| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Can be used to unlock a user when the badPwdCount has been reached.
Introduces SamDB error classes, as suggested by
Douglas Bagnall <douglas.bagnall@catalyst.net.nz> - thanks!
This helps to handle expected failures.
Tracebacks of really unexpected failures will not be hidden.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
The remaining compat code (get_string, get_bytes,
cmp) are useful helper routines which we should
simply merge into common (especially since there
is some duplication here).
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Fri Oct 2 14:49:36 UTC 2020 on sn-devel-184
|
|
The import dsdb needed for dsdb_Dn causes import
errors when trying to import get_bytes/get_string
in some places.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Add a method to construct the fullname, using the given name, the initials
and the surname.
If one of this values is empty, try to use the old one, given by an
attributs set.
If the combination is empty, the method will return the fallback-default
parameter.
Use this method to construct the CN or the displayName of users or
contacts.
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Add a method to prepare a given Message to replace the given attribute.
If the given new value is None or the old value and the new value are
the same, do nothing.
If the new value is empty, prepare to replace the given attribute with
[].
Else prepare to replace the given attribute with the new value.
Use this for samdb.modify(msg).
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
|
|
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
The --member-dn option allows to specify an object by it's DN.
This is required to select a specific object if there are more than one
with the same name. Multiple contacts can exist with the same name in
different OUs.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
Use a group search filter which is similar to the filter which is used
by the basic MS Windows group membership management.
The filter excludes the group type GROUP_TYPE_BUILTIN_LOCAL_GROUP.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
Use a user search filter which is similar to the filter which is used
by the basic MS Windows group membership management.
The filter filters for objects with the sAMAccountType ATYPE_NORMAL_ACCOUNT.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
member filters
Add the 'computer' type to the default member types, so that the next
commit does not change the default behavior.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
There can be more than one contact with the same name.
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
The filters are based on the MS Windows filter, which are used by the
basic group member management dialog.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
The option can be used to specify the type of the object which have to
be added to (or removed) from a group. The search filter for the objects
will be created according to the types.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
Usage: samba-tool contact <subcommand>
Contact management.
Available subcommands:
create - Create a new contact.
delete - Delete a contact.
edit - Modify a contact.
list - List all contacts.
move - Move a contact object to an organizational unit or container.
show - Display a contact.
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
|
|
Fix bytes being compared against ldb.bytes
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Note: Fix needed also for gpo.apply
minPwdAge, maxPwdAge, minPwdLength & set_pwdProperties all
have a line like
value = str(value).encode('utf8')
this is a generic type statement I guess to convert int, float etc
to utf8 encoded bytes representing the string value for those.
This worked fine in PY2 but in py3 some routine already are passing
bytes into these methods, in these cases e.g. b'200' will get converted
to "b'200'", this change only performs the conversion above for non
bytes (or str) types by replacing the above with
if not isinstance(value, binary_type):
value = str(value).encode('utf8')
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
This is not always going to work, and is not guaranteed to be
consistent even between minor versions.
Here is a simple counterexample:
>>> a = 'hello'
>>> a is 'hello'
True
>>> a is 'hello'.lower()
False
>>> a == a.lower()
True
Possibly it always works for the empty string, but we cannot rely
on that.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Oct 29 23:13:36 CET 2018 on sn-devel-144
|
|
Python's property() function works like this:
property([getter[, setter[, delete[, doc]]]])
but we have been forgetting the delete function, or rather setting it
to be a string. A string is not callable and is unlikely to succeed at
deleting the property.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
This will make the API work in a nature way.
Also, because of a defect in ldb API, code like `res[0]["maxPwdAge"][0]`
will return bytes even in Python3, which will cause trouble. By casting
the value to int, we avoid the str/bytes issue.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
When we change schema values, we should trigger a schema update to refresh
the changes applied. This is called after a change is made. A helper to
samdb is added so that it's easier for other locations to call additionally.
Signed-off-by: William Brown <william@blackhats.net.au>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 29 08:30:52 CEST 2018 on sn-devel-144
|
|
Schema management in active directory is complex and dangerous. Having
a tool that safely wraps administrative tasks as well as allowing query
of the schema will make this complex topic more accessible to administrators.
Signed-off-by: William Brown <william@blackhats.net.au>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
|
|
In python2 you can encode a 'str' type which doesn't really make sense
since it is already bytes (as such). In python3 this isn't possible you
can't encode bytes or decode strings. Also because you can call encode
on 'str' in python2 it tries to to what you wanted and it implicity
calls decode('ascii') before performing the encode. This is why we get
mention of ascii codec in the error. This patch should future proof for
python3 also.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13435
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
CN=Users --> CN=Computers
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
|
|
This pathch is based on Björn Baumbach's work:
1. Add `--ip-address` option for create subcommand, to allow user set DNS
A or AAAA records while creating the computer.
2. Delete above DNS records while deleting the computer.
3. Add `--service-principal-name` option for create command, to allow user
set `servicePrincipalName` while creating the computer.
4. Tests.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Usage: samba-tool computer <subcommand>
Computer management.
Available subcommands:
create - Create a new computer.
delete - Delete a computer.
list - List all computers.
move - Move a computer to an organizational unit/container.
show - Display a computer AD object
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
This sets the backendStore field in @PARTITION, depending on which
argument you set in the provision.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
This makes it possible to add foreign SIDS as group members.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
This is noticably faster in cases (e.g. tests) where the same user
is added and deleted many times.
The rreason is samaccountname is retained for deleted objects, so the
search finds multiple objects that need to be filtered out internally.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
