freeipa.git/daemons/ipa-slapi-plugins/ipa-cldap, branch kdc-fixes

fix Makefile.am for daemons

2015-03-26T13:58:37+00:00

Reviewed-By: Alexander Bokovoy 
Reviewed-By: Sumit Bose

ipa-cldap: support NETLOGON_NT_VERSION_5EX_WITH_IP properly

2015-01-19T11:05:52+00:00

According to MS-ADTS 6.3.3.2, "Domain Controller Response to an LDAP Ping",
if NETLOGON_NT_VERSION_5EX_WITH_IP is requested in NtVer, we should fill the
socket address of the server and set the NtVer of the response accordingly.

The behavior is a bit unclear from 6.3.3.2 but Samba expects LDAP ping to behave
the same way as a mailslot ping, described in 6.3.5, where socket address of the
server is included only if _WITH_IP variant was requested in NtVer.  If NtVer
only contains NETLOGON_NT_VERSION_5EX (without _WITH_IP bit), socket
address should not be filled in.

Additionally, this means we should use special variant of
ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX helper named
ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags to properly handle optional
existence of the socket address in the response.

https://fedorahosted.org/freeipa/ticket/4827

Reviewed-By: Sumit Bose 
Reviewed-By: Simo Sorce

CLDAP: add unit tests for make_netbios_name

2014-01-23T17:14:23+00:00

CLDAP: generate NetBIOS name like ipa-adtrust-install does

2014-01-23T17:14:23+00:00

Fixes  https://fedorahosted.org/freeipa/ticket/4116

CLDAP: do not prepend \\

2014-01-15T15:26:09+00:00

For NETLOGON_NT_VERSION_5EX requests the prepended \\ is not expected in
the PDC NetBIOS name. In general AD seems to be smart enough to handle
the two \ signs. But if the NetBIOS name reaches the maximum of 15
character AD does not accept the responses anymore.

Fixes https://fedorahosted.org/freeipa/ticket/4028

ipa-cldap: Cut NetBIOS name after 15 characters

2013-12-11T12:23:38+00:00

The CLDAP DS plugin uses the uppercased first segment of the fully
qualified hostname as the NetBIOS name. We need to limit its size
to 15 characters.

https://fedorahosted.org/freeipa/ticket/4028

Remove CFLAGS duplication.

2013-12-06T13:44:41+00:00

https://fedorahosted.org/freeipa/ticket/3896

Fix compilation error in ipa-cldap.

2013-12-06T13:44:40+00:00

https://fedorahosted.org/freeipa/ticket/3896

Clarify error message about IPv6 socket creation in ipa-cldap plugin

2013-12-03T15:27:12+00:00

https://fedorahosted.org/freeipa/ticket/4056

CLDAP: do not read IPA domain from hostname

2013-09-27T13:06:21+00:00

Currently the CLDAP plugin determines the IPA domain name by reading
the current host name and splitting of the domain part. But since an IPA
server does not have to be in a DNS domain which has the same name as
the IPA domain this may fail. The domain name was used to search the
ipaNTDomainAttrs object, but since this object is unique in the tree it
is sufficient to use the objectclass in the search filter. Now the IPA
domain can be read from the ipaNTDomainAttrs object as well.

Fixes https://fedorahosted.org/freeipa/ticket/3941