1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-04 05:18:06 +03:00
Commit Graph

215 Commits

Author SHA1 Message Date
Andrew Bartlett
4168d61fb2 This patch cleans up some of our ldap code, for better behaviour:
We now always read the Domain SID out of LDAP.  If the local secrets.tdb
is ever different to LDAP, it is overwritten out of LDAP.   We also
store the 'algorithmic rid base' into LDAP, and assert if it changes.
(This ensures cross-host synchronisation, and allows for possible
integration with idmap).  If we fail to read/add the domain entry, we just
fallback to the old behaviour.

We always use an existing DN when adding IDMAP entries to LDAP, unless
no suitable entry is available.  This means that a user's posixAccount
will have a SID added to it, or a user's sambaSamAccount will have a UID
added.  Where we cannot us an existing DN, we use
'sambaSid=S-x-y-z,....' as the DN.

The code now allows modifications to the ID mapping in many cases.

Likewise, we now check more carefully when adding new user entires to LDAP,
to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount
onto the idmap entry for that user, if it is already established (ensuring
we do not duplicate sambaSid entries in the directory).

The allocated UID code has been expanded to take into account the space
between '1000 - algorithmic rid base'.  This much better fits into what
an NT4 does - allocating in the bottom part of the RID range.

On the code cleanup side of things, we now share as much code as
possible between idmap_ldap and pdb_ldap.

We also no longer use the race-prone 'enumerate all users' method for
finding the next RID to allocate.  Instead, we just start at the bottom
of the range, and increment again if the user already exists.  The first
time this is run, it may well take a long time, but next time will just
be able to use the next Rid.

Thanks to metze and AB for double-checking parts of this.

Andrew Bartlett
(This used to be commit 9c595c8c23)
2003-07-04 13:29:42 +00:00
Gerald Carter
a220e983d0 applying fix for group map conversion (patch from Kristyan Osborne)
(This used to be commit 6237fae9b8)
2003-07-01 15:21:43 +00:00
Jelmer Vernooij
540e3f889c Add DTD used by XML passdb backend
(This used to be commit f3fd321b61)
2003-06-16 21:33:46 +00:00
John Terpstra
5d4937c2b6 This patch is Vorlon's fault!
(This used to be commit 56d2049561)
2003-06-15 05:14:28 +00:00
Gerald Carter
af0ddc81d8 fix typo in description
(This used to be commit be82b3d9df)
2003-06-13 02:53:03 +00:00
Gerald Carter
b93851af13 check that an attribute is defined and not just non-zero
(This used to be commit 8c18174a89)
2003-06-12 13:41:13 +00:00
Jeremy Allison
de3f1c7767 Make skeleton VFSs compile with new EA modules.
Jeremy
(This used to be commit 7c4cc2086d)
2003-06-06 07:09:30 +00:00
Gerald Carter
3bdfd57a2d working draft of the idmap_ldap code.
Includes sambaUnixIdPool objectclass

Still needs cleaning up wrt to name space.
More changes to come, but at least we now have a
a working distributed winbindd solution.
(This used to be commit 8241758544)
2003-06-05 02:34:30 +00:00
Alexander Bokovoy
bee3d8f410 Move VFS example skel.c to two different examples: one for opaque operations and one for transparent. Also add configure support for compiling third-party modules. Patch from Stefan Metzmacher <metze@metzemix.de>
(This used to be commit fcdf215753)
2003-06-04 13:13:41 +00:00
Gerald Carter
c527856774 moving the sambaAccount objectclass to 'historical' to prevent confusion on which one should be used for new servers. I'll add a note about uncommenting the older items for ldapsam_compat in the release notes
(This used to be commit 469c5ad1ac)
2003-05-22 17:18:35 +00:00
Gerald Carter
df641bc7ca fix group mapping in LDAP under new schema
(This used to be commit 0714dda7cc)
2003-05-14 05:28:16 +00:00
Gerald Carter
b2c19b7727 s/primaryGroupSID/sambaPrimaryGroupSID/
(This used to be commit 925c60f5e2)
2003-05-14 04:49:01 +00:00
Gerald Carter
b2b381f3a4 perl script to convert from sambaAccount to sambaSamAccount; requires Net::LDAP::LDIF
(This used to be commit 9cde1aa32a)
2003-05-14 04:37:40 +00:00
Gerald Carter
5d16254f56 *****LDAP schema changes*****
New objectclass named sambaSamAccount which uses attribute
prefaced with the phrase 'samba' to prevent future name clashes.

Change in functionality of the 'ldap filter' parameter.  This always
defaults to "(uid=%u)" now and is and'd with the approriate objectclass
depending on whether you are using ldapsam_compat or ldapsam

conversion script for migrating from sambaAccount to
sambaSamAccount will come next.
(This used to be commit 998586e652)
2003-05-14 03:32:20 +00:00
Andrew Bartlett
2735fb0119 As discussed on samba-technical - move to 'primaryGroupSid' insted of
primaryGroupID (rid).  This is consistant with the move from 'rid' to ntSid
for the primary user identifier.

Also cope with legacy installations where primaryGroupID might have been
stored as 0.

Andrew Bartlett
(This used to be commit 0e432817cb)
2003-05-11 05:59:34 +00:00
Gerald Carter
c079ba4e6b syncing README to go along with scripts
(This used to be commit 94780f0947)
2003-05-09 21:52:49 +00:00
Gerald Carter
c37cc212c8 syncing import/export smbpasswd file scripts from 2.2
(This used to be commit ee1374cabf)
2003-05-09 21:51:57 +00:00
Jelmer Vernooij
9bf2a5bde9 Don't crash if the underlying VFS doesn't support ACL's
(This used to be commit a7520177b0)
2003-05-01 01:35:56 +00:00
Jelmer Vernooij
17a3acafa8 Use NTSTATUS as return value for smb_register_*() functions and init_module()
function. Patch by metze with some minor modifications.
(This used to be commit bc4b51bcb2)
2003-04-28 17:48:48 +00:00
Jelmer Vernooij
cff01c538f Add example authentication module
(This used to be commit e112dc1641)
2003-04-28 17:14:49 +00:00
Andrew Bartlett
49530d0db5 A new pdb_ldap!
This patch removes 'non unix account range' (same as idra's change in HEAD),
and uses the winbind uid range instead.

More importanly, this patch changes the LDAP schema to use 'ntSid' instead
of 'rid' as the primary attribute.  This makes it in common with the group
mapping code, and should allow it to be used closely with a future idmap_ldap.

Existing installations can use the existing functionality by using the
ldapsam_compat backend, and users who compile with --with-ldapsam will get
this by default.

More importantly, this patch adds a 'sambaDomain' object to our schema -
which contains 2 'next rid' attributes, the domain name and the domain sid.
Yes, there are *2* next rid attributes.  The problem is that we don't 'own'
the entire RID space - we can only allocate RIDs that could be 'algorithmic'
RIDs.  Therefore, we use the fact that UIDs in 'winbind uid' range will be
mapped by IDMAP, not the algorithm.

Andrew Bartlett
(This used to be commit 3e07406ade)
2003-04-28 10:20:55 +00:00
Jelmer Vernooij
3786533880 Update for the new modules system
(This used to be commit 528c56176b)
2003-04-28 01:24:26 +00:00
Jelmer Vernooij
4a6eb741f0 Update for new modules system
(This used to be commit bd24443229)
2003-04-28 01:21:59 +00:00
Jelmer Vernooij
bceae6bb99 Replace references to the old textdocs by references to chapters in
the HOWTO Collection.
(This used to be commit 31ce815283)
2003-04-28 00:57:51 +00:00
Jelmer Vernooij
ff09ef629a Update for the new modules system. Also, use Makefile rather then Makefile.in
because we don't generate Makefile from configure anymore
(This used to be commit 0d322968cb)
2003-04-28 00:52:02 +00:00
Simo Sorce
07b95a90ca typo
(This used to be commit a65b54a08e)
2003-04-27 11:24:58 +00:00
Gerald Carter
a53c63f99e uidPool and gidPool don't use cn anymore (but we don't use thsi anyways)
(This used to be commit 7f0fd03f69)
2003-04-18 22:19:04 +00:00
Volker Lendecke
878f9147bf Fix schema error not detected by OpenLDAP 2.0.23 but by 2.1.16.
Volker
(This used to be commit 5acb9f421c)
2003-03-27 14:25:30 +00:00
Volker Lendecke
7679811afb Put group mapping into LDAP.
Volker
(This used to be commit da83d97eb5)
2003-03-19 09:43:23 +00:00
Tim Potter
a30e390227 Sync with HEAD. The -L/usr/local/lib bit looks a bit dodgy though.
(This used to be commit 81bfd9a4d9)
2003-01-22 23:51:39 +00:00
Tim Potter
3bff6c4f98 Sync with HEAD.
(This used to be commit db3901827f)
2003-01-22 23:50:14 +00:00
Tim Potter
210cb79d29 Minor merges from HEAD.
(This used to be commit 902a1dc1d5)
2003-01-22 23:49:54 +00:00
John Terpstra
862d383781 Adding genlogon obtained from a a mailing list posting in 2001.
(This used to be commit f6121fb55b)
2003-01-16 05:54:35 +00:00
Gerald Carter
9eeab10e54 [merge]
* removed unused variable from rpcclient code
* added container option to net command (patch from SuSE)
* Makefile patch for examples/VFS from SuSE
(This used to be commit 25a9681ddd)
2003-01-15 16:10:57 +00:00
Gerald Carter
52457e1093 removed idpool from schema file (experimental) to remove the dependency
on nis.schema.

add $(LDFLAGS) to libsmbclient build
(This used to be commit cd16064784)
2003-01-06 17:57:52 +00:00
cvs2svn Import User
999c30958a This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This used to be commit 953ae9d182) 2002-12-16 17:26:02 +00:00
Jim McDonough
dca69cb793 Add win32 utility to query driver capabilities to publish
(This used to be commit c09c1e0905)
2002-12-16 17:26:01 +00:00
Tim Potter
a520e3c76d Ignore automatically generated Makefile.
(This used to be commit 152c530089)
2002-11-20 03:01:55 +00:00
John Terpstra
69f3c8f304 Latest updates from author.
(This used to be commit bdf0d66577)
2002-11-20 00:30:56 +00:00
John Terpstra
333a65caa4 Added logon script generator provided by: Timothy Grant <tjg@craigelachie.org>
(This used to be commit 93cfbb000f)
2002-11-19 19:06:11 +00:00
Jelmer Vernooij
4d12794bc1 Sync with HEAD:
- Move working VFS modules to source/
- Move documentation to SGML
(This used to be commit be4894815c)
2002-11-18 16:22:44 +00:00
Richard Sharpe
7b581a60d2 One more small fix in tree.c
(This used to be commit 0674d5a2b0)
2002-11-15 22:55:15 +00:00
Richard Sharpe
b45c92f31e Fix some problems with tree.c reported by users.
(This used to be commit b0772a1a05)
2002-11-15 22:51:03 +00:00
Jelmer Vernooij
794ecd30f9 Update to use smb_register_passdb()
(This used to be commit b10541b71b)
2002-11-15 17:49:47 +00:00
Jelmer Vernooij
8fc6e1a5aa There is support for the cups printing system now as well
(This used to be commit 72e0cfbb42)
2002-11-14 18:24:14 +00:00
Jelmer Vernooij
8d2514fc6a a cups printing backend is now available as well
(This used to be commit 4cffb29d27)
2002-11-14 17:42:01 +00:00
Jelmer Vernooij
7fc28a91ed Ignore Makefile
(This used to be commit 9c811e4478)
2002-11-13 14:23:52 +00:00
Jelmer Vernooij
861bbd3c28 Move working VFS modules to source/modules/
(This used to be commit 14b129e301)
2002-11-13 13:11:04 +00:00
Jelmer Vernooij
0c4357e928 Move VFS documentation to the HOWTO collection
(This used to be commit b8c7ce0381)
2002-11-13 13:08:56 +00:00
Jelmer Vernooij
b8766e74c6 Fix typo
(This used to be commit ad5cb338a1)
2002-11-11 13:49:39 +00:00