History log of /sssd-io/src/providers/ldap/sdap_async_private.h
Revision Date Author Comments Expand
70c0648f021ded3d31313eb962e1ad140f242673 23-Mar-2017 Sumit Bose <sbose@redhat.com>

sdap_get_users_send(): new argument mapped_attrs mapped_attrs can be a list of sysdb_attrs which are not available on the server side but should be store with the cached user entry. This is needed e.g. when the input to look up the user in LDAP is not an attribute which is stored in LDAP but some data where LDAP attributes are extracted from. The current use case is the certificate mapping library which can create LDAP search filters based on content of the certificate. To allow upcoming cache lookup to use the input directly it is stored in the user object in the cache. Related to https://pagure.io/SSSD/sssd/issue/3050 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
25699846bd1c9f8bb513b6271eb4366ab682fbd2 31-Oct-2016 Sumit Bose <sbose@redhat.com>

LDAP/AD: resolve domain local groups for remote users If a user from a trusted domain in the same forest is a direct or indirect member of domain local groups from the local domain those memberships must be resolved as well. Since those domain local groups are not valid in the trusted domain a DC from the trusted domain which is used to lookup the user data is not aware of them. As a consequence those memberships must be resolved against a local DC in a second step. Resolves https://fedorahosted.org/sssd/ticket/3206 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
49d3f0a487d55571b2bdc9d3f8280b304b964b9d 31-Oct-2016 Sumit Bose <sbose@redhat.com>

sdap: make some nested group related calls public sdap_nested_groups_store() and rfc2307bis_nested_groups_send/recv() will be reused for domain local group lookups. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
c03214d427ea43e7bf8255ccc79faa905c89f7f6 07-Jul-2016 Jakub Hrozek <jhrozek@redhat.com>

LDAP: make it clear that sdap_add_incomplete_groups operates on sysdb names Just provides a more descriptive name of a function parameter. Reviewed-by: Sumit Bose <sbose@redhat.com>
c32266e79f9d4bebd0c31eaa8d6fa26050e7fb3e 24-Feb-2016 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Use the IPA provider interface to resolve external group members Resolves: https://fedorahosted.org/sssd/ticket/2522 Currently the approach is not optimized for performance, because each external member is resolved in a full transaction to make sure even ID views and similar information is processed. In future, we should implement https://fedorahosted.org/sssd/ticket/2943 we will again be able to process all the data in a single transaction. Reviewed-by: Sumit Bose <sbose@redhat.com>
bad2fc8133d941e5a6c8d8016c9689e039265c61 14-Apr-2015 Lukas Slebodnik <lslebodn@redhat.com>

SDAP: Extract filtering AD group to function Patch remove code duplication. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
d81d8d3dc151ebc95cd0e3f3b14c1cdaa48980f1 17-Mar-2015 Sumit Bose <sbose@redhat.com>

LDAP/AD: do not resolve group members during tokenGroups request During initgroups requests we try to avoid to resolve the complete member list of groups if possible, e.g. if there are no nested groups. The tokenGroups LDAP lookup return the complete list of memberships for a user hence it is not necessary lookup the other group member and un-roll nested groups. With this patch only the group entry is looked up and saved as incomplete group to the cache. This is achieved by adding a new boolean parameter no_members to groups_get_send() and sdap_get_groups_send(). The difference to config options like ldap_group_nesting_level = 0 or ignore_group_members is that if no_members is set to true groups which are missing in the cache are created a incomplete groups. As a result a request to lookup this group will trigger a new LDAP request to resolve the group completely. This way no information is ignored but the time needed to read all data is better distributed between different requests. https://fedorahosted.org/sssd/ticket/2601 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
208b9f9bea519392428d99803edac1739ffdd444 18-Feb-2014 Pavel Březina <pbrezina@redhat.com>

make make_realm_upper_case() static Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
9cc66028cb6e497588a088ff2953e2ca7ed6ca6d 26-Sep-2013 Pavel Březina <pbrezina@redhat.com>

sysdb: get_sysdb_grouplist() can return either names or dn We need to work with distinguish names when processing cross-domain membership, because groups and users may be stored in different sysdb tree. Resolves: https://fedorahosted.org/sssd/ticket/2066
749cfb5d3270b5daf389d51a0dbd3fd2aec6e05d 07-Jun-2013 Jakub Hrozek <jhrozek@redhat.com>

LDAP: new SDAP domain structure Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain.
755aee449c6311518200c2f11c1aae329a19b038 02-Apr-2013 Pavel Březina <pbrezina@redhat.com>

refactor nested group processing: replace old code https://fedorahosted.org/sssd/ticket/1784
fae99bfe4bfc8b4a12e9c2a0ad01b3684c22f934 20-Mar-2013 Simo Sorce <simo@redhat.com>

ldap: Fallback option for rfc2307 schema Add option to fallback to fetch local users if rfc2307is being used. This is useful for cases where people added local users as LDAP members and rely on these group memberships to be maintained on the local host. Disabled by default as it violates identity domain separation. Ticket: https://fedorahosted.org/sssd/ticket/1020
b23539e420b9962ad3bfd8f305b9d5acf47e7efb 15-Jan-2013 Simo Sorce <simo@redhat.com>

Add domain to sysdb_search_group_by_name() Also remove unused sysdb_search_domgroup_by_name()
2ce00e0d3896bb42db169d1e79553a81ca837a22 15-Jan-2013 Simo Sorce <simo@redhat.com>

Add domain to sysdb_search_user_by_name() Also remove unused sysdb_search_domuser_by_name()
6199bd6b41e8b280e65db4b4bb17a1c5c0444aa9 13-Jun-2012 Stephen Gallagher <sgallagh@redhat.com>

LDAP: Make sdap_initgr_common_store() non-static Move it to a private header so it can be reused by other initgroups C files.
1ed3a0d1d98ae410fcd716ec5c7202de2c082597 13-Jun-2012 Stephen Gallagher <sgallagh@redhat.com>

LDAP: Add helper function to get list of a user's groups from sysdb
3ff729e6c8a371e7a52914772816c39ca73c50a9 24-Feb-2012 Jan Zeleny <jzeleny@redhat.com>

Modifications to simplify list_missing_attrs
7d9f54f5ec7c72336c4f69dbf20d55f1f64b88d2 23-Nov-2011 Jan Zeleny <jzeleny@redhat.com>

Renamed some LDAP routines These were renamed just ot make sure they are not mistook for IPA netgroup functions.
684d1b48b5582a1bf7812b8c3c663592dc6dfed9 13-Oct-2011 Pavel Březina <pbrezina@redhat.com>

SysDB commands that save lastUpdate allows this value to be passed in https://fedorahosted.org/sssd/ticket/836
f26c954658dfd7461f290f0b5d924951a6db219a 15-Aug-2011 Jan Zeleny <jzeleny@redhat.com>

sdap_async_accounts.c split The file has been split in three: sdap_async_users.c sdap_async_groups.c sdap_async_initgroups.c https://fedorahosted.org/sssd/ticket/864
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06 30-Jun-2011 Sumit Bose <sbose@redhat.com>

Add sdap_call_conn_cb() to call add connection callback directly
4534c103b193b74452ea81bf12ffaceb1901728a 22-Oct-2010 Sumit Bose <sbose@redhat.com>

Add ldap_deref option
64783bdc0aff447a356c5169c027dadc05dfb312 13-Oct-2010 Jakub Hrozek <jhrozek@redhat.com>

Make ldap_child report kerberos return code to parent
6480abbd1bba71efa8a834fada6505d1767fabfc 15-Sep-2010 Jakub Hrozek <jhrozek@redhat.com>

Revert "Make ldap bind asynchronous" This reverts 56d8d19ac9d857580a233d8264e851883b883c67
56d8d19ac9d857580a233d8264e851883b883c67 02-Sep-2010 Martin Nagy <mnagy@redhat.com>

Make ldap bind asynchronous Every ldap function that could possibly create a new connection is now wrapped in a tevent_req. If the connection is created, we will call the function again after the socket is ready for writing.
a2cabe1873c4d01c18ef6617b6b1f10a0ce3560e 09-Jul-2010 eindenbom <eindenbom@gmail.com>

GSSAPI ticket expiry time is returned from ldap_child and stored in sdap_handle for future reference.
7bfc287b693d3696bd5b3c60bdb7e543eb230f9b 09-Jun-2010 Stephen Gallagher <sgallagh@redhat.com>

Disable connection callbacks when going online Under certain circumstances, the openldap libraries will continue internally trying to reconnect to a connection lost (as during a cable-pull test). We need to drop the reconnection callbacks when marking the backend offline in order to guarantee that they are not called with an invalid sdap_handle.
ebb6e30d687a4d6626c735234c85cbb5b06a26aa 16-May-2010 Sumit Bose <sbose@redhat.com>

Add ldap_krb5_ticket_lifetime option
48a038d077ed2de18a5211e010c18ab680107293 16-May-2010 Stephen Gallagher <sgallagh@redhat.com>

Add dynamic DNS updates to FreeIPA This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
57614e56dd272db0f71abc442b1515d79fd16169 07-May-2010 Stephen Gallagher <sgallagh@redhat.com>

Revert "Add dynamic DNS updates to FreeIPA" This reverts commit 973b7c27c0b294b8b2f120296f64c6a3a36e44b7. While this patch applied cleanly, it was uncompilable. Reverting until it can be properly merged.
973b7c27c0b294b8b2f120296f64c6a3a36e44b7 07-May-2010 Stephen Gallagher <sgallagh@redhat.com>

Add dynamic DNS updates to FreeIPA This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
5b680ac8ef46fc1714f2ab59a07f68ac386ad89b 26-Apr-2010 Sumit Bose <sbose@redhat.com>

Make the handling of fd events opaque Depending on the version of the OpenLDAP libraries we use two different schemes to find the file descriptor of the connection to the LDAP server. This patch removes the related ifdefs from the main code and introduces helper functions which can handle the specific cases.
1c48b5a62f73234ed26bb20f0ab345ab61cda0ab 18-Feb-2010 Stephen Gallagher <sgallagh@redhat.com>

Rename server/ directory to src/ Also update BUILD.txt

/sssd-io/BUILD.txt /sssd-io/Makefile.am /sssd-io/configure.ac /sssd-io/contrib/sssd.spec.in /sssd-io/src/Makefile.am /sssd-io/src/build_macros.m4 /sssd-io/src/conf_macros.m4 /sssd-io/src/confdb/confdb.c /sssd-io/src/confdb/confdb.h /sssd-io/src/confdb/confdb_private.h /sssd-io/src/confdb/confdb_setup.c /sssd-io/src/confdb/confdb_setup.h /sssd-io/src/config/SSSDConfig.py /sssd-io/src/config/SSSDConfigTest.py /sssd-io/src/config/etc/sssd.api.conf /sssd-io/src/config/etc/sssd.api.d/sssd-ipa.conf /sssd-io/src/config/etc/sssd.api.d/sssd-krb5.conf /sssd-io/src/config/etc/sssd.api.d/sssd-ldap.conf /sssd-io/src/config/etc/sssd.api.d/sssd-local.conf /sssd-io/src/config/etc/sssd.api.d/sssd-proxy.conf /sssd-io/src/config/ipachangeconf.py /sssd-io/src/config/setup.py /sssd-io/src/config/testconfigs/noparse.api.conf /sssd-io/src/config/testconfigs/sssd-badversion.conf /sssd-io/src/config/testconfigs/sssd-invalid-badbool.conf /sssd-io/src/config/testconfigs/sssd-invalid.conf /sssd-io/src/config/testconfigs/sssd-noversion.conf /sssd-io/src/config/testconfigs/sssd-valid.conf /sssd-io/src/config/upgrade_config.py /sssd-io/src/configure.ac /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb.h /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_private.h /sssd-io/src/db/sysdb_search.c /sssd-io/src/doxy.config.in /sssd-io/src/examples/sssd.conf /sssd-io/src/examples/sssdproxytest /sssd-io/src/examples/sudo /sssd-io/src/external/crypto.m4 /sssd-io/src/external/docbook.m4 /sssd-io/src/external/krb5.m4 /sssd-io/src/external/ldap.m4 /sssd-io/src/external/libcares.m4 /sssd-io/src/external/libcollection.m4 /sssd-io/src/external/libdhash.m4 /sssd-io/src/external/libini_config.m4 /sssd-io/src/external/libldb.m4 /sssd-io/src/external/libpcre.m4 /sssd-io/src/external/libpopt.m4 /sssd-io/src/external/libtalloc.m4 /sssd-io/src/external/libtdb.m4 /sssd-io/src/external/libtevent.m4 /sssd-io/src/external/pam.m4 /sssd-io/src/external/pkg.m4 /sssd-io/src/external/platform.m4 /sssd-io/src/external/python.m4 /sssd-io/src/external/selinux.m4 /sssd-io/src/external/sizes.m4 /sssd-io/src/krb5_plugin/sssd_krb5_locator_plugin.c /sssd-io/src/ldb_modules/memberof.c /sssd-io/src/m4/.dir /sssd-io/src/man/include/failover.xml /sssd-io/src/man/include/param_help.xml /sssd-io/src/man/include/upstream.xml /sssd-io/src/man/sss_groupadd.8.xml /sssd-io/src/man/sss_groupdel.8.xml /sssd-io/src/man/sss_groupmod.8.xml /sssd-io/src/man/sss_groupshow.8.xml /sssd-io/src/man/sss_useradd.8.xml /sssd-io/src/man/sss_userdel.8.xml /sssd-io/src/man/sss_usermod.8.xml /sssd-io/src/man/sssd-ipa.5.xml /sssd-io/src/man/sssd-krb5.5.xml /sssd-io/src/man/sssd-ldap.5.xml /sssd-io/src/man/sssd.8.xml /sssd-io/src/man/sssd.conf.5.xml /sssd-io/src/man/sssd_krb5_locator_plugin.8.xml /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor.h /sssd-io/src/monitor/monitor_interfaces.h /sssd-io/src/monitor/monitor_sbus.c /sssd-io/src/po/LINGUAS /sssd-io/src/po/Makevars /sssd-io/src/po/POTFILES.in /sssd-io/src/po/de.po /sssd-io/src/po/es.po /sssd-io/src/po/fr.po /sssd-io/src/po/it.po /sssd-io/src/po/ja.po /sssd-io/src/po/nl.po /sssd-io/src/po/pl.po /sssd-io/src/po/pt.po /sssd-io/src/po/sss_daemon.pot /sssd-io/src/po/sv.po /sssd-io/src/providers/child_common.c /sssd-io/src/providers/child_common.h /sssd-io/src/providers/data_provider.h /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/data_provider_opts.c /sssd-io/src/providers/dp_auth_util.c /sssd-io/src/providers/dp_backend.h /sssd-io/src/providers/dp_sbus.c /sssd-io/src/providers/fail_over.c /sssd-io/src/providers/fail_over.h /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_access.h /sssd-io/src/providers/ipa/ipa_auth.c /sssd-io/src/providers/ipa/ipa_auth.h /sssd-io/src/providers/ipa/ipa_common.c /sssd-io/src/providers/ipa/ipa_common.h /sssd-io/src/providers/ipa/ipa_init.c /sssd-io/src/providers/ipa/ipa_timerules.c /sssd-io/src/providers/ipa/ipa_timerules.h /sssd-io/src/providers/krb5/krb5_auth.c /sssd-io/src/providers/krb5/krb5_auth.h /sssd-io/src/providers/krb5/krb5_become_user.c /sssd-io/src/providers/krb5/krb5_child.c /sssd-io/src/providers/krb5/krb5_common.c /sssd-io/src/providers/krb5/krb5_common.h /sssd-io/src/providers/krb5/krb5_init.c /sssd-io/src/providers/krb5/krb5_utils.c /sssd-io/src/providers/krb5/krb5_utils.h ldap_auth.c ldap_child.c ldap_common.c ldap_common.h ldap_id.c ldap_id_cleanup.c ldap_id_enum.c ldap_init.c sdap.c sdap.h sdap_async.c sdap_async.h sdap_async_accounts.c sdap_async_connection.c sdap_async_private.h sdap_child_helpers.c /sssd-io/src/providers/providers.h /sssd-io/src/providers/proxy.c /sssd-io/src/providers/sssd_be.exports /sssd-io/src/python/pysss.c /sssd-io/src/resolv/ares/ares_data.c /sssd-io/src/resolv/ares/ares_data.h /sssd-io/src/resolv/ares/ares_dns.h /sssd-io/src/resolv/ares/ares_parse_srv_reply.c /sssd-io/src/resolv/ares/ares_parse_srv_reply.h /sssd-io/src/resolv/ares/ares_parse_txt_reply.c /sssd-io/src/resolv/ares/ares_parse_txt_reply.h /sssd-io/src/resolv/async_resolv.c /sssd-io/src/resolv/async_resolv.h /sssd-io/src/responder/common/responder.h /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/common/responder_packet.c /sssd-io/src/responder/common/responder_packet.h /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv.h /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_nc.c /sssd-io/src/responder/nss/nsssrv_nc.h /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv.h /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sbus_client.h /sssd-io/src/sbus/sssd_dbus.h /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_private.h /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/sss_client/common.c /sssd-io/src/sss_client/group.c /sssd-io/src/sss_client/man/pam_sss.8.xml /sssd-io/src/sss_client/pam_sss.c /sssd-io/src/sss_client/pam_test_client.c /sssd-io/src/sss_client/passwd.c /sssd-io/src/sss_client/protos.h /sssd-io/src/sss_client/sss_cli.h /sssd-io/src/sss_client/sss_nss.exports /sssd-io/src/sss_client/sss_pam.exports /sssd-io/src/sss_client/sss_pam_macros.h /sssd-io/src/sysv/SUSE/sssd /sssd-io/src/sysv/sssd /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/check_and_open-tests.c /sssd-io/src/tests/common.c /sssd-io/src/tests/common.h /sssd-io/src/tests/fail_over-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/find_uid-tests.c /sssd-io/src/tests/ipa_ldap_opt-tests.c /sssd-io/src/tests/ipa_timerules-tests.c /sssd-io/src/tests/krb5_utils-tests.c /sssd-io/src/tests/python-test.py /sssd-io/src/tests/refcount-tests.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/stress-tests.c /sssd-io/src/tests/strtonum-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tools/files.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_sync_ops.h /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/backup_file.c /sssd-io/src/util/check_and_open.c /sssd-io/src/util/crypto_sha512crypt.c /sssd-io/src/util/debug.c /sssd-io/src/util/dlinklist.h /sssd-io/src/util/find_uid.c /sssd-io/src/util/find_uid.h /sssd-io/src/util/memory.c /sssd-io/src/util/nss_sha512crypt.c /sssd-io/src/util/refcount.c /sssd-io/src/util/refcount.h /sssd-io/src/util/server.c /sssd-io/src/util/sha512crypt.h /sssd-io/src/util/signal.c /sssd-io/src/util/signal.m4 /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_krb5.h /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/sss_ldap.h /sssd-io/src/util/strtonum.c /sssd-io/src/util/strtonum.h /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/user_info_msg.h /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c /sssd-io/src/util/util.h