IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We need "recalculate_sd" only when no external "nTSecurityDescriptor" change
is performed. Otherwise the recalculation is performed automatically.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov 7 18:52:42 UTC 2010 on sn-devel-104
- fix crash when provided "nTSecurityDescriptor" attribute is empty
- print out the correct error codes if it's provided multi-valued
- simplify the "recalculate_sd" control handling
We've to completely ignore the flags in that case.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov 7 11:10:23 UTC 2010 on sn-devel-104
- Remove TODO comment: MS-SAMR 3.1.5.8.7 explicitly states:
"The SamrRemoveMemberFromForeignDomain method removes a member from all
aliases."
- Remove the search attributes since they aren't strictly needed.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Nov 6 18:07:57 UTC 2010 on sn-devel-104
dsdb_extended_replicated_objects_convert() already decrypts the
attributes in place.
This fixes the usage of --option="dssync:print_pwd_blobs=yes".
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Nov 6 13:30:16 UTC 2010 on sn-devel-104
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sat Nov 6 04:26:45 UTC 2010 on sn-devel-104
- we need the GN/ SPN for replication.
- fixed the string form of the invocationId
- lowercase the dnshostname
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Nov 5 13:24:32 UTC 2010 on sn-devel-104
we now keep just a list of GUIDs around between getncchanges calls,
instead of an entire db search. This makes the overhead of having a
pending getncchanges call much smaller.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
We always define the controls and operations with a comment block. The data
structure definitions lie a bit below.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Nov 5 08:44:14 UTC 2010 on sn-devel-104
We need to be able to set the logon parameters in the same way as in the
ntlm server so we can handle openldap simple authentication call correctly.
Autobuild-User: Anatoliy Atanasov <anatoliy@samba.org>
Autobuild-Date: Fri Nov 5 06:32:43 UTC 2010 on sn-devel-104
Before we got the following error, while starting samba after a
'samba-tool vampire':
Failed to store repsFrom - objectclass_attrs: delete protected attribute
'objectSid' on entry 'DC=ForestDnsZones,DC=alpha,DC=sz,DC=salzgitter-ag,DC=lab'
missing!
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Nov 4 17:01:59 UTC 2010 on sn-devel-104
We end up calling ldb_error_at() which expects an LDB error,
but LDB_DEBUG_FATAL is not such code. It is actually equal to LDB_SUCCESS.
Thus the effect is that we report a *fatal* error, but return
LDB_SUCCESS in many places.
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Thu Nov 4 12:57:33 UTC 2010 on sn-devel-104
isDeleted could have been set to FALSE previously
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Nov 4 10:18:10 UTC 2010 on sn-devel-104
this disables the single value checking for one attribute. It is much
more specific than a general RELAX control, and also more efficient. I
think we should try to have more precise overrides like this, rather
than using RELAX as a general purpose override
this prevents samba dying if you do a 'make install' while it is
running. Otherwise the make install changes the inode numbers of the
modules in the modules directory, causing them to reload, which causes
multiple modules of the same name to try and load
The backend is the only place that can do this properly. It makes no
sense to do it anywhere else. As a result of it moving out of the
backend we ended up with some bugs causing multiple values in single
valued attributes (eg. isDeleted), which can really damage the
inregrity of the database.
For the override of single valued values needed for deleted linked
attributes we should use attribute flags.
This reverts commit 1949864417.
This is a modest speed test that aims to show performance difference
between Samba4 vs MS Active Directory. It should be used with Samba-style
credentials and no arguments like every other python unittest.
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Autobuild-User: Anatoliy Atanasov <anatoliy@samba.org>
Autobuild-Date: Thu Nov 4 00:11:20 UTC 2010 on sn-devel-104
this avoids using the non-portable shell command in makefiles
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Nov 3 22:44:59 UTC 2010 on sn-devel-104
- add more OOM checks where needed
- remove message of an error which cannot happen anymore (since now the
structural objectclass is always checked by the objectclass LDB module)
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Nov 3 18:30:52 UTC 2010 on sn-devel-104
The problem is that s4 per construction does the checks in a different order. It
first checks for validity (pre-operation trigger in samldb LDB module) and then
for the schema (post-operation trigger in objectclass_attrs LDB module).
constraints (post-operation trigger
testtools installed.
Also, cleanup some imports.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Wed Nov 3 17:47:55 UTC 2010 on sn-devel-104
It's exactly the same as "ldb_msg_find_element".
In addition remove a comment which points out a "fixme" for a semi-async call
since we started to permit them again.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Nov 3 09:29:46 UTC 2010 on sn-devel-104
this makes our runtime load times smaller, and also means we find bugs
that this may cause on gentoo. gentoo uses this by default
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Nov 3 00:35:56 UTC 2010 on sn-devel-104
when a backend or module can't be found, give a hint about
the LDB_MODULES_PATH environment variable
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Nov 2 21:28:22 UTC 2010 on sn-devel-104
This is important, as it will validate that the PAC handling is
correct with the different encryption types.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov 2 11:45:50 UTC 2010 on sn-devel-104
Previously we didn't support DES-only in a Samba4 domain. This is
important for some legacy systems that have not yet migrated from this
weak crypto.
Andrew Bartlett
There are exceptions from the expected behaviour of 'checksum type
matches key type' that we must deal with here, or else we can't serve
DES-only servers.
Andrew Bartlett
it causes problems with the openchange build as it is not installed
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 1 21:49:47 UTC 2010 on sn-devel-104
this allows ldb_wrap to enable s4 modules in a standalone ldb install
without any additional installation
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 1 13:47:33 UTC 2010 on sn-devel-104
Not all DCs are automatically DNS servers.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov 1 12:20:36 UTC 2010 on sn-devel-104
- For user accounts we only need to specify "user" ("person" is an inherited
objectclass)
- Don't use the brackets when we have only one objectclass specified
The signed/unsignedness does match (always unsigned). The bitlength (64 bit) on
all regular platforms does also. Therefore simply add a cast to
"unsigned long long".
the usage() function needs to take a ldb context, as the popt_options
is specific to the ldb context
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this module hooks into the ldb command line processing, to add extra
command line options and initialisation of samba4 internal subsystems
such as gensec
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this allows a ldb module to register a hook function called at various
stages of processing. It will be initially used for ldb command line
hooks, but should work generally.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this supports module loading in ldb which uses the approach of "load
all modules in a directory". This is much more flexible than the
current module loading, as it will allow us to load modules for
command line parsing and authentication.
Modules are loaded from a colon separated path, in the environment
variable LDB_MODULES_PATH. If unset, it defaults to LDB_MODULESDIR.
Within each directory modules are loaded recursively (traversing down
the directory tree). The device/inode number of each module is
remembered to prevent us loading a module twice.
Each module is checked for a ldb_init_module() function with
dlsym(). If found, it is called with the ldb module version as an
argument.
