IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
we'll soon pass this down as DSDB_CONTROL_CURRENT_PARTITION_OID control
so that the repl_meta_data module knows where to update the replUpToDateVector
attribute
metze
(This used to be commit e5de40f8c2)
- add the values for objectGUID and whenChanged inside the ldb module,
so that the ldb module has only replicated attributes as input
metze
(This used to be commit 0ecb07e052)
the merging of existing objects is not implemented yet...
there are a few ifdef REPLMD_FULL_ASYNC because we need to workarouns
ldb's async infrastructure (which don't handle full async sub requests nicely)
metze
(This used to be commit da4ff0e7cc)
which prepares the replicated objects, the repl_meta_data ldb module
will then add the uSNCreated, uSNChanged and some other things and will apply
the objects to the partition specific ldb
metze
(This used to be commit 48d568a75b)
- by default the operations goes to all partitions
- but some wellkown ones will go to just one partition
(DSDB_EXTENDED_REPLICATED_OBJECTS_OID for now)
I'll soon change the partitions module so that it'll attach a
DSDB_CONTROL_PARTITION_CONTEXT_OID control to give
the repl_meta_data or other partition specific modules a chance to
to know for which partition it should work.
metze
(This used to be commit 0ed53c6d0f)
when applying replicated objects.
the samldb module ignores such requests now...
and the repl_meta_data module has different functions
for the replicated and originating cases...
metze
(This used to be commit a4d5e0126c)
But this is currently needed to make regpatch linking in
the dsdb/schema/schema_*.o object files.
the problem is that the linker doesn't find any references to public symbols
in this files and removes them from the link list.
gnu ld has a --whole-archive option, but it seems to be not portable...
I think the solution with prelinking using 'ld -r' to create one object file
for a subsystem instead of using 'ar -rcs' to create an archive for a subsystem...
jelmer: any ideas about this problem?
metze
(This used to be commit 46df7ff6e5)
- I'll add handling of replication meta data to it
for orginating changes
- I'll pass replication meta data via a ldb control
for applying replicated changes
- It will also update the replUpToDateVector attribute in
in root object of the partition
- It will handle deleted records by adding the isDeleted=TRUE attribute
and move them to the CN=Deleted Objects container of the partition
- I make a copy to play with the code without breaking
the LDAP backend setup
metze
(This used to be commit 045ddfe1ec)
Add a new module entrypoint to handle the new, interesting and
different mappings required for Fedora DS.
Andrew Bartlett
(This used to be commit 600c7f1a68)
better handle the Samba3 backend.
I've refactored the password format patch to use the routines in
lib/samba3/smbpasswd.c, which has required me to move this into a
seperate subsystem, due to recursive dependencies.
Andrew Bartlett
(This used to be commit 14e2c877a8)
cases.
Adjust our 'look for this value in this attribute, of the result'
function samdb_find_attribute() to use the correct comparison
function, no matter what that may be.
Andrew Bartlett
(This used to be commit 3c5ff4e687)
We now correctly handle the canonical name as a CrackNames source, for
more than just the DNS domain object.
Andrew Bartlett
(This used to be commit 629c72f0c2)
supprisingly complex call...
It turns out that the in/out parameter 'level' is not in/out, but set
seperatly by the server-side code from r->req.req1.level.
This commit also breaks out some common code from samldb into samdb.
Andrew Bartlett
(This used to be commit 2eb9e6445c)
a generic location
- this struct should be also used by the dsdb/samdb/ldb_modules/schema.c
module later
- add functions to map from LDAP OID values to uint32_t values
- add torture test for the OID => uint32 mapping code
metze
(This used to be commit 58ba6ec195)
to a ldb_schema_syntax struct.
the default attribute handler is now registered dynamicly as "*"
attribute, instead of having its own code path.
ldb_schema_attribute's can be added to the ldb_schema given a
ldb_schema_syntax struct or the syntax name
we may also need to introduce a ldb_schema_matching_rule,
and add a pointer to a default ldb_schema_matching_rule
in the ldb_schema_syntax.
metze
(This used to be commit b97b8f5dcb)
way to setup a Samba4 DC is to set 'server role = domain controller'.
We use the fSMORoleOwner attribute in the base DN to determine the PDC.
This patch is quite large, as I have corrected a number of places that
assumed taht we are always the PDC, or that used the smb.conf
lp_server_role() to determine that.
Also included is a warning fix in the SAMR code, where the IDL has
seperated a couple of types for group display enumeration.
We also now use the ldb database to determine if we should run the
global catalog service.
In the near future, I will complete the DRSUAPI
DsGetDomainControllerInfo server-side on the same basis.
Andrew Bartlett
(This used to be commit 67d8365e83)
This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.
The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.
The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.
Simo.
(This used to be commit a580c871d3)
attributes to backend (remote) attributes.
We can't do a reverse mapping safely where the remote attribute may be
a source for multiple local attributes. (We end up with the wrong
attributes returned).
In doing this, I've modified the samba3sam.js test to be more
realistic, and fixed some failures in the handling of primaryGroupID.
I've added a new (private) helper function ldb_msg_remove_element() to
avoid a double lookup of the element name.
I've also re-formatted many of the function headers, to fit into
standard editor widths.
Andrew Bartlett
(This used to be commit 186766e309)
This merges Samba4 with lorikeet-heimdal, which itself has been
tracking Heimdal CVS for the past couple of weeks.
This is such a big change because Heimdal reorganised it's internal
structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases.
In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO
PAC. This matches windows behavour. We also have an option to
require the PAC to be present (which allows us to automate the testing
of this code).
This also includes a restructure of how the kerberos dependencies are
handled, due to the fallout of the merge.
Andrew Bartlett
(This used to be commit 4826f17351)
Break up auth/auth.h not to include the world.
Add credentials_krb5.h with the kerberos dependent prototypes.
Andrew Bartlett
(This used to be commit 2b569c42e0)
dependency loops).
This moves the evaluation of the SASL mechansim list to display in the
rootDSE to the ldap server.
Andrew Bartlett
(This used to be commit 379da475e2)
This is a pointer to an element pointer. If it is not null it will be
filled with the pointer of the manipulated element.
Will avoid double searches on the elements list in some cases.
(This used to be commit 0fa5d4bc22)
Always set the krb5key from the ntPwdHash, even if we don't have the
cleartext password in sambaPassword. This fixes kerberos after a
vampire.
Andrew Bartlett
(This used to be commit 1d4d2271c9)
This moves these attributes from objectguid into an optional backend
(objectguid), used by ltdb. For OpenLDAP, the entryUUID module
converts entryCSN into usnChanged.
This also changes the sequence number API, and uses 'time based'
sequence numbers, when an LDAP or similar backend is detected.
To assist this, we also store the last modified time in the TDB,
whenever we change a value.
Andrew Bartlett
(This used to be commit 72858f8594)
reject reason code while password changing: SAMR_REJECT_IN_HISTORY which
is different from SAMR_REJECT_COMPLEXITY.
torture test to follow as well.
Guenther
(This used to be commit 7513748208)
to mess with the values in these cases.
Where we do convert the values, try and convert substrings. This
isn't going to be perfect, but we should try rather than segfault.
This also avoids using the wrong arm of the union for the attribute
name
The change in the entryUUID module is to correct the case of
sAMAccountName, due to the case sensitive ldap.js test.
Andrew Bartlett
(This used to be commit 81d9a692c1)
This adds a list of attributes that are in our wildcard seaches, but
the remote server requires to be explicitly listed. This also cleans
up the handling of wildcards in ldb_map to be more consistant.
Also fix the partitions module to rebase the search, if on the GC
port, we do a subtree search. (Otherwise backends can rightly
complain that the search is not in their scope).
Andrew Bartlett
(This used to be commit bc58792b71)
asks for them as large integers, rather than a negative integer.
Due to an OpenLDAP bug, this only works reliably against OpenLDAP CVS
as of today. (but mostly works in older versions, depending on a
thread-specific value fo errno in the server).
Andrew Bartlett
(This used to be commit 3b5354aede)
emacs compile mode (hint, paste to a file, and compile as "cat
filename").
This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
(This used to be commit eba6c84eff)
Store the plaintext password in userPassword in the LDAP backend so
that the OpenLDAP server can use DIGEST-MD5.
Andrew Bartlett
(This used to be commit 1b02c604b2)
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77)
At the moment it is able to validate an object has no conflicting
objectlasses that it meets the criteria to be inserted as child of
the parent and also sorts and create the objectclass hierarchy so
that the objectclass .c module can be obsoleted.
Not activated by default as we have to completely rework the
current provisioning method. (In my tests I could not activate
it before all other ldif except for the one that create users
were loaded, make test seem to be happy anyway if it is activated
after provisioning).
Next steps will be attribute and attribute syntax checking on add operation.
And then the modify operation will follow.
Simo.
(This used to be commit 0c444ba1ad)
