IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is all working towards supporting the full WSPP schema without a
major performance penalty.
We now use binary searches when looking up classes and attributes. We
also avoid the loop loading the attributes into ldb, by adding a hook
to override the ldb attribute search function in a module. The
attributes can thus be loaded once, and then saved as part of the
global schema.
Also added support for a few more key attribute syntaxes, as needed
for the full schema.
This test code builds the possibleInferiors for every class in the
schema on a target machine, and compares it to the servers
possibleInferiors attribute.
The MS-ADTS spec describes how to calculate possibleInferiors for a
object, but it seems to have some bugs. The spec says that we need to
use AUXCLASSES, and it does not mention the use of the SUBCLASS
tree. In trying to match windows behaviour, I found that I needed to
ignore the AUXCLASSES and build a SUBCLASSES tree.
we haven't implemented possibleInferiors yet. This test is meant to
help us understand how it works. It tries to construct
possibleInferiors via searches on other attributes, and compares it to
the servers constructed possibleInferiors attribute for each class in
the servers schema.
see [MS-ADTS] section 3.1.1.4.5.21
This is made up of 4 parts:
1) change our schema to include the parentGUID attribute type
2) in the add hook in the objectclass module, get the objectGUID of
the parent and add it to the message as parentGUID
3) in the rename hook in the objectclass module, get the objectGUID
of the new parent, and insert an async modify request after the
renmam is done
4) added a simple test suite
The clients that do only lanman auth are on their way out, the
passwords are case insensitive, it does not support unicode and we
should not store such a poor hash of the password if we can avoid it.
Andrew Bartlett
This search uses the index, and is not recursive, so should avoid the
major performance problem with the current sorted schema load.
The ad2oLschema code (recently moved to provision-backend) no longer
needs the schema to be sorted.
Andrew Bartlett
This avoids the need to assume that the schema is sorted on load,
which happens more often and is a major performace issue in the
Samba4's use of ldb.
Andrew Bartlett
This removes a level of indirection via external binaries in the
provision-backend code, and also makes better use of our internal code
for loading schema from an LDIF file.
Remaining to do: Sort the output again, as the load from LDIF is
unsorted (also needed because the normal LDB load from sorted input is too slow
anyway, and is only needed here).
Andrew Bartlett
The Win7-beta domain process has changed. It no longer uses SAMR for
setting the password, and instead uses a ldap modify on a SASL
encrypted ldap connection. We didn't handle that as the unicodePwd
attribute has a dual use, holding the nt style MD4 hases for DRS
replication, but holding a UTF-16 plaintext password for a LDAP
modify.
This patch copes with the ldap unicodePwd modify by recognising the
format and creating the correct attributes on the fly. Note that this
assumes we will never get a unicodePwd attribute set in NT MD4 format
with the first 2 and last 2 bytes set to 0x22 0x00.
Andrew Bartlett is looking at a more robust solution, possibly using a
flag to say that this modify came via ldap, and not internal ldb
calls.
Separate again the public from the private headers.
Add a new header specific for modules.
Also add service function for modules as now ldb_context and ldb_module are
opaque structures for them.
