| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Instead, spit out an error message.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code was nice, but put in the wrong place (group mapping) and not
supported by most of the code, thus useless.
We will put back most of the code when our infrastructure will be changed
so that privileges actually really make sense to be set.
This is a first patch of a set to enhance all our mapping code cleaness and
stability towards a sane next beta for 3.0 code base
Simo.
|
|
|
|
|
|
| |
mallocs its key, so we should free it after use.
Volker
|
|
|
|
|
|
|
| |
Everybody who calls get_global_sam_sid expects this to return non-NULL, and
there are way too many places where this is called.
Volker
|
|
|
|
|
|
|
| |
Simo, I remember you complaining about a memleak there, could it be
this one, or did you resolve it at that time?
Volker
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
versions. Fixes bug #154.
|
|
|
|
| |
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* remove 'winbind uid' and 'winbind gid' parameters (replaced
by current idmap parameter)
* create the sambaUnixIdPool entries automatically in the 'ldap
idmap suffix'
* add new 'ldap idmap suffix' and 'ldap group suffix' parametrer
* "idmap backend = ldap" now accepts 'ldap:ldap://server/' format
(parameters are passed to idmap init() function
|
|
|
|
|
|
|
|
| |
Includes sambaUnixIdPool objectclass
Still needs cleaning up wrt to name space.
More changes to come, but at least we now have a
a working distributed winbindd solution.
|
| |
|
| |
|
|
|
|
| |
please check this?
|
|
|
|
| |
don't try to change a string that only differs in case
|
|
|
|
| |
Andrew Bartlett
|
|
|
|
| |
Reversed check.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
New objectclass named sambaSamAccount which uses attribute
prefaced with the phrase 'samba' to prevent future name clashes.
Change in functionality of the 'ldap filter' parameter. This always
defaults to "(uid=%u)" now and is and'd with the approriate objectclass
depending on whether you are using ldapsam_compat or ldapsam
conversion script for migrating from sambaAccount to
sambaSamAccount will come next.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
idmap-and-the-rest from HEAD.
These are correctness fixes that were already in 3.0, and a memory leak fix.
The pdb_ldap changes are held back at jerry's request (he is also playing
with pdb_ldap ATM).
Andrew Bartlett
|
|
|
|
|
|
| |
This is to get non-unix accounts going for the build farm.
Andrew Bartlett
|
|
|
|
| |
Jeremy.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.
Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.
The code has been tested and seem to work right, more testing is needed for
corner cases.
Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)
Simo.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
primaryGroupID (rid). This is consistant with the move from 'rid' to ntSid
for the primary user identifier.
Also cope with legacy installations where primaryGroupID might have been
stored as 0.
Andrew Bartlett
|
|
|
|
|
|
| |
entropy - use sys_random() instead.
Andrew Bartlett
|
| |
|
|
|
|
|
| |
that is now possible to, for example, load a module which contains
an auth method into a binary without the auth/ subsystem built in.
|
| |
|
|
|
|
| |
Jeremy.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lp_workgroup(), for all other server this is global_myname().
This is the name of the domain for accounts on *this* system, and getting
this wrong caused interesting bugs with 'take ownership' on member servers
and standalone servers at Snap.
(They lookup the username that they got, then convert that to a SID - but
becouse the domain out of the smbpasswd entry was wrong, we would fail the
lookup).
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
| |
to the system. This means that we always run Get_Pwnam(), and can never add
FOO when foo exists on the system (the idea is to instead add foo into
the passdb, using it's full name, RID etc).
Andrew Bartlett
|
| |
|
|
|
|
| |
function. Patch by metze with some minor modifications.
|
|
|
|
|
|
| |
it from the UID.
Andrew Bartlett
|
|
|
|
|
|
| |
to make it up from the algorithm...
Andrew Bartlett
|
|
|
|
|
|
| |
for the 'normal' case (not --with-ldapsam).
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes 'non unix account range' (same as idra's change in HEAD),
and uses the winbind uid range instead.
More importanly, this patch changes the LDAP schema to use 'ntSid' instead
of 'rid' as the primary attribute. This makes it in common with the group
mapping code, and should allow it to be used closely with a future idmap_ldap.
Existing installations can use the existing functionality by using the
ldapsam_compat backend, and users who compile with --with-ldapsam will get
this by default.
More importantly, this patch adds a 'sambaDomain' object to our schema -
which contains 2 'next rid' attributes, the domain name and the domain sid.
Yes, there are *2* next rid attributes. The problem is that we don't 'own'
the entire RID space - we can only allocate RIDs that could be 'algorithmic'
RIDs. Therefore, we use the fact that UIDs in 'winbind uid' range will be
mapped by IDMAP, not the algorithm.
Andrew Bartlett
|
| |
|
| |
|