providers: Move hostid from ipa to sdap, v2 In the ldap provider, all option names are renamed to ldap_host_*. In the ipa provider the names haven't been changed. Host lookups for both ipa and ldap are handled in the ldap provider. sss_ssh_knownhostsproxy works but hostgroups are still only available in the ipa provider. I've also added some documentation for the ldap provider. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

LDAP: Add support for rhost access control This patch implements verification of pam_rhost against rules stored in LDAP entry of a user. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>

ldap: Change ldap_user_certificate to userCertificate;binary IPA and AD providers default to userCertificate;binary for the ldap_user_certificate option. It will be good to default that value also for the generic LDAP provider. Resolves: https://pagure.io/SSSD/sssd/issue/3499 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

LDAP: new attribute option ldap_user_email Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

LDAP: Change the default rfc2307 autofs attribute mappings Resolves: https://fedorahosted.org/sssd/ticket/2858 The default attribute mappings we used to have: ldap_autofs_map_object_class automountMap ldap_autofs_map_name ou ldap_autofs_entry_object_class automount ldap_autofs_entry_key cn ldap_autofs_entry_value automountInformation Was wrong. Instead, this patch switches to: ldap_autofs_map_object_class nisMap ldap_autofs_map_name nisMapName ldap_autofs_entry_object_class nisObject ldap_autofs_entry_key cn ldap_autofs_entry_value nisMapEntry Which are attributes that are available with servers running the default rfc2307 schema. In addition, this patch adds a syslog and DEBUG message that warns administrators to double-check their configuration. We don't warn when the autofs provider is set to AD, because that one is already correct. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

Add a new option ldap_group_external_member Required for: https://fedorahosted.org/sssd/ticket/2522 Reviewed-by: Sumit Bose <sbose@redhat.com>

IDMAP: Add support for automatic adding of ranges Resolves: https://fedorahosted.org/sssd/ticket/2188 Reviewed-by: Sumit Bose <sbose@redhat.com>

LDAP: Mark globals in ldap_opts.h as extern To avoid collisions when we want to work with them elsewhere in the code. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>