| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
And don't cut them out from the DNS hostname.
|
| |
|
|
|
|
| |
For KERBEROS applications the realm should be upcase (function "lp_realm") but
for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch
implements the use of both in the right way.
|
| |
|
|
| |
I think the check for empty messages fits best here.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This avoids using an ldb_search(), which would run from the top of the
module stack. This will help us load the schema before the partitions
are initialised.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
| |
These take an ldb_module argument, and avoid doing the search from the
top of the stack again.
(This will help when modules are initialised before being added to the
partition set)
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
| |
This was a bad idea all along, as Simo said at the time. With the
full MS schema and enforcement of it, it is an even worse idea.
This fixes the provision of the member server in 'make test'
Andrew Bartlett
|
| | |
|
| | |
|
| |
|
|
| |
ids is retrurned via _ids, so it needs to be on the passed in mem_ctx
|
| |
|
|
|
|
|
|
|
| |
It's very useful to know the exact result code when something fails and not
only a generic (by the module) created one.
Sure, there are some exception cases with specific results (special message
constellations, attributes, values...) which shouldn't be changed at all
(examples of them are in the "ldap.py" test). Therefore I looked very
carefully to not change them.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Added the RELAX control to dsdb_origin_objects_commit(), as it needs
to modify system objects. This patch also fixes the use of ldb
transactions in that function, and fixes a memory leak.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This also uses systemPossibleInferiors when the 'relax' control is
specified, which is done by the provision.
Andrew Bartlett
|
| |
|
|
|
|
|
| |
This allows us to figure out what the system can add, which will not
be in possibleInferiors due to the systemOnly flag.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
| |
These additional constraints are applied, found by the Microsoft testsuite.
- When the parent is not present, we now return 'NO_SUCH_OBJECT'.
- Restrict the choice of RDN to the correct one per the schema
- Honour the allowedChildClasses attribute from the parent's objectClass.
Andrew Bartlett
|
| |
|
|
|
|
| |
(except as part of the provision, which specifies the 'relax' control)
Andrew Bartlett
|
| |
|
|
|
|
|
| |
- Add more "talloc_free"s and right error values where needed
- Add a pre-lookup for entries before searching for metadata attribute
(also suggested by TODO list)
- Now the most part of "ldap.py" works again
|
| |
|
|
| |
This error per the Microsoft testsuite
|
| | |
|
| |
|
|
| |
the minimum one)
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The issue here is that when we resolve DOM\\ into an NT4 name, we
would not initilise the nt4_account output.
Andrew Bartlett
|
| |
|
|
|
| |
The instanceType needs to be specified in future because that's how
the partitions are actually created.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This allows this control to be specified as critical. We support the
control because we choose to always be durable in our transactions.
We really, really need a 'duplicate request' API, as at the
moment we can't do this without a large, error-prone set of code that
cannot cope with new request fields or types.
Andrew Bartlett
|
| |
|
|
| |
request that specify objectGUID attribute.
|
| |
|
|
|
|
|
| |
The relative DN must be the one that the most specific structural
objectclass specifies.
Andrew Bartlett
|
| |
|
|
| |
We need to create Domain Users in the test ldb
|
| |
|
|
| |
This helped track down the samba3sam.py failures
|
| |
|
|
|
| |
As metze pointed out - this seems to be completely dead code. I too didn't find
any dependencies in other code parts. Therefore remove it.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a
binary blob. We need to support those in order to give correctly
formatted binary blobs for things like wellKnownObjects
This implementation is not ideal, as it allows for binary blobs on all
DNs, whereas it should only allow them on those with a syntax of
2.5.5.7. We should clean this up in the future, but meanwhile this
implementation at least gets us a working DC join of w2k8 to s4.
This patch also uses a static function for marking DNs as invalid,
which is very useful when debugging this code, as you can break on it
in gdb.
|
| |
|
|
|
|
| |
I came up with a better solution which is invoked when we try to join a domain
as a DC (in file "libnet_become_dc.c"). Consider a following commit for this
patch.
|
| |
|
|
| |
We were re-using a stack variable outside of the stack scope
|
| | |
|
| |
|
|
|
|
|
|
|
| |
When searching across partitions, we want to avoid sending duplicate
records caused by the record appearing both as a mount point and as a
partition root in a nested partition. This patch works by intercepting
objects from searches and checking if they match a partition root. If
they do, and the partition is not the one in the partition control
request, then discard the object.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
We may also need to remove the isCriticalSystemObject when the machine
is demoted
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
When we vampire from w2k8-r2, the DC sends us a linked attribute for
our machine account which has a target DN with a GUID of the OU=Domain
Controllers objects, but has a DN of CN=Computers. We need to use the
GUID to resolve the real DN.
|
| | |
|
