IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
As some future point we might get these scripting interfaces into
better shape, and provide a python interface to this functionality
again.
Andrew Bartlett
(This used to be commit 717dcb2c54)
parametic options:
smb2:max read size = NNN
smb2:max write size = NNN
The defaults are 65536, which is what Vista sets, and what we
previously set
(This used to be commit 9e60164cae)
The new idmap world does not use the unixUser any more, so we need to
set up the entry (if wanted) in the idmap database. Users without a
backing unix user will get an allocated uid by idmap later.
Andrew Bartlett
(This used to be commit 8bd8bc1475)
This option allows Fedora DS multi-master replication to work. I've
tried to update the wiki and scripts to the largely consistant with
each other.
Andrew Bartlett
(This used to be commit 42393c8307)
In particular, allow for the server DN to be in a different site
(possible outcome of a DRS replication).
Andrew Bartlett
(This used to be commit 9ee4e39fe1)
In particular, this should draw attention to accidential 'standalone'
server provisions and therefore cause less frustration.
Andrew Bartlett
(This used to be commit e906ae041a)
This fixes up the python credentials interface in a number of areas,
with the aim of supporting '-k yes' as a command line option. (This
enables the use of kerberos).
As such, I've had to change the get_credentials call to take a
loadparm context, so that the credentials can be initialised
correctly.
The test_kinit script has been modified to prove that this continues
to work, as well as to provide greater code coverage of the kerberos
paths.
Andrew Bartlett
(This used to be commit 727ef40c2b)
This reworks quite a few parts of our provision system to use
CN=NETBIOSNAME as the domain for member servers.
This makes it clear that these domains are not in the DNS structure,
while complying with our own schema (found by OpenLDAP's schema
validation).
Andrew Bartlett
(This used to be commit bda6a38b05)
This should allow us to provision onto an OpenLDAP backend again.
Also ensure we always have a sysvol and netlogon share in the selftest
environment.
Andrew Bartlett
(This used to be commit b2d9b03ba3)
This required a large rework of the provision code, so as to move much
of the 'guess' logic into subprocedures, rather than just inline in
the provision code.
Andrew Bartlett
(This used to be commit a0754c2a85)
This fixes up some issues with testdir (was not honoured) and
increases test coverage.
We now check all the major provision modes. In doing so, to make it
possible to call from the multiple layers of 'sh', I have allowed 'dc'
to alias 'domain controller' and 'member' to alias 'member server'.
Fighting shell quoting in the test system was just too hard...
Also fix upgrade.py
Andrew Bartlett
(This used to be commit 0923de1228)
To make Samba4, using the python provision system, pass this test
required some major rework. Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.
Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).
In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.
Andrew Bartlett
(This used to be commit 1169e8d7be)
Slowly work away at the samldb module again, it is clear that AD does
not use much of a templating system. samAccountType is managed, as
far as I can tell, when groupType or userAccountControl changes.
Andrew Bartlett
(This used to be commit 447d5a7954)
Make the EJS provision and the selftest scripts both use the new
syntax for speicifying the ldap backend type.
Andrew Bartlett
(This used to be commit b1d2584277)
This means we only show and set the values when they are not the
values the schema and objectclass module would impose.
Andrew Bartlett
(This used to be commit c2f2e01357)
This module needs to be loaded on each database, not just the main
partition. We use it to create the usn for the entries.
Andrew Bartlett
(This used to be commit ffb12aad8a)
Previously, we would create the first record in the DB as an LDIF
file, with the expectation that the administrator would use slapadd to
create the database.
We now do everything over LDAP, which is far simpler, and allows the
LDB module chain to do its work, without special cases.
Also fix naming of the output schema when suggesting the comamnd line
to run ad2oLschema in provision-backend.
Andrew Bartlett
(This used to be commit e77375758d)
attributes, as found in the schema.
Index 'cn', as otherwise exact match searches on this attribute always
fail (need to figure out what is so special about cn in OpenLDAP).
Andrew Bartlett
(This used to be commit 5a4a2d10bc)
Added blackbox tests for provision and upgrade Python scripts.
Clean up temporary files created by the Python tests.
(This used to be commit 2227fb6df6)
- Initial work converting the upgrade code to Python.
- Removed the old EJS upgrade code because it has been broken for a long time.
(This used to be commit 150cf39fbd)
samdb before we start writing entries into it.
In doing so, I realised we still used 'dnsDomain', which is not part
of the standard schema (now removed).
We also set the 'wrong' side of the linked attributes for the
masteredBy on each partition - this is now set in provision_self_join
and backlinks via the linked attributes code.
When we have the schema loaded, we must also have a valid domain SID
loaded, so that the objectclass module works. This required some ejs
glue.
Andrew Bartlett
(This used to be commit b0de08916e)
by seperating the modules list into parts. That way, we can remove
the modules that the backend will provide.
Andrew Bartlett
(This used to be commit d67e5c7896)
simple ldap mapping (a complex mapping will follow).
Fix the module to handle 'name' better, rather than using the 'name'
attribute built into OpenLDAP, rename to samba4RDN. We need to see if
this can be handled in the backend.
Also rename the functions and inernal module name to entryuuid for
consistancy.
Andrew Bartlett
(This used to be commit a7be80766f)
Remove bogus check to return NO_SUCH_ENTRY in ldap_backend.c, as this
error is now correctly emited from ldb.
Andrew Bartlett
(This used to be commit ed57862b90)
Templates just don't belong in the sam.ldb, as they don't obey any of
the other rules. This moves them to a seperate templates.ldb.
In samldb, this patch reworks the duplicate SID and Name detection
code, to use ldb_search_exp_fmt() rather than gendb_search. This
returns far more useful errors, which we now handle and report better.
The call to samdb_search_for_parent_domain() has been moved in samldb,
to allow both the account and SID uniqueness checks to be in the same
domain. This function also returns better errors.
dcesrv_drsuapi.c is updated for the new prototype of
samdb_search_for_parent_domain()
Andrew Bartlett
(This used to be commit f1ab90c88c)
invalid entries with a linked attribute.
Make Samba4 pass that test, by fixing a silly bug in the
linked_attributes module. (By passing down the 'original' request
structure, tdb would override our handle, and therefore we would never
be called for the 'wait', which collects the errors).
Fix up the provision templates to handle the newly required
referential integrity.
Andrew Bartlett
(This used to be commit 0377d85bbd)
Much more work is still required here, particularly to handle this
better during the provision, and to handle modifies and deletes, but
this is a start.
Andrew Bartlett
(This used to be commit 2ba99d58e9)
setting OPENLDAP_PATH, move to using hdb as the backend (allows
subtree renames), and re-enable the --quiet option.
Andrew Bartlett
(This used to be commit a186a0fa68)
