IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is only used in the OpenLDAP backend and will certainly be removed before this becomes production.
(a production backend will use the real AD top objectclass)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
These changes will get clobbered by RWDCs through replication. This
behaviour is required for lockoutTime to enforce the password lockout
locally on the RODC (and is consistent with Windows).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
These tests would sometimes fail because the randomly generated OIDs
would collide. This fixes that by giving a unique OID to each attribute
and class.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12507
Pair-Programmed-With: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 10 13:44:02 CET 2017 on sn-devel-144
This will be used by 'samba-tool dbcheck' to fix the rdn attribute name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12399
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(Patch reduced by Andrew Bartlett to only allocate the OID)
This will help us to correct errors during dbcheck
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9954
This allows us to find links that need to be expunged
without passing the whole DB up in the search response.
While each message still needs to be examined, this code
only has to do memory allocation for entries with links
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
We also take the chance to make it clearer that the number
being passed in should be unique.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Normally linked attributes are deleted by marking them as with RMD flags,
but sometimes we want them to vanish without trace. At those times we
set the DSDB_CONTROL_REPLMD_VANISH_LINKS control.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
During the provision this causes a huge performance hit as these two
attributes are unindexed.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
This will be used to let the "password_hash" module know that
the value of pwdLastSet was defaulted to 0 in the "samldb" module
on add.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The urgent_replication.py test used the OID of uid, and this caused
other tests to fail
The other random OIDs should have been from under our arc, not under
iso.member-body.us
We split up the range a little to avoid some of the birthday paradox,
in the tests that create multiple OIDs.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
Unknown attributeID values would cause an exception previously, and
unsorted attributes cause a failure to replicate with Samba 4.2.
In commit 61b978872f we started
to sort these values correctly, but previous versions of Samba
did not sort them correctly (we sorted high-bit-set values as
negative), and then after 9c9df40220
we stoped accepting these.
To ensure we are allowed to make this unusual change to the
replPropertyMetaData, a new OID is allocated and checked
for in repl_meta_data.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Tombstone reanimation requries some special handling which is going
to affect several modules. Most notably:
- a bit different access checks in acl.c
- restore certain attributes during modify requests in samldb.c
Control added also to schema_samba4.ldif by Andrew Bartlett
hence the "pair programmed with" tag.
Change-Id: Ief4f7dabbbdc2570924fae48c30ac9c531a701f4
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This requires an additional control to be used in the
LSA server to add domain trust account objects.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Jan 15 14:54:47 CET 2015 on sn-devel-104
This is preliminary in that it is implemented as a no-op for a start
just to be able to successfully answer the request, which seems to be
sufficient in order to e.g. survive the exchange schema extensions.
Signed-off-by: Matthieu Patou <mat@matws.net>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Apr 18 02:48:28 CEST 2012 on sn-devel-104
Which allows the caller to pass a given 'pwdLastSet' value
(every useful for migrations).
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Oct 7 15:28:13 CEST 2011 on sn-devel-104
this control tells the partition module that the DN being created is a
partial replica, so it should modify the @PARTITION object to add the
partialReplica attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this control is used to ask samdb to not return searches with a basedn
in partial repica partitions, which is needed to support the
difference between a search on the 3268 GC ldap port and the non-GC
389 port
this is used when rewriting filter rules to replace a filter rule with
one that is guaranteed not to match
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This control is exactly thought for the actions which previously were performed
using the RELAX one.
We agreed that the RELAX control will only remain for interactions with OpenLDAP.
This control will allow the linked_attributes module to know if
repl_meta_data has already handled the creation of forward and back
links.
Andrew Bartlett
- Add a new control for getting status informations (domain informations,
password change status) directly from the module
- Add a new control for allowing direct hash changes
- Introduce an addtional control "change_old password checked" for the password
This will be called by getncchanges when a client asks for a
DRSUAPI_EXOP_FSMO_RID_ALLOC operation
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This is done by passing an extended operation to the partitions module
to extend the @PARTITION record and to extend the in-memory list of
partitions.
This also splits things up into module parts that belong above and below
repl_meta_data
Also slit the partitions module into two files due to the complexity
of the code
Andrew Barltett
This was a bad idea all along, as Simo said at the time. With the
full MS schema and enforcement of it, it is an even worse idea.
This fixes the provision of the member server in 'make test'
Andrew Bartlett
1. During instance creation the provisioning script will import the SASL
mapping for samba-admin. It's done here due to missing config schema
preventing adding the mapping via ldapi.
2. After that it will use ldif2db to import the cn=samba-admin user as
the target of SASL mapping.
3. Then it will start FDS and continue to do provisioning using the
Directory Manager with simple bind.
4. The SASL credentials will be stored in secrets.ldb, so when Samba
server runs later it will use the SASL credentials.
5. After the provisioning is done (just before stopping the slapd)
it will use the DM over direct ldapi to delete the default SASL
mappings included automatically by FDS, leaving just the new
samba-admin mapping.
6. Also before stopping slapd it will use the DM over direct ldapi to
set the ACL on the root entries of the user, configuration, and
schema partitions. The ACL will give samba-admin the full access
to these partitions.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
- Adds more system objects which make sense to have them in SAMBA 4 also to
have them when we add more and more services related to the directory (volume
support, DFS, replication service, COM...)
- Make sure that "isCriticalSystemObject" and "showInAdvancedViewOnly" attributes
are set correctly on each object
