d2633d922eeed68f92be4248b9172b928c189920 |
|
25-Apr-2018 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: Augment the sdap_opts structure with a data provider pointer
In order to be able to use the Data Provider methods from the SDAP code
to e.g. invalidate memcache when needed, add a new field to the
sdap_options structure with the data_provider structure pointer.
Fill the pointer value for all LDAP-based providers.
Related:
https://pagure.io/SSSD/sssd/issue/2653
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> |
dacfe74113dde62ddaaa7f9abf9d2b6448d89db6 |
|
06-Dec-2017 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: Only run the POSIX check with a GC connection
Previously, we used to run the POSIX check also with an LDAP connection.
This was wasteful, but worked, so the waste wasn't the biggest problem
-- the approach would only cause problems with the following patch which
uses a NULL search base to search the Global Catalog, because searching
with a SUBTREE scope and a NULL base returns a referral with an LDAP
connection.
Instead, this patch uses a heuristics (whether the connection ignores
the offline state) to check if the connection is a POSIX one and if it
is NOT, then skips the POSIX check.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com> |
8e93ebb2a6f7644c389c1d1f4e92a21c4d0b2b45 |
|
06-Dec-2017 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: Extract the check whether to run a POSIX check to a function
This will reduce the code duplication in the following patches and will
allow to keep all the logic on one place so that when/if we change the
code in the future, we only have to change the single place.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com> |
f2e70ec742cd7aab82b74d7e4b424ba3258da7aa |
|
14-Sep-2017 |
Sumit Bose <sbose@redhat.com> |
IPA: fix handling of certmap_ctx
This patch fixes a use-after-free in the AD provider part and
initializes the certmap_ctx with data from the cache at startup.
Related to https://pagure.io/SSSD/sssd/issue/3508
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
823d8292c4658b51821514adf21939e04b7423ed |
|
16-Jan-2017 |
Lukas Slebodnik <lslebodn@redhat.com> |
LDAP: Remove unused parameter attr_type from groups_get_send
Reviewed-by: Michal Židek <mzidek@redhat.com> |
50a7a92f92e1584702bf25e61a50cb1c09c7e260 |
|
29-Jul-2016 |
Sumit Bose <sbose@redhat.com> |
SDAP: add enterprise principal strings for user searches
Unfortunately principal aliases with an alternative realm are stored in
IPA as the string representation of an enterprise principal, i.e.
name\@alt.realm@IPA.REALM. To be able to lookup the alternative
principal in LDAP properly the UPN search filter is extended to search
for this type of name as well.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
3d29430867cf92b2d71afa95abb679711231117c |
|
15-Jul-2016 |
Pavel Březina <pbrezina@redhat.com> |
DP: rename be_acct_req to dp_id_data
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
dea636af4d1902a081ee891f1b19ee2f8729d759 |
|
20-Jun-2016 |
Pavel Březina <pbrezina@redhat.com> |
DP: Switch to new interface
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
cc2d77d5218c188119fa954c856e858cbde76947 |
|
20-Jun-2016 |
Pavel Březina <pbrezina@redhat.com> |
Rename dp_backend.h to backend.h
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
ad5a48c4947183fda49308259e3411d17a8b0a13 |
|
19-Jan-2016 |
Pavel Březina <pbrezina@redhat.com> |
SDAP: Add sdap_or_filters
Reviewed-by: Sumit Bose <sbose@redhat.com> |
92ec40e6aa25f75903ffdb166a8ec56b67bfd77d |
|
19-Jan-2016 |
Pavel Březina <pbrezina@redhat.com> |
SDAP: rename sdap_get_id_specific_filter
More generic name is used now since it is not used only for id
filters. Probably all references will be deleted when the code
uses sdap_search_in_bases istead of custom search base iterators.
Reviewed-by: Sumit Bose <sbose@redhat.com> |
d0599eaa9369fd867953e3c58b8d7bb445525ff5 |
|
19-Jan-2016 |
Pavel Březina <pbrezina@redhat.com> |
SDAP: Add request that iterates over all search bases
We often need to iterate over many search bases but we always use
mostly copy&paste iterator. This will reduce code duplication and
simplify code flow.
Reviewed-by: Sumit Bose <sbose@redhat.com> |
8835ecb2ff5126629993a6b6d3fb0bb7baa3b765 |
|
12-Oct-2015 |
Pavel Reichl <preichl@redhat.com> |
sudo: remove unused param. in ldap_get_sudo_options
Remove unused talloc memory context.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
cf66c53e46fad46f47489f43265c58004e0e39d4 |
|
22-Sep-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: Move sdap_create_search_base from ldap to sdap code
The function shouldn't be placed in the LDAP tree, but in the SDAP tree
to make it usable from tests without linking to libraries that are
normally linked from LDAP provider (such as confdb)
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
63fb0857378c450d9806b1a3c6bb5657f00a8ba1 |
|
11-Sep-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
SDAP: Remove unused function
Reviewed-by: Pavel Reichl <preichl@redhat.com> |
2922461ea5357f4035a5ca7bdd84013db8767376 |
|
15-Jul-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: Fetch users and groups using wildcards
Related:
https://fedorahosted.org/sssd/ticket/2553
Adds handler for the BE_FILTER_WILDCARD in the LDAP provider. So far
it's the same code as if enumeration was used, so there are no limits.
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
7abec79ff6eeaff043c995bbb0a152ca3e0744e7 |
|
14-Jun-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: Consolidate SDAP_SASL_REALM/SDAP_KRB5_REALM behaviour
Reviewed-by: Sumit Bose <sbose@redhat.com> |
40bc389bc79bc41429b5a92d5ce75955f8eefaf5 |
|
01-Jun-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
Skip enumeration requests in IPA and AD providers as well
Checking the enum request in the underlying LDAP provider to skip it
might be too late as the richer IPA or AD providers depend on having a
useful result when the sdap request finishes.
Move the enumeration check earlier instead and allow directly in the IPA
or AD handler.
Related:
https://fedorahosted.org/sssd/ticket/2659
Reviewed-by: Sumit Bose <sbose@redhat.com> |
d81d8d3dc151ebc95cd0e3f3b14c1cdaa48980f1 |
|
17-Mar-2015 |
Sumit Bose <sbose@redhat.com> |
LDAP/AD: do not resolve group members during tokenGroups request
During initgroups requests we try to avoid to resolve the complete
member list of groups if possible, e.g. if there are no nested groups.
The tokenGroups LDAP lookup return the complete list of memberships for
a user hence it is not necessary lookup the other group member and
un-roll nested groups. With this patch only the group entry is looked up
and saved as incomplete group to the cache.
This is achieved by adding a new boolean parameter no_members to
groups_get_send() and sdap_get_groups_send(). The difference to config
options like ldap_group_nesting_level = 0 or ignore_group_members is
that if no_members is set to true groups which are missing in the cache
are created a incomplete groups. As a result a request to lookup this
group will trigger a new LDAP request to resolve the group completely.
This way no information is ignored but the time needed to read all data
is better distributed between different requests.
https://fedorahosted.org/sssd/ticket/2601
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
17531a398cc9084036cb08d69fe876a8f12707bb |
|
08-Mar-2015 |
Pavel Březina <pbrezina@redhat.com> |
be_refresh: add sdap_refresh_init
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
a849d848d53f305a90613a74c1767a42b250deda |
|
08-Mar-2015 |
Pavel Březina <pbrezina@redhat.com> |
sdap_handle_acct_req_send: remove be_req
be_req was used only as a talloc context for subreq. This memory context
was replace by state of the parent request which is more suitable for
tevent coding style.
This change will allow us to use this function in be_refresh where
none be_req is available.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
b0d3164ca2bd842e176268c26935c5ce54f7f76e |
|
08-Mar-2015 |
Pavel Březina <pbrezina@redhat.com> |
be_refresh: refresh all domains in backend
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
f8407faaeb6726bef6463d84f183f2b0ad1f99d4 |
|
29-Jan-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: Pass a private context to enumeration ptask instead of hardcoded connection
Previously, the sdap-domain enumeration request used a single connection context to
download all the data. Now we'd like to use different connections to
download different objects, so the ID context is passed in and the
request itself decides which connection to use for the sdap-domain
enumeration. |
d81ce5550ba1fdebd958483d7322052c8b39c33b |
|
30-Oct-2013 |
Pavel Březina <pbrezina@redhat.com> |
sdap: add sdap_domain_get_by_dn()
This function will find sdap domain by comparing object dn
with domain base dn.
Resolves:
https://fedorahosted.org/sssd/ticket/2064 |
6e3f79799ce7e736dd19ae2e05a60dc1901613f1 |
|
25-Oct-2013 |
Pavel Březina <pbrezina@redhat.com> |
dp: convert cleanup task to be_ptask
Resolves:
https://fedorahosted.org/sssd/ticket/1968 |
efe6b4a9d374339cac2528cdeb43720957c6b7c9 |
|
25-Oct-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
AD: Use the ad_access_filter if it's set
Related:
https://fedorahosted.org/sssd/ticket/2082
Currently the AD access control only checks if an account has been
expired. This patch amends the logic so that if ad_access_filter is set,
it is used automatically. |
d67a80baf0bdc888297d3587c98f8a12d4827ebc |
|
25-Oct-2013 |
Lukas Slebodnik <lslebodn@redhat.com> |
AD: fall back to LDAP if GC is not available.
AD provider went offline if the Global Catalog could not be connected although
there was also the LDAP port available. With this patch, AD provider will
fall back to the LDAP port before going offline.
New boolean flag ignore_mark_offline was added to structure sdap_id_conn_ctx
If this flag is enabled function be_mark_offline will not be called.
Resolves:
https://fedorahosted.org/sssd/ticket/2104 |
74802794554e0f87d1354b6788f1719cd7d80a6c |
|
18-Sep-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
AD: Download master domain info when enumerating
https://fedorahosted.org/sssd/ticket/2068
With the current design, downloading master domain data was tied to
subdomains refresh, triggered by responders. But because enumeration is
a background task that can't be triggered on its own, we can't rely on
responders to download the master domain data and we need to check the
master domain on each enumeration request. |
21f749c9300a1a51f3eb83d7f1483ec2fe15b3cc |
|
18-Sep-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: sdap_id_setup_tasks accepts a custom enum request
AD provider will override the default with its own. |
fc6afb011198f84a30e6598c62923b5a588ccd54 |
|
11-Sep-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: Store cleanup timestamp after initial cleanup
When the SSSD changes serves (and hence lastUSN) we perform a cleanup as
well. However, after recent changes, we didn't set the cleanup timestamp
correctly, which made the lastUSN logic fail. |
1c4144a6ce68dbd54c7c08a517d1f982ea57f19a |
|
28-Aug-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: Make sdap_id_setup_tasks reusable for subdomains
Instead of always performing the setup for the main domain, the setup
can now be performed for subdomains as well. |
66edf42c51f8591c93204b6490c103fa51346f47 |
|
28-Aug-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: Make the cleanup task reusable for subdomains
Instead of always performing the cleanup on the main domain, the task
now accepts a sdap_domain structure to perform the cleanup on. This
change will make the cleanup task reusable for subdomains. |
34a63c4a00096da7a8e09d49b5970bb1f807eddc |
|
28-Aug-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: Make cleanup synchronous
The LDAP cleanup request was asynchronous for no good reason, probably a
leftover from the days of async sysdb. This patch makes it sychronous
again, removing a lot of uneeded code. |
5894f059b6f97a9dfd63f6e9ab544c636dd58665 |
|
28-Aug-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: Convert enumeration to the ptask API
https://fedorahosted.org/sssd/ticket/1942
Identity providers other than LDAP need to customize the enumeration in
different ways while sharing the way the task is scheduled etc. The
easiest way to accomplish it is to leverage the recently introduced
ptask framework. |
8ca73915a3bf60331468fed6b3b38652c979f95d |
|
28-Aug-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: Move the ldap enum request to its own reusable module
The LDAP enumeration was too closely tied to the LDAP identity provider.
Because some providers might need special handling such as refresh the
master domain record before proceeding with the enumeration itself, this
patch splits the request itself to a separate async request and lets the
ldap_id_enum.c module only configure this new request.
Also move the enum timestamp to sdap_domain to make the enum tracking
per sdap domain. The cleanup timestamp will be moved in another patch. |
4e3ba17a3376b635cb0d9ae60a6d4e712ded01a0 |
|
28-Jun-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
AD: Move storing sdap_domain for subdomain to generic LDAP code
Makes creating the sdap_domain structure for a subdomain reusable
outside AD subdomain code where it was created initially.
Subtask of:
https://fedorahosted.org/sssd/ticket/1962 |
7b5e7e539ae9312ab55d75aa94feaad549b2a708 |
|
10-Jun-2013 |
Pavel Březina <pbrezina@redhat.com> |
providers: refresh expired netgroups
https://fedorahosted.org/sssd/ticket/1713 |
556040eac686265f8a3b20e2a744210607cba95c |
|
07-Jun-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: split a function to create search bases
This function will be used later to fill the sdap_domain structures with
search bases. |
ca344fdecdf127c80ad1074047aeba21e1165313 |
|
07-Jun-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: return sdap search return code to ID
By default, the LDAP searches delete the entry from cache if it wasn't
found during a search. But if a search wants to try both Global Catalog
and LDAP, for example, it might be beneficial to have an option to only
delete the entry from cache after the last operation fails to prevent
unnecessary memberof operations for example. |
749cfb5d3270b5daf389d51a0dbd3fd2aec6e05d |
|
07-Jun-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: new SDAP domain structure
Previously an sdap_id_ctx was always tied to one domain with a single
set of search bases. But with the introduction of Global Catalog
lookups, primary domain and subdomains might have different search
bases.
This patch introduces a new structure sdap_domain that contains an sssd
domain or subdomain and a set of search bases. With this patch, there is
only one sdap_domain that describes the primary domain. |
9aa117a93e315f790a1922d9ac7bd484878b621e |
|
07-Jun-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: Pass in a connection to ID functions
Instead of using the default connection from the sdap_id_ctx, allow the
caller to specify which connection shall be used for this particular
request. Again, no functional change is present in this patch, just
another parameter is added. |
e6e129a40e69af52a12deed91f68fff3569c51ce |
|
07-Jun-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: Refactor account info handler into a tevent request
The sdap account handler was a function with its own private callback
that directly called the back end handlers. This patch refactors the
handler into a new tevent request that the current sdap handler calls.
This refactoring would allow the caller to specify a custom sdap
connection for use by the handler and optionally retry the same request
with another connection inside a single per-provider handler.
No functional changes are present in this patch. |
dcb44c39dda9699cdd6488fd116a51ced0687de3 |
|
07-Jun-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: sdap_id_ctx might contain several connections
With some LDAP server implementations, one server might provide
different "views" of the identites on different ports. One example is
the Active Directory Global catalog. The provider would contact
different view depending on which operation it is performing and against
which SSSD domain.
At the same time, these views run on the same server, which means the same
server options, enumeration, cleanup or Kerberos service should be used.
So instead of using several different failover ports or several
instances of sdap_id_ctx, this patch introduces a new "struct
sdap_id_conn_ctx" that contains the connection cache to the particular
view and an instance of "struct sdap_options" that contains the URI.
No functional changes are present in this patch, currently all providers
use a single connection. Multiple connections will be used later in the
upcoming patches. |
eb64d3406c15dcc5cb42c94488737bdbb9a15655 |
|
20-May-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
Remove unneeded parameter of setup_child and namespace it
setup_child() was accepting a parameter it didn't use. Also the function
name was too generic, so I added a sdap prefix. |
e0d861963e10c5aba79ad87f8c48b0ce1bec06ca |
|
19-Nov-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
LDAP: Provide a common sdap_set_sasl_options init function
The AD and IPA initialization functions shared the same code. This patch
moves the code into a common initialization function. |
41be4e3976cf66823ad2c6880671ac7fbafdc640 |
|
23-Aug-2012 |
Pavel Březina <pbrezina@redhat.com> |
Clean up cache on server reinitialization
https://fedorahosted.org/sssd/ticket/734
We successfully detect when the server is reinitialized by testing
the new lastUSN value. The maximum USN values are set to zero, but
the current cache content remains.
This patch removes records that were deleted from the server.
It uses the following approach:
1. remove entryUSN attribute from all entries
2. run enumeration
3. remove records that doesn't have entryUSN attribute updated
We don't need to do this for sudo rules, they will be refreshed
automatically during next smart/full refresh, or when an expired rule
is deleted. |
d7e3035f018828fcd41b0cc1c0012fab6012f782 |
|
01-Aug-2012 |
Jan Zeleny <jzeleny@redhat.com> |
Primary server support: LDAP adaptation
This patch adds support for the primary server functionality into LDAP
provider. No backup servers are added at the moment, just the basic
support is in place. |
5f73b623fc72e3b9b3590420825f30e618b4d4dd |
|
29-Jun-2012 |
Pavel Březina <pbrezina@redhat.com> |
sudo ldap provider: load host filter configuration on init
We need to load host information during provider initialization.
Currently it loads only values from configuration files, but it is
implemented as an asynchrounous request as it will later try to
autodetect these settings (which will need to contact DNS). |
58d02e0d3d6d48c97fccdb2ad7212e065671ad6d |
|
03-May-2012 |
Stephen Gallagher <sgallagh@redhat.com> |
LDAP: Add helper routine to convert LDAP blob to SID string |
8538f3d5109c548049c344fa042684d9d40f04d6 |
|
03-May-2012 |
Stephen Gallagher <sgallagh@redhat.com> |
LDAP: Enable looking up ID-mapped users by name |
3ff729e6c8a371e7a52914772816c39ca73c50a9 |
|
24-Feb-2012 |
Jan Zeleny <jzeleny@redhat.com> |
Modifications to simplify list_missing_attrs |
087219897d8b8a92d7d33da3fa30883d40ad8cdb |
|
23-Feb-2012 |
Stephen Gallagher <sgallagh@redhat.com> |
IPA: Add ipa_parse_search_base()
Previously, we were using sdap_parse_search_base() for setting up
the search_base objects for use in IPA. However, this was
generating unfriendly log messages about unknown search base
types. This patch creates a new common_parse_search_base() routine
that can be used with either LDAP or IPA providers.
https://fedorahosted.org/sssd/ticket/1151 |
620033ce66f4827be9d508c77483fab0270d9869 |
|
07-Feb-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
AUTOFS: IPA provider |
cc84fd46f356c4a36a721ab135a33ec77c93e34d |
|
06-Feb-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
AUTOFS: LDAP provider |
5d00ee0e07dea78806df780db69e94900e5bb8c0 |
|
04-Feb-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
Move BUILD_SUDO outside the generic LDAP source files
Avoid #ifdefs in the general part of the code |
796463906a54e259bd5b582ce84af4297a58eafc |
|
31-Jan-2012 |
Stephen Gallagher <sgallagh@redhat.com> |
LDAP: Add support for service lookups (non-enum) |
eb54e05c9658a7274e3238813c54dd0c6577d3ec |
|
17-Jan-2012 |
Pavel Březina <pbrezina@redhat.com> |
SUDO Integration - periodical update of rules in data provider
https://fedorahosted.org/sssd/ticket/1110
Adds new configuration options:
- ldap_sudo_refresh_enabled - enable/disable periodical updates
- ldap_sudo_refresh_timeout - rules timeout (refresh period) |
8edf0e447266d68f10264eb3f3ea514cd1687041 |
|
19-Dec-2011 |
Jakub Hrozek <jhrozek@redhat.com> |
Pass sdap_id_ctx to online check from IPA provider |
e9eeb4302e0e426c6cc1a4e65b95a6f7066e80b9 |
|
16-Dec-2011 |
Pavel Březina <pbrezina@redhat.com> |
SUDO integration - LDAP provider |
10b6b1fc57bb7c2edb4cfd0a0038303bd33722bc |
|
16-Dec-2011 |
Pavel Březina <pbrezina@redhat.com> |
SUDO Integration - LDAP configuration options |
f4093e062cf1646b8f01d7078e63708aeb36a95d |
|
25-Nov-2011 |
Jakub Hrozek <jhrozek@redhat.com> |
Fix sdap_id_ctx/ipa_id_ctx mismatch in IPA provider
This was causing a segfault during HBAC processing and any ID lookups
except for netgroups |
9f761434e5fbc5c033a85fb69d6e360e3ba4db58 |
|
23-Nov-2011 |
Jan Zeleny <jzeleny@redhat.com> |
Modified sdap_parse_search_base() |
7d9f54f5ec7c72336c4f69dbf20d55f1f64b88d2 |
|
23-Nov-2011 |
Jan Zeleny <jzeleny@redhat.com> |
Renamed some LDAP routines
These were renamed just ot make sure they are not mistook for IPA
netgroup functions. |
09b663e6dfd2ed09cead04f926d3e99e9ac01894 |
|
02-Nov-2011 |
Stephen Gallagher <sgallagh@redhat.com> |
LDAP: Add parser for multiple search bases |
82962098e3848ed039a57522d74fc500bc6df8ad |
|
02-Nov-2011 |
Stephen Gallagher <sgallagh@redhat.com> |
Make sdap_get_id_specific_filter() more strict |
31442edcf62c284d5d983bda48e51ae55b70ebdf |
|
08-Jul-2011 |
Stephen Gallagher <sgallagh@redhat.com> |
Add helper function msgs2attrs_array
This function converts a list of ldb_messages into a list of
sysdb_attrs. |
361b29ff4cc0eac948074cb0f54fdc7bd556a1b6 |
|
19-Apr-2011 |
Jakub Hrozek <jhrozek@redhat.com> |
Add user and group search LDAP filter options
https://fedorahosted.org/sssd/ticket/647 |
cc2b267e14db7073e7247b52cc9d82dfdf280076 |
|
16-Feb-2011 |
Stephen Gallagher <sgallagh@redhat.com> |
Do not attempt to use START_TLS on SSL connections
Not all LDAP servers are capable of handling dual-encryption with
both TLS and SSL.
https://fedorahosted.org/sssd/ticket/795 |
c6257286e9a31dfd42d28c99a22a69e2c4717a61 |
|
21-Jan-2011 |
Stephen Gallagher <sgallagh@redhat.com> |
Delete attributes that are removed from LDAP
Sometimes, a value in LDAP will cease to exist (the classic
example being shadowExpire). We need to make sure we purge that
value from SSSD's sysdb as well.
https://fedorahosted.org/sssd/ticket/750 |
03f88547ec3f42980f4f71af7d017cd7b8b8070a |
|
21-Dec-2010 |
Sumit Bose <sbose@redhat.com> |
Remove unused member of a struct |
85abff7f43e8006de2c2fa35612884d377b9a036 |
|
07-Dec-2010 |
Simo Sorce <ssorce@redhat.com> |
ldap: Use USN entries if available.
Otherwise fallback to the default modifyTimestamp indicator |
19a6d8f94b99684ab1a2f6d9b580ad0040dd31fe |
|
07-Dec-2010 |
Simo Sorce <ssorce@redhat.com> |
ldap: remove variable that was never assigned nor used |
33b8fa8693df109fb33b6051bb29cb0cf5bc4d19 |
|
06-Dec-2010 |
Sumit Bose <sbose@redhat.com> |
Add ldap_chpass_uri config option |
39875788b552ed157e68156e64e95dda5dc6aa43 |
|
06-Dec-2010 |
Sumit Bose <sbose@redhat.com> |
Make string_to_shadowpw_days() public |
d8e3d9b5fb5f269ef7a0cf4b70f3ba4c8051429c |
|
01-Dec-2010 |
Sumit Bose <sbose@redhat.com> |
Add check_online method to LDAP ID provider |
619bd403265ce0880989ba6f8324b010949851bc |
|
13-Oct-2010 |
Sumit Bose <sbose@redhat.com> |
Implement netgroup support for LDAP provider |
93109c5f1d85c028ce5cf6e31e2249ca90a7f746 |
|
13-Oct-2010 |
Jakub Hrozek <jhrozek@redhat.com> |
Initialize kerberos service for GSSAPI |
71af2725e8f96b403af3f4aa140c413f751380c0 |
|
15-Sep-2010 |
Sumit Bose <sbose@redhat.com> |
Store rootdse supported features in sdap_handler |
09c170c5b5cf0d62e7302ef284a1e35072ef1d95 |
|
09-Jul-2010 |
eindenbom <eindenbom@gmail.com> |
Remove remainder of now unused global LDAP connection handle. |
eef6302a20f9ddac77cf00f48ee68a5daacd6eb6 |
|
09-Jul-2010 |
eindenbom <eindenbom@gmail.com> |
Use new LDAP connection framework to get group account info from LDAP. |
bb6634510bbbb4a5499fb4aa8b4a3cba6f9f6bc8 |
|
09-Jul-2010 |
eindenbom <eindenbom@gmail.com> |
Use new LDAP connection framework to get user account info from LDAP. |
2d7a7b0140a4d3fcef9148900276e24f82e33866 |
|
09-Jul-2010 |
eindenbom <eindenbom@gmail.com> |
LDAP connection usage tracking, sharing and failover retry framework. |
35480afaefafb77b28d35b29039989ab888aafe9 |
|
27-May-2010 |
Stephen Gallagher <sgallagh@redhat.com> |
Add ldap_access_filter option
This option (applicable to access_provider=ldap) allows the admin
to set an additional LDAP search filter that must match in order
for a user to be granted access to the system.
Common examples for this would be limiting access to users by in a
particular group, for example:
ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com |
8bb6aa3fd81a3c195b92270ddf189296abae65eb |
|
27-May-2010 |
Sumit Bose <sbose@redhat.com> |
Add offline callback to disconnect global SDAP handle |
66da80489c0114878043b40592c5f47d41eb0ffd |
|
07-May-2010 |
Jakub Hrozek <jhrozek@redhat.com> |
Use service discovery in backends
Integrate the failover improvements with our back ends. The DNS domain
used in the SRV query is always the SSSD domain name.
Please note that this patch changes the default value of ldap_uri from
"ldap://localhost" to "NULL" in order to use service discovery with no
server set. |
1c48b5a62f73234ed26bb20f0ab345ab61cda0ab |
|
18-Feb-2010 |
Stephen Gallagher <sgallagh@redhat.com> |
Rename server/ directory to src/
Also update BUILD.txt |