| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
a RODC net join can now replicate the schame, config and base
partitions, by calling the net.replicate*() python hooks, and driving
the GetNCChanges calls from python
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
|
|
|
| |
these calls allow python code to pass chunks from DRS replication
calls into the code that applies the chunks to a database
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
|
|
| |
this is used to setup for later calls to the replicate chunk functions
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
|
| |
They should be "unsigned" since they count LDB objects. And also the SID array
can be counted as "unsigned".
|
| |
|
|
|
|
|
|
|
| |
this allows for command line access to getncchanges
it also provides a good example of calling DRSUAPI interfaces from
python
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
|
|
|
| |
This fixes a crash when using kerberos and the python dcercpc
interface, which requires event nesting
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
| |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
| |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
| |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
|
|
| |
this is useful when debugging replication
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
| |
we just need to clear this flag
|
| |
|
|
|
|
| |
This does the join using python code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
| |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
|
|
|
|
|
| |
libnet_Replicate() will do just the replication portion of
libnet_Vampire(). This will be used by the RODC join, where the join
part of the operation happens in python, and behaves quite differently
to the libnet_Join() code.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
| |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
| |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
| |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| | |
|
| |
|
|
|
|
|
|
|
| |
struct dom_sid
This makes the structure much more like NT_USER_TOKEN in the source3/
code. (The remaining changes are that privilages still need to be merged)
Andrew Bartlett
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
|
| |
|
|
| |
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
|
| |
|
|
|
| |
This makes it much clearer which argument to a function had the wrong
type
|
| |
|
|
| |
metze
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch changes the behavior of LDAPCmp in a single domain
scenario. No place-holders will be applied during comparison
so replication will be fully tested and even the silightest
difference will pop up.
There is a second smaller fix when we compre hosts in different
domains. This fix disables ${SERVERNAME} paace-holder when there
are more then one serevr (domain controller) in the given domain.
|
| |
|
|
|
|
|
| |
when adding a user with the RODC_JOIN control, the samAccountName is
automatically set to the krbtgt_NNNNN form
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
|
|
| |
we need to actually return the SID!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
|
|
|
| |
this allows you to specify the RODC join control in python ldb calls
or on the command line
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
|
|
|
|
| |
when we deny a EXOP_REPL_SECRET call we should set the exop error code
to NONE, and the main return code to WERR_DS_DRA_ACCESS_DENIED (based
on observing windows server behaviour)
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rules for when a RODC can replicate secrets are:
- it can always replicate its own acct
- it can also replicate its krbtgt acct
- it can't replicate other krbtgt accts
- it can't replicate interdomain trust accounts
- it can't replicate users in the denied group list
- it can replicate users in the allowed group list
otherwise it can't replicate
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
|
|
| |
it should honor the component_name
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
|
|
|
|
| |
When a RODC uses extended getncchanges operation
DRSUAPI_EXOP_REPL_SECRET it gets an override on the ability to
replicate the secret attributes.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
|
|
|
|
| |
The getncchanges call needs to be able to access the sam as the system
user for RODC clients. To do this it needs a sam_ctx connection with
system credentials
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
trapped in blackbox tests
|
| |
|
|
| |
Also format in a pretty way the int64 ranges
|
| |
|
|
| |
reindexing
|
| |
|
|
|
|
| |
Full schema reloading is needed when we modify exisiting elements that
have attributes that comes from not from the default schema (ie.
openchange schema, user schema ..)
|
| |
|
|
|
| |
This is used by upgradeprovision to readd this delta just before loading
a merged schema
|
| |
|
|
| |
fix
|
| |
|
|
| |
increment_calculated_keyversion
|
| |
|
|
| |
it exists
|
| | |
|
| |
|
|
|
| |
When it comes to read logs and dumping data received
Octet String syntax comes in handy
|
| | |
|
