IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
partitions onto the target LDAP server.
Make the LDAP provision run before smbd starts, then stop the LDAP
server. This ensures this occurs synchronously, We then restart it
for the 'real run' (with slapd's stdin being the FIFO).
This required fixing a few things in the provision scripts, with more
containers being created via a add/modify pair.
Andrew Bartlett
(This used to be commit 860dfa4ea1ab2b62d4d4fe0644e0a9b882fdafa1)
re-provision (as is required for the TEST_LDAP=yes version of make
test).
Andrew Bartlett
(This used to be commit ea4c2ea22fb3975d80130f52edecaf6d1790adde)
We were returning just true/false and discarding error number and string.
This checking probably breaks swat, will fix it in next round as swat
is what made me look into this as I had no way to get back error messages
to show to the users.
Simo.
(This used to be commit 35886b4ae68be475b0fc8b2689ca04d766661261)
them as a hook on ldb modify, via a module.
This should allow the secrets.ldb to be edited by the admin, and to
have things update in the on-disk keytab just as an in-memory keytab
would.
This isn't really a dsdb plugin, but I don't have any other good ideas
about where to put it.
Andrew Bartlett
(This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
as for every object the repl_meta_data module needs to look
up the object by objectGUID
metze
(This used to be commit 55f845377ce3a7aeb028805754dc9c05d429548e)
- we call a ejs script from the torture test for this task
so that we can use the provision template ldif's.
metze
(This used to be commit e84b0c7d4004df312ae58ed76dd708a2c3c37986)
for all partitions and make it not use LDAP in the variable names
because it isn't specific to the ldap backend case.
metze
(This used to be commit 3e337ec2764038e4ff05c3e926220abaa5583702)
Add in a hook for adding an ACI, needed to allow anonymous access
until we hook across a SYSTEM token to the LDAP server.
Andrew Bartlett
(This used to be commit f45504e2714680978f101b4a98516686a17531df)
Add a new module entrypoint to handle the new, interesting and
different mappings required for Fedora DS.
Andrew Bartlett
(This used to be commit 600c7f1a68c175b835ce45d13794a6f66bcc8493)
into an exsting LDAP server. (Allow some parts to pre-exist, and try
to blow away less data).
Andrew Bartlett
(This used to be commit 99faff0ad8fa12d596c599064a0125a6b3365134)
don't delete their contents until we have specified the new partition
locations.
However, preserve the important part of tridge's change, that is to
ensure that no database index is present when the mass delete occours.
In my testing, it is best to leave the index until the provision is
compleated.
Andrew Bartlett
(This used to be commit 962219df7dc53ce6f6889f4b71ee19850c7ff7b5)
- when wiping a ldb, wipe within each naming context first. By not
wiping the naming contexts we didn't wipe the partitions, which
caused a massive slowdown in re-provisioning due to re-indexing of
the schema.
(This used to be commit b62437214cf7c98c81598c4f37c91ab284928dbb)
Move default for subobj.LDAPMODULES into scripting/libjs/provision.js
so that SWAT can provision again.
Andrew Bartlett
(This used to be commit a4aafe307d6d1396fa79b0c48b0a36cbf682f0ce)
When changing a field name in idl, please remember to check for use of
those functions in any js code as well.
(This used to be commit 7005806aa6842ffc3d5ed98682f2aefc59759580)
When against a real, schema-checking LDAP backend, we need
extensibleObject on the baseDN entry (as entryUUID isn't run for
creating this basic ldif) output.
(This used to be commit befac43f59c4688f6c6827eb2e4e916c1056a740)
This lets the modules or backend generate the host and domain GUID,
rather than the randguid() function. These can still be specified
from the command line.
Andrew Bartlett
(This used to be commit 32996ca9d62568006f8bee85a1f2f37c64c04fb5)
Shutdown and reload the LDB, so the entryUUID module knows to read the
schema (will be changed once we have a central schema store and
notifications).
Andrew Bartlett
(This used to be commit d5814b689eedfc4c4701beb18a516db716a466f1)
shows the need for...
Martin Kuhl writes:
The ejs function `substitute_var' returns `undefined' when the first
argument ends in a pattern that should be substituted.
For that reason, the second assertion fails in the following test-case:
,----
| libinclude("base.js");
|
| var obj = new Object();
| obj.FOO = "foo";
| obj.BAR = "bar";
| var str1 = "${FOO}:${BAR}";
| var str2 = "${FOO}:${BAR} "; // note the space after the brace
| var sub1 = substitute_var(str1, obj);
| var sub2 = substitute_var(str2, obj);
|
| assert(str1 + " " == str2);
| assert(sub1 + " " == sub2);
`----
The problem is that the function `split' returns a single-element
array in both cases:
a) the string to split doesn't contain the split pattern
b) the string ends with the split pattern
To work around this, the following patch tests this condition and
returns `undefined' only if the string to split (`list[i]') really
didn't contain a closing brace.
(This used to be commit 8a6908200b1e459bc9067a9d1f9635185a7eee16)
This causes things to operate as just one transaction (locally), and
to make a minimum of TCP connections when connecting to a remote LDAP
server.
Taking advantage of this, create another file to handle loading the
Samba4 specific schema extensions. Also comment out 'middleName' and
reassign the OID to one in the Samba4 range, as it is 'stolen' from a
netscape range that is used in OpenLDAP and interenet standards for
'ref'.
Andrew Bartlett
(This used to be commit 009d0905947dec9bab81d8e6de5cb424807ffd35)
This module redirects various samdb requests into different modules,
depending on the prefix. It also makes moving to an LDAP backend
easier, as it is just a different partition backend.
This adds yet another stage to the provision process, as we must setup
the partitions before we setup the magic attributes.
Andrew Bartlett
(This used to be commit 31225b9cb6ef6fcb7bd831043999b1b44ef1b128)
This required changes to the rootDSE module, to allow registration of
partitions. In doing so I renamed the 'register' operation to
'register_control' and 'register_partition', which changed a few more
modules.
Due to the behaviour of certain LDAP servers, we create the baseDN
entry in two parts: Firstly, we allow the admin to export a simple
LDIF file to add to their server. Then we perform a modify to add the
remaining attributes.
To delete all users in partitions, we must now search and delete all
objects in the partition, rather than a simple search from the root.
Against LDAP, this might not delete all objects, so we allow this to
fail.
In testing, we found that the 'Domain Controllers' container was
misnamed, and should be 'CN=', rather than 'OU='.
To avoid the Templates being found in default searches, they have been
moved to CN=Templates from CN=Templates,${BASEDN}.
Andrew Bartlett
(This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)
Find more possible posix group names for the 'domain users' group, as
the existing options don't exist in OSX.
Andrew Bartlett
(This used to be commit 4e8d7b7fb310a668ae8653bc06036c94249b2b2a)
