| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
| |
This patch moves the ldap routines out of passdb into a generic
library and implements an LDAP backend for IDMAP. THe backend
can be enabled with "idmap backend = ldap" in smb.conf. THere
are also schema changes to make sure to update teh ldap schema files.
|
| | |
|
| |
|
|
|
| |
Andrew Bartlett
C VS: ----------------------------------------------------------------------
|
| |
|
|
|
|
|
|
| |
are handled, though we assume that always everything needs to
be updated in LDAP. PDB_IS_* is not done yet for groups.
Do we need it?
Volker
|
| |
|
|
| |
- Make passdb work with absolute paths (passdb backend = /path/to/smbpasswd.so works now). vfs, rpc and charset will follow
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
|
|
|
| |
easier to understand by moving the logic for init_ldap_from_sam
and friends around.
Volker
|
| |
|
|
|
|
| |
hand can be somewhat error-prone..
Volker
|
| |
|
|
|
|
|
|
|
| |
are 'SET' when adding the account.
I really don't like passing flags down to inner routines and
complicated if/else conditions, but this time he might be right. ;-)
Volker
|
| |
|
|
|
|
|
|
| |
for the 'ldap del only sam attr' functionality. So
we are compatiple to the current SuSE patches as well
as to TNG... ;-)
Volker
|
| |
|
|
|
|
|
|
|
|
|
| |
> Hi Volker,
>
> if 'displayName' is not available we should fallback to 'cn' for map->nt_name
> 'cn' is used as unix group name by nss_ldap.
>
> and if nt_name is not available we should fail (so does this patch)
Volker
|
| | |
|
| |
|
|
|
|
|
| |
This repairs domain join with fully existing wks-account which I broke
with my last patch...
Volker
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
anymore, but instead look at what is currently stored in the
database. Then we explicitly delete the existing attribute and add the
new value if it is not NULL or "". This way we can handle appearing
and disappearing attributes quite nicely.
This currently breaks pdbedit -o, as this does not set the CHANGED
flag on the SAM_ACCOUNT.
Jelmer suggested that we set all the fields on CHANGED in
context_add_sam_account. This sounds not too unreasonable.
Volker
|
| |
|
|
|
|
| |
when setting the password.
Andrew Bartlett
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
when debugging pdc stuff...
Volker
|
| |
|
|
| |
Volker
|
| | |
|
| |
|
|
| |
put a doc about it in dev-doc later today.
|
| |
|
|
|
|
|
| |
This patch is heavily based on a patch by SuSE. Thanks
to Guenther Deschner <gd@suse.de> for providing it.
Volker
|
| | |
|
| |
|
|
| |
Volker
|
| |
|
|
| |
Volker
|
| |
|
|
| |
Volker
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- packing/unpacking utility functions for trusted domain
password struct; can be used to prepare buffer to store
in secrets.tdb or (soon) passdb backend
- similiar functions for DOM_SID
- respectively modified secrets_(fetch|store) routines
- new auth mapping code utilising introduced is_trusted_domain
function
- added tdb (un)packing of single bytes
Rafal
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current locking scheme in winbind is a complete mess - indeed, the
next step should be to push the locking into cli_full_connection(), but
I'll leave it for now.
This patch works on the noted behaviour that 2 parts of the connection
process need protection - and independent protection. Tim Potter did
some work on this a little while back, verifying the second case.
The two cases are:
- between connect() and first session setup
- during the auth2 phase of the netlogon pipe setup.
I've removed the counter on the lock, as I fail to see what it gains us.
This patch also adds 'anonymous fallback' to our winbindd -> DC connection.
If the authenticated connection fails (wbinfo -A specifed) - say that
account isn't trusted by a trusted DC - then we try an anonymous.
Both tpot and mbp like the patch.
Andrew Bartlett
|
| |
|
|
|
|
| |
- Add smb_probe_module()
- Add init_modules()
- Call these functions
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The intention is to remove the muliple passdb backends, but we need the
'guest' account to always be there. If the admin adds the guest account to
(say) LDAP, there will only be one backend required for operation.
This helps remove some nasty behaviours with adding accounts to the system
for both the RPC 'create user' and the SAMSYNC code. Users 'added' with
an 'add user/machine' script won't magicly appear, and machine accounts
'pre-added' to unix, but not the smbpasswd file will not cause mayhem.
This commit also implements somthing tridge discussed with me, the concept
of 'default' passdb operation pointers - so that each backend does not
need it's own stub funcitons wrapping the default tdb privilages/group
mapping code.
This also removes an implicit 'sid->name' and 'name->sid' mapping from our
own local SID space, to winbind usernames. When adding mapping for NIS/LDAP
non-sam users in future, we need to be careful.
Andrew Bartlett
|
| |
|
|
| |
hooked into pdb, and we need some access control on changing privileges. That's next
|
| |
|
|
|
|
|
| |
get them in should be indeterminate, so just picking the first one would be
bad...
Andrew Bartlett
|
| |
|
|
|
|
|
|
| |
blame for the realloc() stuff.
Plus a couple of minor updates to libads.
Andrew Bartlett
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
remove ldap_msgfree(result); as result is unitialized at this point
|
| |
|
|
|
|
| |
connectivity problems.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
|
|
| |
last changed at '0'.
We need to actually change this password sometime...
Andrew Bartlett
|
| |
|
|
|
| |
on work by <steve@griffin.sio2.nl>.
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
don't need a second just for pdb.
Also, remove magic 'is lp_guest_account' test - the magic RID should be
up to the passdb backend to set.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
|
| |
|
|
|
| |
named. Ensure we can query them.
Jeremy.
|
| |
|
|
| |
server = DC1 *
|
| |
|
|
| |
use FUNCTION_MACRO instead of __FUNCTION_
|
| |
|
|
| |
more useful error codes.
|
