| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Update tests to include IPA options
|
|
Fixes: #309
|
|
|
|
|
|
This task allows us to rebuild memberuid and memberof attributes throughout the
database. This way we can upgrade from version 0.4 databases that didn't
generate and store memberuid.
The task can be invoked by adding a speaicl named entry to the ldb file.
The entry dn to use is: @MEMBEROF-REBUILD, the entry has no attributes and any
attribute is ignored at present.
The entry will not be stored in the database but will just trigger the task to
execute a rebuild of the memberof and memberuid attributes
|
|
|
|
Added configurable key length.
Changed comments for the functions that
are currently not used and reserved for
future functionality.
|
|
I scanned through the code and made sure that the FIXME
comments are either addressed or a corresponding ticket exists.
I removed two comments that had "FIXME" in them.
The tickets for those comments are #72 and #308.
|
|
This patch adds ability to create a reference to the top
level collection.
Previously one could get reference only to collection
inside other collection. With this change it becomes
possible to have two pointers to the same top level
collection from multiple places.
COLLECTION Adding comment.
COLLECTION: Some tracing
|
|
Added more distingushable indication to
the trace messages that represent errors.
|
|
|
|
|
|
|
|
The macro STATUS_DIFF() was wrong causing the result to always be lower
than 0, therefore the timeout was never reached.
Fixes: #302
|
|
These were very useful for debugging and hopefully still will be in the
future.
|
|
Previously, we were accidentally filtering out domains that were
not configured, so deleted domains might still appear in the
active domain list.
This patch should ensure that this never happens.
|
|
|
|
|
|
|
|
* Rename structure accordingly to ares upstream
* Use new ares parsing functions in the wrappers
* fix tests for ares 1.7
|
|
deactivate_domain() would crash if it attempted to deactivate an
already-inactive domain
|
|
We were actually listing files that are on the system, not those that we
created in the $RPM_BUILD_ROOT. Also, by doing an echo with the regular
expression, we put more than one file on one line. Rpmbuild doesn't like
that and will not generate the rpms.
|
|
Fixes: #294
|
|
|
|
Fixes: #233
|
|
Adds two new public functions:
SSSDConfig.activate_domain()
SSSDConfig.deactivate_domain()
These two functions are used during the save_domain() call to
ensure that the active domain list is always kept up to date.
|
|
The set function didn't do anything at all. It needed to use the
ipachangeconf.merge() function to behave properly instead of
mergeNew()
|
|
Now it will report only failures or final success
|
|
This function will change the name of an existing domain
|
|
|
|
Also pass a flag to the delete callback to tell it if this is a normal
entry removal or we are cleaning up the tbale definitively.
|
|
|
|
|
|
Previously we were only building them but not running them.
|
|
We will remove all options for a provider that are not also
required by another configured provider. (For example, we will not
remove krb5_realm when deleting the krb5 auth provider if the LDAP
provider is in use, since it may still require this argument).
|
|
There was no valid reason to require the backend type when
specifying a provider to remove.
|
|
If we fell into the default case of the switch statement, we would
attempt to talloc_free() a random memory location. This patch
guarantees that sdp_req is NULL if it has not been initialized.
|
|
|
|
If grouplist was a zero-length array, we would return ret
unitialized.
|
|
|
|
|
|
Application like krb5-auth-dialog might get confused if there is a
credential cache file without any credentials in it. This patch adds an
expired credential where only the client and the server principal are
set. The client principal is the user's principal and the server
principal corresponds to a TGT principal of the realm the user belongs
to.
|
|
|
|
Fixes: #301
|
|
|
|
|
|
|
|
|
|
When using GSSAPI we need a valid service ticket to talk to the LDAP
server. If the ticket is expired the LDAP client returns with 'Can't
contact LDAP server'. Currently we set the backend offline if this error
occurs although the server is still available. This patch checks if the
TGT is expired and tries to renew the credentials before going offline.
|
|
|
