 21:40:19 +10:00
Matthias Dieter Wallnöfer
7a79d16183 s4: Major rework of the LDB/SAMDB/IDMAP python bindings
- Centralise the lookups for the default domain (root) in the call "domain_dn"
- Reduce the LDB connections attempts ("connect" calls) from three to one
  - tools should load faster
- Make the LDB connection init more like the "ldb_wrap_connection" call
- Load the right UTF8 casefolder which fixes up problems with special characters
  (discovered by me: e.g. small "Umlaute" (ä, ö, ü, ...) in the DN weren't upcased
  - so records "seemed" lost in TDB)
2009-08-17 11:58:40 +02:00
Andrew Bartlett
5f917d5f17 s4:provision Avoid one more call to ltdb_reindex
The Samba4 schema code (called via
samdb.set_schema_from_ldb(schema.ldb)) manages the @ATTRIBUTES and
@INDEXLIST records, so don't wipe them early.  The chances are that we
will not change them anyway.

Andrew Bartlett
2009-08-17 11:47:14 +10:00
Andrew Bartlett
052da4e4d7 s4:python Allow 'no such object' on the delete of the DN
This fixes the recursive delete in erase_partitions()

For reasons I cannot understand, it is possible to get 'no such
object' trying to delete a DN I just search for without error.  Oh
well...

Andrew Bartlett
2009-08-17 09:50:59 +10:00
Andrew Bartlett
14aff84adc s4:python Push some helper functions from SamDB into samba.Ldb
This makes it possible to do a bit more of the provision with Samba
helpers, but without some of the otherwise useful things (such as
loading in the global schema) that SamDB does.

Rewrite provision_erase to use a recursive search, rather than a
looping subtree search.  This is much more efficient, particularly now
we have one-level indexes enabled.

Delete the @INDEX and similar records *after* deleting all other
visible records, this hopefully also assists performance.

Andrew Bartlett
2009-08-17 09:50:57 +10:00
Matthias Dieter Wallnöfer
44dfb2902e s4: Better way to call "dom_sid_to_rid" from ldap.py 2009-08-14 00:14:15 +02:00
Jelmer Vernooij
478446f96d Remove unnecessary imports. 2009-07-19 18:51:15 +02:00