IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.
The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.
The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.
Simo.
attributes to backend (remote) attributes.
We can't do a reverse mapping safely where the remote attribute may be
a source for multiple local attributes. (We end up with the wrong
attributes returned).
In doing this, I've modified the samba3sam.js test to be more
realistic, and fixed some failures in the handling of primaryGroupID.
I've added a new (private) helper function ldb_msg_remove_element() to
avoid a double lookup of the element name.
I've also re-formatted many of the function headers, to fit into
standard editor widths.
Andrew Bartlett
This merges Samba4 with lorikeet-heimdal, which itself has been
tracking Heimdal CVS for the past couple of weeks.
This is such a big change because Heimdal reorganised it's internal
structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases.
In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO
PAC. This matches windows behavour. We also have an option to
require the PAC to be present (which allows us to automate the testing
of this code).
This also includes a restructure of how the kerberos dependencies are
handled, due to the fallout of the merge.
Andrew Bartlett
This is a pointer to an element pointer. If it is not null it will be
filled with the pointer of the manipulated element.
Will avoid double searches on the elements list in some cases.
Always set the krb5key from the ntPwdHash, even if we don't have the
cleartext password in sambaPassword. This fixes kerberos after a
vampire.
Andrew Bartlett
This moves these attributes from objectguid into an optional backend
(objectguid), used by ltdb. For OpenLDAP, the entryUUID module
converts entryCSN into usnChanged.
This also changes the sequence number API, and uses 'time based'
sequence numbers, when an LDAP or similar backend is detected.
To assist this, we also store the last modified time in the TDB,
whenever we change a value.
Andrew Bartlett
reject reason code while password changing: SAMR_REJECT_IN_HISTORY which
is different from SAMR_REJECT_COMPLEXITY.
torture test to follow as well.
Guenther
to mess with the values in these cases.
Where we do convert the values, try and convert substrings. This
isn't going to be perfect, but we should try rather than segfault.
This also avoids using the wrong arm of the union for the attribute
name
The change in the entryUUID module is to correct the case of
sAMAccountName, due to the case sensitive ldap.js test.
Andrew Bartlett
This adds a list of attributes that are in our wildcard seaches, but
the remote server requires to be explicitly listed. This also cleans
up the handling of wildcards in ldb_map to be more consistant.
Also fix the partitions module to rebase the search, if on the GC
port, we do a subtree search. (Otherwise backends can rightly
complain that the search is not in their scope).
Andrew Bartlett
asks for them as large integers, rather than a negative integer.
Due to an OpenLDAP bug, this only works reliably against OpenLDAP CVS
as of today. (but mostly works in older versions, depending on a
thread-specific value fo errno in the server).
Andrew Bartlett
emacs compile mode (hint, paste to a file, and compile as "cat
filename").
This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
At the moment it is able to validate an object has no conflicting
objectlasses that it meets the criteria to be inserted as child of
the parent and also sorts and create the objectclass hierarchy so
that the objectclass .c module can be obsoleted.
Not activated by default as we have to completely rework the
current provisioning method. (In my tests I could not activate
it before all other ldif except for the one that create users
were loaded, make test seem to be happy anyway if it is activated
after provisioning).
Next steps will be attribute and attribute syntax checking on add operation.
And then the modify operation will follow.
Simo.
