History log of /sssd-io/src/providers/ldap/sdap.c
Revision Date Author Comments Expand
60a715a0dd79873d2d2607eab8fdfaf0ffd2e7d3 09-Feb-2018 Hristo Venev <hristo@venev.name>

providers: Move hostid from ipa to sdap, v2 In the ldap provider, all option names are renamed to ldap_host_*. In the ipa provider the names haven't been changed. Host lookups for both ipa and ldap are handled in the ldap provider. sss_ssh_knownhostsproxy works but hostgroups are still only available in the ipa provider. I've also added some documentation for the ldap provider. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
37fdd9dc1ad5968067f8e3c43a51ed2ac9f3b104 06-Dec-2017 Jakub Hrozek <jhrozek@redhat.com>

SDAP: Split out utility function sdap_get_object_domain() from sdap_object_in_domain() The DP request that returns a domain of an entry to responder will need this functionality in order to map the original DN of the entry found to a domain name. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
386c5f2e134beb6fcfc474f347e226ac0dedfef5 11-Jul-2017 Michal Židek <mzidek@redhat.com>

SDAP: Add sdap_domain_copy_search_bases Add function to copy search bases from one sdap_domain to another. Resolves: https://pagure.io/SSSD/sssd/issue/3435 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
454cf0c3808a9f6a0c9f79e9796e17c58907ee6c 22-Feb-2017 Sumit Bose <sbose@redhat.com>

check_duplicate: check name member before using it Resolves https://fedorahosted.org/sssd/ticket/3231 Reviewed-by: Petr Cech <pcech@redhat.com>
08bf6b4a281ef4308119dccbba4e86cf28b505d2 22-Feb-2017 Sumit Bose <sbose@redhat.com>

sdap_extend_map: make sure memory can be freed If there is an error after calling talloc_realloc() the caller cannot free the memory properly because neither src_map nor _map were pointing to a valid memory location. With this patch _map will always point to the current valid location so that it can always be used with talloc_free(). Reviewed-by: Petr Cech <pcech@redhat.com>
3ee411625aee19afda7477bb10b52c3da378b6fb 08-Feb-2017 Petr Čech <pcech@redhat.com>

SYSDB: Removing of sysdb_try_to_find_expected_dn() Currently in order to match multiple LDAP search results we use two different functions - we have sysdb_try_to_find_expected_dn() but also sdap_object_in_domain(). This patch removes sysdb_try_to_find_expected_dn() and add new sdap_search_initgr_user_in_batch() based on sdap_object_in_domain(). This function covers necessary logic. Resolves: https://fedorahosted.org/sssd/ticket/3230 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
c3593f06da54315c88a08a46cfc0def366acad43 08-Feb-2017 Petr Čech <pcech@redhat.com>

LDAP: Better logging message Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
133647422d6e276a597494002873b2afce1d12a7 19-Aug-2016 Michal Židek <mzidek@redhat.com>

sdap: Skip exact duplicates when extending maps When extending map with entry that already exists in the map in the exacty same form, then there is no need to fail. We should only fail if we try to change purpose of already used sysdb attribute. Resolves: https://fedorahosted.org/sssd/ticket/3120 Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
4bea9a8fe8c561b42b617494550d18564c293fd8 07-Jul-2016 Jakub Hrozek <jhrozek@redhat.com>

LDAP: save users with FQDN The username we receive from LDAP is short name. Convert it to a qualified name before saving the user. Reviewed-by: Sumit Bose <sbose@redhat.com>
e0243c7f3638c819051b7235097a0bb2d06374fb 07-Jul-2016 Jakub Hrozek <jhrozek@redhat.com>

SDAP: Search functions don't need to construct per-domain names The names are all internally qualified already, no need to distinguish between subdomain users and main domain users. Reviewed-by: Sumit Bose <sbose@redhat.com>
c02b8482375837b57cb618ed56d4bede0e006d9d 18-Jun-2016 Pavel Březina <pbrezina@redhat.com>

Remove braces from DEBUG statements Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
c6fb6dbdfc3084c870714a8782d2bf89d8aec209 07-Apr-2016 Jakub Hrozek <jhrozek@redhat.com>

AD: Recognize Windows Server 2016 Even though at this time the MSDN documentation at: https://msdn.microsoft.com/en-us/library/cc223272.aspx still claims that "7" is a value of DS_BEHAVIOR_WINTHRESHOLD, testing with Windows Server 2016 Preview already shows that server reporting a new value of Domain Controller Functionality. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
763f24777fe3c9be4efe495077e7bb1feb99a3bd 23-Feb-2016 Sumit Bose <sbose@redhat.com>

subdomains: inherit ldap_krb5_keytab If a non-default keytab is configured for the parent domain the subdomains will still use the default keytab because the alternative keytab is not inherited. As a consequence SSSD might not be able to connect to services in the subdomain because the default keytab is either not present or does not have suitable keys. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
42604cc8d11743febf5aa892cb3a7d3c32bfed48 23-Feb-2016 Lukas Slebodnik <lslebodn@redhat.com>

Fix typos reported by lintian Reviewed-by: Pavel Březina <pbrezina@redhat.com>
d0599eaa9369fd867953e3c58b8d7bb445525ff5 19-Jan-2016 Pavel Březina <pbrezina@redhat.com>

SDAP: Add request that iterates over all search bases We often need to iterate over many search bases but we always use mostly copy&paste iterator. This will reduce code duplication and simplify code flow. Reviewed-by: Sumit Bose <sbose@redhat.com>
fb83de0699b16e7d8eca803305e2112795807b4c 22-Sep-2015 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Filter out multiple entries when searching overlapping domains In case domain overlap, we might download multiple objects. To avoid saving them all, we attempt to filter out the objects from foreign domains. We can only do this optimization for non-wildcard lookups. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
cf66c53e46fad46f47489f43265c58004e0e39d4 22-Sep-2015 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Move sdap_create_search_base from ldap to sdap code The function shouldn't be placed in the LDAP tree, but in the SDAP tree to make it usable from tests without linking to libraries that are normally linked from LDAP provider (such as confdb) Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
4b1a46396caf656095e5f5e90d43996bdeaba0f3 31-Jul-2015 Pavel Reichl <preichl@redhat.com>

SDAP: rename SDAP_CACHE_PURGE_TIMEOUT Enum member SDAP_CACHE_PURGE_TIMEOUT has counter-intuitive name as it's used to access 'ldap_purge_cache_timeout' option. SDAP_CACHE_PURGE_TIMEOUT is more fitting name. Reviewed-by: Petr Cech <pcech@redhat.com>
9b162bf39ef75629f54ffa1d0bd5f9c13119b650 05-Jun-2015 Jakub Hrozek <jhrozek@redhat.com>

subdomains: Inherit cleanup period and tokengroup settings from parent domain Allows the administrator to extend the functionality of ldap_purge_cache_timeout, ldap_user_principal and ldap_use_tokengroups to the subdomains. This is a less intrusive way of achieving: https://fedorahosted.org/sssd/ticket/2627 Reviewed-by: Pavel Reichl <preichl@redhat.com>
12089241f6a6eabf4f0c95669e5fc2bb3b503c06 05-Jun-2015 Jakub Hrozek <jhrozek@redhat.com>

SDAP: Add sdap_copy_map_entry Reviewed-by: Pavel Reichl <preichl@redhat.com>
87f8bee53ee1b4ca87b602ff8536bc5fd5b5b595 17-Mar-2015 Lukas Slebodnik <lslebodn@redhat.com>

Add missing new lines to debug messages Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

/sssd-io/src/confdb/confdb_setup.c /sssd-io/src/db/sysdb_autofs.c /sssd-io/src/db/sysdb_sudo.c /sssd-io/src/db/sysdb_views.c /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor_netlink.c /sssd-io/src/providers/ad/ad_common.c /sssd-io/src/providers/ad/ad_init.c /sssd-io/src/providers/ad/ad_subdomains.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/dp_dyndns.c /sssd-io/src/providers/dp_ptask.c /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_hbac_rules.c /sssd-io/src/providers/ipa/ipa_hostid.c /sssd-io/src/providers/ipa/ipa_selinux.c /sssd-io/src/providers/ipa/ipa_subdomains.c /sssd-io/src/providers/krb5/krb5_child.c /sssd-io/src/providers/krb5/krb5_wait_queue.c ldap_id.c sdap.c sdap_async.c sdap_async_connection.c sdap_async_initgroups.c sdap_utils.c /sssd-io/src/responder/autofs/autofssrv_cmd.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_netgroup.c /sssd-io/src/responder/pac/pacsrv_cmd.c /sssd-io/src/responder/pac/pacsrv_utils.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/sudo/sudosrv_get_sudorules.c /sssd-io/src/responder/sudo/sudosrv_query.c /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/tests/krb5_child-test.c /sssd-io/src/tools/files.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/util/debug.c /sssd-io/src/util/domain_info_utils.c /sssd-io/src/util/find_uid.c /sssd-io/src/util/server.c /sssd-io/src/util/sss_ini.c /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_semanage.c /sssd-io/src/util/usertools.c
4d7fe714fe74ad242497b2bdbeb7b4e0bf40141f 11-Feb-2015 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Rename the _res output parameter to avoid clashing with libresolv in tests Reviewed-by: Pavel Březina <pbrezina@redhat.com>
d66d15bf97bfaf4b851e96717caeeef8581d5777 09-Oct-2014 Lukas Slebodnik <lslebodn@redhat.com>

SDAP: Suppress warning maybe-uninitialized There is a warning with some version of gcc (4.9.1, 4.4.7). In my opinion, variable "a" should be initialized every time if "maps" is not NULL. src/providers/ldap/sdap.c: In function 'sdap_parse_entry': src/providers/ldap/sdap.c:481:56: warning: 'a' may be used uninitialized in this function [-Wmaybe-uninitialized] for (ai = a; ai < attrs_num; ai++) { ^ src/providers/ldap/sdap.c:307:9: note: 'a' was declared here int a, i, ret, ai; ^ CCLD libsss_ldap_common.la Reviewed-by: Simo Sorce <simo@redhat.com>
7ba70236daccb48432350147d0560b3302518cee 15-Sep-2014 Michal Zidek <mzidek@redhat.com>

Use the alternative objectclass in group maps. Use the alternative group objectclass in queries. Fixes: https://fedorahosted.org/sssd/ticket/2436 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
2284e50c801a53541016eb9a5af00d1250d36afb 08-Sep-2014 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Skip dereferenced entries that we are not permitted to read https://fedorahosted.org/sssd/ticket/2421 In case we dereference an entry, for which we have /some/ permissions for reading, but we only request attributes that we can't access, the dereference control only returns the DN. This is also the case with the current version of 389DS for cases where no entries at all are readable. In this case, the server should not return the DN at all, though. This DS bug was tracked as https://fedorahosted.org/389/ticket/47885 Reviewed-by: Michal Židek <mzidek@redhat.com>
0fafb51756913e78dbf523a69fc3a4ef2bac54ec 01-Sep-2014 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Fall back to functional level of Windows Server 2003 The newest functional level we branch for is currently DS_BEHAVIOR_WIN2003. Therefore (and also because extended support for Windows server 2003 ends in 2015) we can safely set the functional level to 2003 if the attribute is present but not a known value. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
9ea0969f6a9e52b7c57feb5808266b0739ee40a4 01-Sep-2014 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Add Windows Server 2012 R2 functional level https://fedorahosted.org/sssd/ticket/2418 According to http://msdn.microsoft.com/en-us/library/cc223272.aspx a Windows Server 2012 R2 has a functional level set to '6'. We need to support that value in order for tokenGroups to be functional. For more information on the functional levels, please refer to: http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels%28v=ws.10%29.aspx Reviewed-by: Pavel Březina <pbrezina@redhat.com>
5ab0dedd52d248b2cf2eb028338919bc0046e2a9 08-Jul-2014 Jakub Hrozek <jhrozek@redhat.com>

SDAP: Free bervals on failure in sdap_parse_entry Reviewed-by: Michal Židek <mzidek@redhat.com>
88eac3adf8424b65195e725ff724c79d38500e1d 08-Jul-2014 Jakub Hrozek <jhrozek@redhat.com>

SDAP: Remove unused function sdap_get_msg_dn This function was not used since 2009. Unused and untested function would just rot, better to remove it completely. Reviewed-by: Michal Židek <mzidek@redhat.com>
34de8a00f5b480ef3f46d2516e072e4acf1ebf87 08-Jul-2014 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Remove unused output parameter _dn from sdap_parse_entry No caller directly accessed this parameter. Moreover, it seemed useless since the same data is available as SYSDB_ORIGINAL_DN in the attributes. Reviewed-by: Michal Židek <mzidek@redhat.com>
004b3589f85808bcfcb0019aa92e47d3ce4017c9 08-Jul-2014 Jakub Hrozek <jhrozek@redhat.com>

SDAP: Fix DEBUG message priorities in sdap_parse_entry While I was changing the sdap_parse_entry function, I also realized that some of the DEBUG messages were converted to the #defines, but their level was still not accurate. This patch fixes the DEBUG levels and indentation around them. Reviewed-by: Michal Židek <mzidek@redhat.com>
eed2073f6f7bed7df0327b9fc0f2d410975d5332 08-Jul-2014 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Try all attributes when saving an entry The same LDAP attribute might be used several times for the same user or group attribute. For instance, some servers have a global "ID" number that should be used for both UID and GID. However, our sdap_parse_entry() function only copied the LDAP attribute to the first matching sysdb attribute. This patch adds a second nested loop that checks if any of the other LDAP attributes are eligible. Reviewed-by: Michal Židek <mzidek@redhat.com>
d2969c6b23c722445bd699c830adb7601ba1cdc6 02-May-2014 Sumit Bose <sbose@redhat.com>

Make LDAP extra attributes available to IPA and AD https://fedorahosted.org/sssd/ticket/2073 Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
4dd38025efda88f123eac672f87d3cda12f050c8 02-May-2014 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Make it possible to extend an attribute map https://fedorahosted.org/sssd/ticket/2073 This commit adds a new option ldap_user_extra_attrs that is unset by default. When set, the option contains a list of LDAP attributes the LDAP provider would download and store in addition to the usual set. The list can either contain LDAP attribute names only, or colon-separated tuples of LDAP attribute and SSSD cache attribute name. In case only LDAP attribute name is specified, the attribute is saved to the cache verbatim. Using a custom SSSD attribute name might be required by environments that configure several SSSD domains with different LDAP schemas. Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
fcb8e3f1f49bb34c409d8dbd75889eb72be05517 02-May-2014 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Fix off-by-one bug in sdap_copy_opts The sdap_copy_opts function copied all the arguments except for the sentinel. Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
83bf46f4066e3d5e838a32357c201de9bd6ecdfd 12-Feb-2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>

Update DEBUG* invocations to use new levels Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

/sssd-io/src/confdb/confdb.c /sssd-io/src/confdb/confdb_setup.c /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_ranges.c /sssd-io/src/db/sysdb_search.c /sssd-io/src/db/sysdb_upgrade.c /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor_netlink.c /sssd-io/src/monitor/monitor_sbus.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_callbacks.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/data_provider_opts.c /sssd-io/src/providers/dp_auth_util.c /sssd-io/src/providers/dp_pam_data_util.c /sssd-io/src/providers/fail_over.c /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_auth.c /sssd-io/src/providers/ipa/ipa_common.c /sssd-io/src/providers/ipa/ipa_hbac_common.c /sssd-io/src/providers/ipa/ipa_hbac_hosts.c /sssd-io/src/providers/ipa/ipa_hbac_rules.c /sssd-io/src/providers/ipa/ipa_hbac_services.c /sssd-io/src/providers/ipa/ipa_hbac_users.c /sssd-io/src/providers/ipa/ipa_id.c /sssd-io/src/providers/ipa/ipa_init.c /sssd-io/src/providers/ipa/ipa_netgroups.c /sssd-io/src/providers/krb5/krb5_access.c /sssd-io/src/providers/krb5/krb5_auth.c /sssd-io/src/providers/krb5/krb5_child.c /sssd-io/src/providers/krb5/krb5_child_handler.c /sssd-io/src/providers/krb5/krb5_common.c /sssd-io/src/providers/krb5/krb5_delayed_online_authentication.c /sssd-io/src/providers/krb5/krb5_init.c /sssd-io/src/providers/krb5/krb5_init_shared.c /sssd-io/src/providers/krb5/krb5_renew_tgt.c /sssd-io/src/providers/krb5/krb5_utils.c /sssd-io/src/providers/krb5/krb5_wait_queue.c ldap_auth.c ldap_child.c ldap_common.c ldap_id.c ldap_id_cleanup.c ldap_id_netgroup.c ldap_init.c sdap.c sdap_access.c sdap_async.c sdap_async_connection.c sdap_async_enum.c sdap_async_groups.c sdap_async_initgroups.c sdap_async_initgroups_ad.c sdap_async_netgroups.c sdap_async_users.c sdap_child_helpers.c sdap_fd_events.c sdap_id_op.c /sssd-io/src/providers/proxy/proxy_auth.c /sssd-io/src/providers/proxy/proxy_child.c /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/proxy/proxy_init.c /sssd-io/src/providers/proxy/proxy_netgroup.c /sssd-io/src/resolv/async_resolv.c /sssd-io/src/responder/common/negcache.c /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_netgroup.c /sssd-io/src/responder/nss/nsssrv_private.h /sssd-io/src/responder/nss/nsssrv_services.c /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tests/sysdb_ssh-tests.c /sssd-io/src/tools/selinux.c /sssd-io/src/tools/sss_cache.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/check_and_open.c /sssd-io/src/util/child_common.c /sssd-io/src/util/crypto/nss/nss_obfuscate.c /sssd-io/src/util/crypto/nss/nss_util.c /sssd-io/src/util/debug.c /sssd-io/src/util/find_uid.c /sssd-io/src/util/nscd.c /sssd-io/src/util/signal.c /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c
a3c8390d19593b1e5277d95bfb4ab206d4785150 12-Feb-2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

/sssd-io/src/confdb/confdb.c /sssd-io/src/confdb/confdb_setup.c /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb_autofs.c /sssd-io/src/db/sysdb_idmap.c /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_ranges.c /sssd-io/src/db/sysdb_search.c /sssd-io/src/db/sysdb_selinux.c /sssd-io/src/db/sysdb_services.c /sssd-io/src/db/sysdb_ssh.c /sssd-io/src/db/sysdb_subdomains.c /sssd-io/src/db/sysdb_sudo.c /sssd-io/src/db/sysdb_upgrade.c /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor_netlink.c /sssd-io/src/monitor/monitor_sbus.c /sssd-io/src/providers/ad/ad_access.c /sssd-io/src/providers/ad/ad_common.c /sssd-io/src/providers/ad/ad_domain_info.c /sssd-io/src/providers/ad/ad_dyndns.c /sssd-io/src/providers/ad/ad_id.c /sssd-io/src/providers/ad/ad_init.c /sssd-io/src/providers/ad/ad_srv.c /sssd-io/src/providers/ad/ad_subdomains.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_callbacks.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/data_provider_opts.c /sssd-io/src/providers/dp_auth_util.c /sssd-io/src/providers/dp_dyndns.c /sssd-io/src/providers/dp_pam_data_util.c /sssd-io/src/providers/dp_ptask.c /sssd-io/src/providers/dp_refresh.c /sssd-io/src/providers/fail_over.c /sssd-io/src/providers/fail_over_srv.c /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_auth.c /sssd-io/src/providers/ipa/ipa_autofs.c /sssd-io/src/providers/ipa/ipa_common.c /sssd-io/src/providers/ipa/ipa_config.c /sssd-io/src/providers/ipa/ipa_dyndns.c /sssd-io/src/providers/ipa/ipa_hbac_common.c /sssd-io/src/providers/ipa/ipa_hbac_hosts.c /sssd-io/src/providers/ipa/ipa_hbac_rules.c /sssd-io/src/providers/ipa/ipa_hbac_services.c /sssd-io/src/providers/ipa/ipa_hbac_users.c /sssd-io/src/providers/ipa/ipa_hostid.c /sssd-io/src/providers/ipa/ipa_hosts.c /sssd-io/src/providers/ipa/ipa_id.c /sssd-io/src/providers/ipa/ipa_idmap.c /sssd-io/src/providers/ipa/ipa_init.c /sssd-io/src/providers/ipa/ipa_netgroups.c /sssd-io/src/providers/ipa/ipa_s2n_exop.c /sssd-io/src/providers/ipa/ipa_selinux.c /sssd-io/src/providers/ipa/ipa_selinux_maps.c /sssd-io/src/providers/ipa/ipa_srv.c /sssd-io/src/providers/ipa/ipa_subdomains.c /sssd-io/src/providers/ipa/ipa_subdomains_ext_groups.c /sssd-io/src/providers/ipa/ipa_subdomains_id.c /sssd-io/src/providers/ipa/ipa_sudo.c /sssd-io/src/providers/krb5/krb5_access.c /sssd-io/src/providers/krb5/krb5_auth.c /sssd-io/src/providers/krb5/krb5_become_user.c /sssd-io/src/providers/krb5/krb5_child.c /sssd-io/src/providers/krb5/krb5_child_handler.c /sssd-io/src/providers/krb5/krb5_common.c /sssd-io/src/providers/krb5/krb5_delayed_online_authentication.c /sssd-io/src/providers/krb5/krb5_init.c /sssd-io/src/providers/krb5/krb5_init_shared.c /sssd-io/src/providers/krb5/krb5_renew_tgt.c /sssd-io/src/providers/krb5/krb5_utils.c /sssd-io/src/providers/krb5/krb5_wait_queue.c ldap_access.c ldap_auth.c ldap_child.c ldap_common.c ldap_id.c ldap_id_cleanup.c ldap_id_enum.c ldap_id_netgroup.c ldap_id_services.c ldap_init.c sdap.c sdap_access.c sdap_async.c sdap_async_autofs.c sdap_async_connection.c sdap_async_enum.c sdap_async_groups.c sdap_async_groups_ad.c sdap_async_initgroups.c sdap_async_initgroups_ad.c sdap_async_nested_groups.c sdap_async_netgroups.c sdap_async_services.c sdap_async_sudo.c sdap_async_sudo_hostinfo.c sdap_async_sudo_timer.c sdap_async_users.c sdap_autofs.c sdap_child_helpers.c sdap_dyndns.c sdap_fd_events.c sdap_id_op.c sdap_idmap.c sdap_range.c sdap_refresh.c sdap_reinit.c sdap_sudo.c sdap_sudo_cache.c /sssd-io/src/providers/proxy/proxy_auth.c /sssd-io/src/providers/proxy/proxy_child.c /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/proxy/proxy_init.c /sssd-io/src/providers/proxy/proxy_netgroup.c /sssd-io/src/providers/proxy/proxy_services.c /sssd-io/src/providers/simple/simple_access.c /sssd-io/src/providers/simple/simple_access_check.c /sssd-io/src/resolv/async_resolv.c /sssd-io/src/resolv/async_resolv_utils.c /sssd-io/src/responder/autofs/autofssrv.c /sssd-io/src/responder/autofs/autofssrv_cmd.c /sssd-io/src/responder/autofs/autofssrv_dp.c /sssd-io/src/responder/common/negcache.c /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/common/responder_get_domains.c /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_mmap_cache.c /sssd-io/src/responder/nss/nsssrv_netgroup.c /sssd-io/src/responder/nss/nsssrv_private.h /sssd-io/src/responder/nss/nsssrv_services.c /sssd-io/src/responder/pac/pacsrv.c /sssd-io/src/responder/pac/pacsrv_cmd.c /sssd-io/src/responder/pac/pacsrv_utils.c /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pam_helpers.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/responder/ssh/sshsrv.c /sssd-io/src/responder/ssh/sshsrv_cmd.c /sssd-io/src/responder/ssh/sshsrv_dp.c /sssd-io/src/responder/sudo/sudosrv.c /sssd-io/src/responder/sudo/sudosrv_cmd.c /sssd-io/src/responder/sudo/sudosrv_dp.c /sssd-io/src/responder/sudo/sudosrv_get_sudorules.c /sssd-io/src/responder/sudo/sudosrv_query.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/sss_client/ssh/sss_ssh_authorizedkeys.c /sssd-io/src/sss_client/ssh/sss_ssh_knownhostsproxy.c /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/cmocka/test_dyndns.c /sssd-io/src/tests/cmocka/test_fqnames.c /sssd-io/src/tests/cmocka/test_nss_srv.c /sssd-io/src/tests/cmocka/test_utils.c /sssd-io/src/tests/common_dom.c /sssd-io/src/tests/common_tev.c /sssd-io/src/tests/debug-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/krb5_child-test.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/simple_access-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tests/sysdb_ssh-tests.c /sssd-io/src/tools/files.c /sssd-io/src/tools/selinux.c /sssd-io/src/tools/sss_cache.c /sssd-io/src/tools/sss_debuglevel.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_seed.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_mc_util.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/authtok.c /sssd-io/src/util/backup_file.c /sssd-io/src/util/check_and_open.c /sssd-io/src/util/child_common.c /sssd-io/src/util/crypto/libcrypto/crypto_base64.c /sssd-io/src/util/crypto/libcrypto/crypto_obfuscate.c /sssd-io/src/util/crypto/nss/nss_obfuscate.c /sssd-io/src/util/crypto/nss/nss_util.c /sssd-io/src/util/debug.c /sssd-io/src/util/domain_info_utils.c /sssd-io/src/util/find_uid.c /sssd-io/src/util/nscd.c /sssd-io/src/util/server.c /sssd-io/src/util/signal.c /sssd-io/src/util/sss_ini.c /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_krb5.h /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/sss_nss.c /sssd-io/src/util/sss_selinux.c /sssd-io/src/util/sss_ssh.c /sssd-io/src/util/sss_tc_utf8.c /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c /sssd-io/src/util/util.h /sssd-io/src/util/util_lock.c /sssd-io/src/util/well_known_sids.c
850f7b6ce4a0f3faa168d6ded2467585065436e6 08-Jan-2014 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Fix typo and use the right attribute map https://fedorahosted.org/sssd/ticket/2191 There was a copy-n-paste bug in the code that resulted in using a wrong attribute map. This could lead to the primary name not being selected correctly.
a8e7d395b4aab4e7a236aebf162a844ae51cc7db 20-Sep-2013 Lukas Slebodnik <lslebodn@redhat.com>

LDAP: Use primary cn to search netgroup Resolves: https://fedorahosted.org/sssd/ticket/2075
bfd59d1a2d0d45125e5164ef12c425690d519f61 24-Jul-2013 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Use domain-specific name where appropriate The subdomain users user FQDN in their name attribute. However, handling of whether to use FQDN in the LDAP code was not really good. This patch introduces a utility function and converts code that was relying on user/group names matching to this utility function. This is a temporary fix until we can refactor the sysdb API in #2011.
7ed4988618decf0a8efa0dedd722a84d748bf868 28-Jun-2013 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Add utility function sdap_copy_map The AD subdomains will only use default options values. This patch introduces a new utility function sdap_copy_map() that copies the default options map. Subtask of: https://fedorahosted.org/sssd/ticket/1962
749cfb5d3270b5daf389d51a0dbd3fd2aec6e05d 07-Jun-2013 Jakub Hrozek <jhrozek@redhat.com>

LDAP: new SDAP domain structure Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain.
6263578b03a52b3ec3a2e33e097554241780fc20 23-May-2013 Lukas Slebodnik <lslebodn@redhat.com>

Adding option to disable retrieving large AD groups. This commit adds new option ldap_disable_range_retrieval with default value FALSE. If this option is enabled, large groups(>1500) will not be retrieved and behaviour will be similar like was before commit ae8d047122c "LDAP: Handle very large Active Directory groups" https://fedorahosted.org/sssd/ticket/1823
b0ab39364df453d4ec65d7d6e05a6530895ce3a6 23-May-2013 Lukas Slebodnik <lslebodn@redhat.com>

Removing unused functions. This patch remove unused functions sdap_parse_user and sdap_parse_group
0d85acdc04789bd3189d0d890675d3e66bce2db8 09-Apr-2013 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Always fail if a map can't be found
956309e24c32cd0886736bf065a27d5bdd200a77 26-Feb-2013 Jan Engelhardt <jengelh@inai.de>

sysdb: try dealing with binary-content attributes https://fedorahosted.org/sssd/ticket/1818 I have here a LDAP user entry which has this attribute loginAllowedTimeMap:: AAAAAAAAAP///38AAP///38AAP///38AAP///38AAP///38AAAAAAAAA In the function sysdb_attrs_add_string(), called from sdap_attrs_add_ldap_attr(), strlen() is called on this blob, which is the wrong thing to do. The result of strlen is then used to populate the .v_length member of a struct ldb_val - and this will set it to zero in this case. (There is also the problem that there may not be a '\0' at all in the blob.) Subsequently, .v_length being 0 makes ldb_modify(), called from sysdb_set_entry_attr(), return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX. End result is that users do not get stored in the sysdb, and programs like `id` or `getent ...` show incomplete information. The bug was encountered with sssd-1.8.5. sssd-1.5.11 seemed to behave fine, but that may not mean that is the absolute lower boundary of introduction of the problem.
f9f74a587c8e96dcf90214c760022684afc8bef7 09-Jan-2013 Jakub Hrozek <jhrozek@redhat.com>

AD: replace GID/UID, do not add another one The code would call sysdb_attrs_add_uint32 which added another UID or GID to the ID=0 we already downloaded from LDAP (0 is the default value) when ID-mapping an entry. This led to funky behaviour later on when we wanted to process the ID.
f2c39d4869da56268726f6e8fc224de8cecb7336 15-Oct-2012 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Check validity of naming_context https://fedorahosted.org/sssd/ticket/1581 If the namingContext attribute had no values or multiple values, then our code would dereference a NULL pointer.
3f5953b0cd6ad826141c62dd239efc675b351689 26-Sep-2012 Stephen Gallagher <sgallagh@redhat.com>

LDAP: Handle empty namingContexts values safely Certain LDAP servers can return an empty string as the value of namingContexts. We need to treat these as NULL so that we can fail gracefully. https://fedorahosted.org/sssd/ticket/1542
e6ba224432bfcd64802222a3544bc38c179727cd 24-Sep-2012 Stephen Gallagher <sgallagh@redhat.com>

AD: Detect domain controller compatibility version
bb918975adc4dc26d22578f174027c0d7a1e3ed9 20-Sep-2012 Michal Zidek <mzidek@redhat.com>

SSSD fails to store users if any of the requested attribute is empty. https://fedorahosted.org/sssd/ticket/1440
78e77f2d1ee0017e1e1c0bf5efe0e94a70930980 30-Jun-2012 Simo Sorce <simo@redhat.com>

Fix segfault when sudo is not configured. Sudo support is optional, when it is not configured sudorules_map is not initialized and dereferencing it will cause a segmentation fault.
c8704f06db6dbbe39f50dfb35f20cdf27cf1f087 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

ldap provider: add sudo usn value
2c62da337e31217d03f5bf0f768b574d166bb2fe 13-Jun-2012 Stephen Gallagher <sgallagh@redhat.com>

LDAP: Auto-detect support for the ldap match rule This patch extends the RootDSE lookup so that we will perform a second request to test whether the match rule syntax can be used. If both groups and initgroups are disabled in the configuration, this lookup request can be skipped.
64ddff90c7fcc02ccb06824ac93af7d5f361a88f 31-May-2012 Jan Zeleny <jzeleny@redhat.com>

Add support for filtering atributes This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
6270c10037cd0b5ea59567aaf423dcb1205e5683 14-May-2012 Jan Zeleny <jzeleny@redhat.com>

Fixed two minor memory leaks
ae8d047122c7ba8123f72b2eac68944868ac37d4 10-May-2012 Stephen Gallagher <sgallagh@redhat.com>

LDAP: Handle very large Active Directory groups Active Directory 2008R2 allows only 1500 group members to be retrieved in a single lookup. However, when we hit such a situation, we can take advantage of the ASQ lookups, which are not similarly limited. With this patch, we will add any members found by ASQ that were not found by the initial lookup so we will end with a complete group listing. https://fedorahosted.org/sssd/ticket/783
ca4b7b92738f3dd463914e3de5757cd98d37a983 10-May-2012 Stephen Gallagher <sgallagh@redhat.com>

LDAP: Add attr_count return value to build_attrs_from_map() This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL.
bd09ead65cded3207cf228c44a31bbc87c2979bd 18-Apr-2012 Jakub Hrozek <jhrozek@redhat.com>

Prevent printing NULL from DEBUG messages
bbee21a2b99ebd1eca24d0a3d48c998747d68fdc 13-Feb-2012 Stephen Gallagher <sgallagh@redhat.com>

Add missing breaks to switch statements Coverity #12525 and #12524
af5a58fc3811af8521721f731d8234d983042cea 07-Feb-2012 Jan Cholasta <jcholast@redhat.com>

LDAP: Add support for SSH user public keys
cc84fd46f356c4a36a721ab135a33ec77c93e34d 06-Feb-2012 Jakub Hrozek <jhrozek@redhat.com>

AUTOFS: LDAP provider
169fa5bd3edd34aa0db35681832bd7406e423c1b 04-Feb-2012 Stephen Gallagher <sgallagh@redhat.com>

LDAP: Do not fail if RootDSE check cannot determine search bases https://fedorahosted.org/sssd/ticket/1152
e2925c2d7d10cbb51098402233784044168f1a77 31-Jan-2012 Stephen Gallagher <sgallagh@redhat.com>

LDAP: Add enumeration support for services
796463906a54e259bd5b582ce84af4297a58eafc 31-Jan-2012 Stephen Gallagher <sgallagh@redhat.com>

LDAP: Add support for service lookups (non-enum)
355fe74d2eaab2e021d75437a6b997fd24b9c4e5 23-Jan-2012 Stephen Gallagher <sgallagh@redhat.com>

LDAP: Improve debugging for sdap_parse_deref Move the debug statement identifying the DN to an earlier line, so if we get a reply with no attributes, we know which entry is at fault.
10b6b1fc57bb7c2edb4cfd0a0038303bd33722bc 16-Dec-2011 Pavel Březina <pbrezina@redhat.com>

SUDO Integration - LDAP configuration options
9f761434e5fbc5c033a85fb69d6e360e3ba4db58 23-Nov-2011 Jan Zeleny <jzeleny@redhat.com>

Modified sdap_parse_search_base()
ac3a1f3da772cf101101c31675c63dc3549b21b5 22-Nov-2011 Jakub Hrozek <jhrozek@redhat.com>

Cleanup: Remove unused parameters

/sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_dyndns.c /sssd-io/src/providers/ipa/ipa_dyndns.h /sssd-io/src/providers/ipa/ipa_hbac_common.c /sssd-io/src/providers/ipa/ipa_hbac_hosts.c /sssd-io/src/providers/ipa/ipa_hbac_private.h /sssd-io/src/providers/ipa/ipa_hbac_rules.c /sssd-io/src/providers/ipa/ipa_hbac_services.c /sssd-io/src/providers/ipa/ipa_hbac_users.c /sssd-io/src/providers/ipa/ipa_init.c /sssd-io/src/providers/krb5/krb5_auth.c ldap_auth.c ldap_id_cleanup.c sdap.c sdap.h sdap_access.c sdap_async.c sdap_async_connection.c sdap_async_groups.c sdap_async_initgroups.c sdap_async_netgroups.c /sssd-io/src/providers/proxy/proxy.h /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/proxy/proxy_netgroup.c /sssd-io/src/python/pysss.c /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/sss_client/pam_sss.c /sssd-io/src/tools/nscd.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_sync_ops.h /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/crypto/nss/nss_obfuscate.c
09b663e6dfd2ed09cead04f926d3e99e9ac01894 02-Nov-2011 Stephen Gallagher <sgallagh@redhat.com>

LDAP: Add parser for multiple search bases
54423ae32fa26aa7790a67ff0f9a93b96677e590 06-Sep-2011 Pavel Březina <pbrezina@redhat.com>

sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string() https://fedorahosted.org/sssd/ticket/986
258d4b400f72e89f4428302d82c886f9c4c45c3e 20-May-2011 Jakub Hrozek <jhrozek@redhat.com>

OpenLDAP dereference searches This dereference method is supported at least by OpenLDAP and 389DS/RHDS For more details, see: http://tools.ietf.org/html/draft-masarati-ldap-deref-00
ebbc0bb29d240f3d3f916d836e54d1a76ecfa5d1 20-May-2011 Jakub Hrozek <jhrozek@redhat.com>

Remove append_attrs_to_array This function was not used anywhere
44c90f21cfd661ef07e74002ae01481a69c22d98 19-Apr-2011 Stephen Gallagher <sgallagh@redhat.com>

Add value of the last USN to server configuration Related: https://fedorahosted.org/sssd/ticket/734
280ed6f992a3a3e661e618c77b64aff35a356c7e 11-Apr-2011 Sumit Bose <sbose@redhat.com>

Initialise srv_opts even if rootDSE is missing
f538f60af6eb89ffada04d42a6645680543c8722 31-Jan-2011 Sumit Bose <sbose@redhat.com>

Remove LDAP_DEPRECATED
aa89df2040593f9120196ec440d2dc6d9f860d55 27-Jan-2011 Sumit Bose <sbose@redhat.com>

Do not fail if attributes are empty Currently we fail if attributes are empty. But there are some use cases where requested attributes are empty. E.g Active Directory uses an empty member attribute to indicate that a subset of the members are in a range sub-attribute.
3c13b616108d4c0a413380ba72189947898eee57 20-Jan-2011 Tyson Whitehead <twhitehead@gmail.com>

Add ldap_tls_{cert,key,cipher_suite} config options Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
6c1ec705cd9ebb49bf49778e0396e32fdf38f315 14-Dec-2010 Sumit Bose <sbose@redhat.com>

Fix unchecked return value in sdap_parse_entry() https://fedorahosted.org/sssd/ticket/712
4cac4c6ebe76b3e1a40e437f9594553fdb870b81 14-Dec-2010 Sumit Bose <sbose@redhat.com>

Fix unchecked return value in sdap_get_msg_dn() https://fedorahosted.org/sssd/ticket/712
85abff7f43e8006de2c2fa35612884d377b9a036 07-Dec-2010 Simo Sorce <ssorce@redhat.com>

ldap: Use USN entries if available. Otherwise fallback to the default modifyTimestamp indicator
1d9eec9e868fbc2d996f1030a43675be9a840133 07-Dec-2010 Simo Sorce <ssorce@redhat.com>

ldap: add checks to determine if USN features are available.
4230a43c97e13c83ce4e230d45c4f0f11b37fe4e 15-Nov-2010 Stephen Gallagher <sgallagh@redhat.com>

Fix const cast warning in build_attrs_from_map
be434625437ff3dd4cce83a655226c67943e5ceb 15-Nov-2010 Stephen Gallagher <sgallagh@redhat.com>

Sanitize ldap attributes in the config file https://fedorahosted.org/sssd/ticket/458
d64940d823b7d860ef65e000f084fd3f62b51d81 05-Nov-2010 Sumit Bose <sbose@redhat.com>

Review comments for namingContexts patches
e481c0f0f16bcb787debf05584a0550a7052dda4 04-Nov-2010 Sumit Bose <sbose@redhat.com>

Use (default)namingContext to set empty search bases
6c188d847dfcd2778d134d5a0f80ecbce53e7b57 15-Sep-2010 Simo Sorce <ssorce@redhat.com>

Check if control is supported before using it.
71af2725e8f96b403af3f4aa140c413f751380c0 15-Sep-2010 Sumit Bose <sbose@redhat.com>

Store rootdse supported features in sdap_handler
1c48b5a62f73234ed26bb20f0ab345ab61cda0ab 18-Feb-2010 Stephen Gallagher <sgallagh@redhat.com>

Rename server/ directory to src/ Also update BUILD.txt

/sssd-io/BUILD.txt /sssd-io/Makefile.am /sssd-io/configure.ac /sssd-io/contrib/sssd.spec.in /sssd-io/src/Makefile.am /sssd-io/src/build_macros.m4 /sssd-io/src/conf_macros.m4 /sssd-io/src/confdb/confdb.c /sssd-io/src/confdb/confdb.h /sssd-io/src/confdb/confdb_private.h /sssd-io/src/confdb/confdb_setup.c /sssd-io/src/confdb/confdb_setup.h /sssd-io/src/config/SSSDConfig.py /sssd-io/src/config/SSSDConfigTest.py /sssd-io/src/config/etc/sssd.api.conf /sssd-io/src/config/etc/sssd.api.d/sssd-ipa.conf /sssd-io/src/config/etc/sssd.api.d/sssd-krb5.conf /sssd-io/src/config/etc/sssd.api.d/sssd-ldap.conf /sssd-io/src/config/etc/sssd.api.d/sssd-local.conf /sssd-io/src/config/etc/sssd.api.d/sssd-proxy.conf /sssd-io/src/config/ipachangeconf.py /sssd-io/src/config/setup.py /sssd-io/src/config/testconfigs/noparse.api.conf /sssd-io/src/config/testconfigs/sssd-badversion.conf /sssd-io/src/config/testconfigs/sssd-invalid-badbool.conf /sssd-io/src/config/testconfigs/sssd-invalid.conf /sssd-io/src/config/testconfigs/sssd-noversion.conf /sssd-io/src/config/testconfigs/sssd-valid.conf /sssd-io/src/config/upgrade_config.py /sssd-io/src/configure.ac /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb.h /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_private.h /sssd-io/src/db/sysdb_search.c /sssd-io/src/doxy.config.in /sssd-io/src/examples/sssd.conf /sssd-io/src/examples/sssdproxytest /sssd-io/src/examples/sudo /sssd-io/src/external/crypto.m4 /sssd-io/src/external/docbook.m4 /sssd-io/src/external/krb5.m4 /sssd-io/src/external/ldap.m4 /sssd-io/src/external/libcares.m4 /sssd-io/src/external/libcollection.m4 /sssd-io/src/external/libdhash.m4 /sssd-io/src/external/libini_config.m4 /sssd-io/src/external/libldb.m4 /sssd-io/src/external/libpcre.m4 /sssd-io/src/external/libpopt.m4 /sssd-io/src/external/libtalloc.m4 /sssd-io/src/external/libtdb.m4 /sssd-io/src/external/libtevent.m4 /sssd-io/src/external/pam.m4 /sssd-io/src/external/pkg.m4 /sssd-io/src/external/platform.m4 /sssd-io/src/external/python.m4 /sssd-io/src/external/selinux.m4 /sssd-io/src/external/sizes.m4 /sssd-io/src/krb5_plugin/sssd_krb5_locator_plugin.c /sssd-io/src/ldb_modules/memberof.c /sssd-io/src/m4/.dir /sssd-io/src/man/include/failover.xml /sssd-io/src/man/include/param_help.xml /sssd-io/src/man/include/upstream.xml /sssd-io/src/man/sss_groupadd.8.xml /sssd-io/src/man/sss_groupdel.8.xml /sssd-io/src/man/sss_groupmod.8.xml /sssd-io/src/man/sss_groupshow.8.xml /sssd-io/src/man/sss_useradd.8.xml /sssd-io/src/man/sss_userdel.8.xml /sssd-io/src/man/sss_usermod.8.xml /sssd-io/src/man/sssd-ipa.5.xml /sssd-io/src/man/sssd-krb5.5.xml /sssd-io/src/man/sssd-ldap.5.xml /sssd-io/src/man/sssd.8.xml /sssd-io/src/man/sssd.conf.5.xml /sssd-io/src/man/sssd_krb5_locator_plugin.8.xml /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor.h /sssd-io/src/monitor/monitor_interfaces.h /sssd-io/src/monitor/monitor_sbus.c /sssd-io/src/po/LINGUAS /sssd-io/src/po/Makevars /sssd-io/src/po/POTFILES.in /sssd-io/src/po/de.po /sssd-io/src/po/es.po /sssd-io/src/po/fr.po /sssd-io/src/po/it.po /sssd-io/src/po/ja.po /sssd-io/src/po/nl.po /sssd-io/src/po/pl.po /sssd-io/src/po/pt.po /sssd-io/src/po/sss_daemon.pot /sssd-io/src/po/sv.po /sssd-io/src/providers/child_common.c /sssd-io/src/providers/child_common.h /sssd-io/src/providers/data_provider.h /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/data_provider_opts.c /sssd-io/src/providers/dp_auth_util.c /sssd-io/src/providers/dp_backend.h /sssd-io/src/providers/dp_sbus.c /sssd-io/src/providers/fail_over.c /sssd-io/src/providers/fail_over.h /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_access.h /sssd-io/src/providers/ipa/ipa_auth.c /sssd-io/src/providers/ipa/ipa_auth.h /sssd-io/src/providers/ipa/ipa_common.c /sssd-io/src/providers/ipa/ipa_common.h /sssd-io/src/providers/ipa/ipa_init.c /sssd-io/src/providers/ipa/ipa_timerules.c /sssd-io/src/providers/ipa/ipa_timerules.h /sssd-io/src/providers/krb5/krb5_auth.c /sssd-io/src/providers/krb5/krb5_auth.h /sssd-io/src/providers/krb5/krb5_become_user.c /sssd-io/src/providers/krb5/krb5_child.c /sssd-io/src/providers/krb5/krb5_common.c /sssd-io/src/providers/krb5/krb5_common.h /sssd-io/src/providers/krb5/krb5_init.c /sssd-io/src/providers/krb5/krb5_utils.c /sssd-io/src/providers/krb5/krb5_utils.h ldap_auth.c ldap_child.c ldap_common.c ldap_common.h ldap_id.c ldap_id_cleanup.c ldap_id_enum.c ldap_init.c sdap.c sdap.h sdap_async.c sdap_async.h sdap_async_accounts.c sdap_async_connection.c sdap_async_private.h sdap_child_helpers.c /sssd-io/src/providers/providers.h /sssd-io/src/providers/proxy.c /sssd-io/src/providers/sssd_be.exports /sssd-io/src/python/pysss.c /sssd-io/src/resolv/ares/ares_data.c /sssd-io/src/resolv/ares/ares_data.h /sssd-io/src/resolv/ares/ares_dns.h /sssd-io/src/resolv/ares/ares_parse_srv_reply.c /sssd-io/src/resolv/ares/ares_parse_srv_reply.h /sssd-io/src/resolv/ares/ares_parse_txt_reply.c /sssd-io/src/resolv/ares/ares_parse_txt_reply.h /sssd-io/src/resolv/async_resolv.c /sssd-io/src/resolv/async_resolv.h /sssd-io/src/responder/common/responder.h /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/common/responder_packet.c /sssd-io/src/responder/common/responder_packet.h /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv.h /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_nc.c /sssd-io/src/responder/nss/nsssrv_nc.h /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv.h /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sbus_client.h /sssd-io/src/sbus/sssd_dbus.h /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_private.h /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/sss_client/common.c /sssd-io/src/sss_client/group.c /sssd-io/src/sss_client/man/pam_sss.8.xml /sssd-io/src/sss_client/pam_sss.c /sssd-io/src/sss_client/pam_test_client.c /sssd-io/src/sss_client/passwd.c /sssd-io/src/sss_client/protos.h /sssd-io/src/sss_client/sss_cli.h /sssd-io/src/sss_client/sss_nss.exports /sssd-io/src/sss_client/sss_pam.exports /sssd-io/src/sss_client/sss_pam_macros.h /sssd-io/src/sysv/SUSE/sssd /sssd-io/src/sysv/sssd /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/check_and_open-tests.c /sssd-io/src/tests/common.c /sssd-io/src/tests/common.h /sssd-io/src/tests/fail_over-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/find_uid-tests.c /sssd-io/src/tests/ipa_ldap_opt-tests.c /sssd-io/src/tests/ipa_timerules-tests.c /sssd-io/src/tests/krb5_utils-tests.c /sssd-io/src/tests/python-test.py /sssd-io/src/tests/refcount-tests.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/stress-tests.c /sssd-io/src/tests/strtonum-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tools/files.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_sync_ops.h /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/backup_file.c /sssd-io/src/util/check_and_open.c /sssd-io/src/util/crypto_sha512crypt.c /sssd-io/src/util/debug.c /sssd-io/src/util/dlinklist.h /sssd-io/src/util/find_uid.c /sssd-io/src/util/find_uid.h /sssd-io/src/util/memory.c /sssd-io/src/util/nss_sha512crypt.c /sssd-io/src/util/refcount.c /sssd-io/src/util/refcount.h /sssd-io/src/util/server.c /sssd-io/src/util/sha512crypt.h /sssd-io/src/util/signal.c /sssd-io/src/util/signal.m4 /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_krb5.h /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/sss_ldap.h /sssd-io/src/util/strtonum.c /sssd-io/src/util/strtonum.h /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/user_info_msg.h /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c /sssd-io/src/util/util.h