IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Without this, it can happen that tldap will look at a possibly wrong
/etc/krb5.conf. I have not reliably reproduced this, because a
set_domain_online_request() in the idmap child might interfere with
this, so I could not write a comprehensive test for this. Manual
testing however fixes the issue that wbinfo --sid-to-uid can take ages
asking a potentially nonexisting KDC.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Instead of hard-coding SIGN and SEAL for the connections from this idmap
module, query the desired wrapping from "client ldap sasl wrapping".
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 10 23:19:56 UTC 2020 on sn-devel-184
Add check for failure to resolve the OID array for the schema mode into
names.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14425
Signed-off-by: Andrew <awalker@ixsystems.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
All other ldap-querying methods in idmap_ad make a single retry attempt if they get
TLDAP_SERVER_DOWN. This patch brings idmap_ad_query_user in line with that design.
This fixes the symptom described in 12720 at the cost of an additional reconnect per
failed lookup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12720
Signed-off-by: Dustin L. Howett <dustin@howett.net>
Reviewed-by: Ralph Boehme <slow@samba.org>
Not currently used - no logic changes inside.
This will make it possible to pass down a long-lived talloc
context from the loading function for modules to use instead
of having them internally all use talloc_autofree_context()
which is a hidden global.
Updated all known module interface numbers, and added a
WHATSNEW.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
This is mostly a cosmetic change currently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 24 22:34:48 CET 2017 on sn-devel-144
With the last commit the getpwsid call did not look at the winbind
nss info parameter anymore. This restores it for the idmap ad backend
with slightly different semantics and configuration: We now have the
unix_primary_group and unix_nss_info domain-specific parameters for
idmap config. This enables overriding the Windows primary group with
the unix one.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
cli_credentials_set_machine_account only reads from a local tdb. Change
that call to cli_credentials_set_machine_account_db_ctx to fix this for
clustered Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12295
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
The main reason for this is to do proper connection management. I tried hard,
but I failed trying to slowly migrate the ads_struct based code to something
saner. So I polished tldap, which thanks to metze does proper sasl.
This patch is pretty much a complete rewrite, so looking at it in diff -u
format does not really make sense. Look at the final output.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Apr 15 19:13:39 CEST 2016 on sn-devel-144
The nss functions technically right now are part of the idmap modules. However,
there is no intrinsic reason for this mixture of concerns. I would like to
heavily modify the idmap_ad idmapping functions without modifying the nss
functions (yet!!). So as a first step this patch moves the nss functions
textually out of the way.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
nss_info_methods has "get_nss_info"'s p_gid parameter as
gid_t *, not uint32_t *. Probably that did not hurt due to
typedefs, but if we find a platform where gid_t is not
uint32_t, this would be VERY hard to debug
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Some modules use samba_init_module as the name for the init functions,
others use a name based on the module name.
Rename the init functions from samba_init_module, to be consistent
across all modules. This change also allows to build idmap_tdb2 and
perfcount_test statically.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 2 08:50:04 CEST 2014 on sn-devel-104
idmap_ad and idmap_ldap use the same helper functions and the same
maximum query size. Move the code to idmap_utils so that it can be
shared by every module issuing LDAP queries.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
"local" is always False, so simply remove it and the if statement
checking its value.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Feb 6 23:27:48 CET 2012 on sn-devel-104
This library was tiny - containing just two public functions than were
themselves trivial. The amount of overhead this causes isn't really worth the
benefits of sharing the code with other projects like OpenChange. In addition, this code
isn't really generically useful anyway, as it can only load from the module path
set for Samba at configure time.
Adding a new library was breaking the API/ABI anyway, so OpenChange had to be
updated to cope with the new situation one way or another. I've added a simpler
(compatible) routine for loading modules to OpenChange, which is less than 100 lines of code.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
