summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-12-08Do not start with provider=filesJakub Hrozek1-0/+6
Fixes: #233
2009-12-08Fix SSSDConfig API bugs around [de-]activation of domainsStephen Gallagher2-7/+152
Adds two new public functions: SSSDConfig.activate_domain() SSSDConfig.deactivate_domain() These two functions are used during the save_domain() call to ensure that the active domain list is always kept up to date.
2009-12-08Fix broken SSSDChangeConf.set() functionStephen Gallagher1-1/+1
The set function didn't do anything at all. It needed to use the ipachangeconf.merge() function to behave properly instead of mergeNew()
2009-12-08Reduce the verbosity of the SSSDConfigTestStephen Gallagher1-4/+4
Now it will report only failures or final success
2009-12-08Add SSSDDomain.set_name() function to SSSDConfig APIStephen Gallagher2-3/+77
This function will change the name of an existing domain
2009-12-08Add comments to document latest changesSimo Sorce1-0/+7
2009-12-08dhash: Add private pointer for delete callbackSimo Sorce6-15/+38
Also pass a flag to the delete callback to tell it if this is a normal entry removal or we are cleaning up the tbale definitively.
2009-12-08Add Spanish translationbeckerde2-174/+201
2009-12-08Add Portuguese translationruigo4-0/+693
2009-12-08Run dhash testsStephen Gallagher1-0/+2
Previously we were only building them but not running them.
2009-12-08Make SSSDDomain.remove_provider() remove configured optionsStephen Gallagher2-6/+54
We will remove all options for a provider that are not also required by another configured provider. (For example, we will not remove krb5_realm when deleting the krb5 auth provider if the LDAP provider is in use, since it may still require this argument).
2009-12-08SSSDDomain.remove_provider() requires only the provider typeStephen Gallagher2-12/+18
There was no valid reason to require the backend type when specifying a provider to remove.
2009-12-08Fix potential uninitialized value error in responder_dp.cStephen Gallagher1-1/+1
If we fell into the default case of the switch statement, we would attempt to talloc_free() a random memory location. This patch guarantees that sdp_req is NULL if it has not been initialized.
2009-12-08Fix potential uninitialized value errors in nsssrv_cmd.cStephen Gallagher1-1/+2
2009-12-08Avoid returning uninitialized result.Stephen Gallagher1-0/+1
If grouplist was a zero-length array, we would return ret unitialized.
2009-12-08Add allocation error checkStephen Gallagher1-7/+10
2009-12-08Change dhash API to be talloc-friendlySimo Sorce4-55/+82
2009-12-08Add dummy credentials to an empty ccache fileSumit Bose1-2/+54
Application like krb5-auth-dialog might get confused if there is a credential cache file without any credentials in it. This patch adds an expired credential where only the client and the server principal are set. The client principal is the user's principal and the server principal corresponds to a TGT principal of the realm the user belongs to.
2009-12-08Fail on nonexistent input fileJakub Hrozek2-3/+12
2009-12-08Handle spaces in config parserJakub Hrozek3-2/+43
Fixes: #301
2009-12-07Fix bug #311, properly set callback attributeSimo Sorce1-0/+1
2009-12-07Allow nesting to fix #310Simo Sorce3-0/+5
2009-12-07Add offline support for ipa_accessSumit Bose2-17/+134
2009-12-07Add checks to test the memberuid handlingSumit Bose1-13/+495
2009-12-07Try to renew Kerberos credentialsSumit Bose5-2/+189
When using GSSAPI we need a valid service ticket to talk to the LDAP server. If the ticket is expired the LDAP client returns with 'Can't contact LDAP server'. Currently we set the backend offline if this error occurs although the server is still available. This patch checks if the TGT is expired and tries to renew the credentials before going offline.
2009-12-07Make packaging of *.egg-info files more flexibleSumit Bose1-1/+4
2009-12-07Add basic OS detectionSumit Bose4-2/+40
Detect if the OS is Fedora, RHEL or SUSE and install the SUSE start-script on SUSE systems.
2009-12-07Fix nested group membershipsSimo Sorce6-221/+299
Search the local db to find the local DN using the original DN as search key. This way we do not have to rely on weak and faulty heuristicts based on DN names. Add a few helper functions in the process and change the way we pass members to sysdb_store_group_send(), instead of passing users and groups list, just add member DNs to the other sysdb attrs.
2009-12-07Make strdn build functions more availableSimo Sorce3-42/+58
2009-12-07Resolve nested groups also when rfc2307bis is usedSimo Sorce1-68/+2
2009-12-07Do not treat missing proc files as errors.Sumit Bose1-0/+10
2009-12-07Add sysdb_search_custom requestSumit Bose3-74/+206
2009-12-03Raise debug log level for LDB_DEBUG_WARNINGStephen Gallagher1-1/+1
Level 3 was far too low for mostly-useless messages
2009-12-03Make debug log timestamps human-readableStephen Gallagher2-4/+13
2009-12-03Use the custom password field in groups too.Simo Sorce1-3/+5
Groups also need to honor the settable password field and use * by default.
2009-12-03Use memberuid and not member in group enumerationsSimo Sorce2-54/+9
This allows for correctly reporting nested group members, while at the same time not paying a too high price for caluclating nested groups at runtime e very time a search is made.
2009-12-03Compute and save memberuid in cache as wellSimo Sorce1-108/+690
This patch adds a new generated attribute to every group that has direct or indirect members. This attribute is called memberuid and contains the name of the users that are directo or indirect members of this group. This is done to greatly speed up group enumerations when NSS reads groups off the cache.
2009-12-03Fix memberof pluginSimo Sorce1-12/+15
A loop was badly built and was skipping entries. This left some memberof attributes in place that should have been removed.
2009-12-03Check LDAP structure before calling ldap_unbind_ext()Sumit Bose1-1/+3
2009-12-03Check the services started against a list of known servicesJakub Hrozek1-0/+29
Fixes: #241
2009-12-03Setup ldap child logging from IPA backendJakub Hrozek4-45/+54
Fixes: #296
2009-12-03Copy-edit sssd-ipa man pageDavid O'Brien1-18/+17
Mainly typo fixes and grammar updates. Application of RH doc styles where appropriate.
2009-12-01Revert "Remove ELAPI from build and tarball"Stephen Gallagher1-2/+3
This reverts commit 9a446ad6d6445ed22f0d5132a241a3c8be5e1008.
2009-12-01Revert "Stop configuring ELAPI"Stephen Gallagher1-1/+1
This reverts commit a7360aa07780133b77c7fa0ab629b5e660e1e49a.
2009-12-01Stop configuring ELAPIStephen Gallagher1-1/+1
2009-12-01Remove ELAPI from build and tarballStephen Gallagher1-3/+2
Until such time as ELAPI is in a usable state, it makes no sense to be building and distributing it in the tarball. This patch will disable it from building and inclusion in the tarball.
2009-12-01Better error message when there is no local domain configuredJakub Hrozek7-7/+31
Fixes: #235
2009-12-01Warn visibly about permission problems with the config fileJakub Hrozek1-1/+8
Fixes: #268
2009-12-01Immediately return a krb5 change password request when offlineSumit Bose1-0/+7
2009-12-01Do not include libsss_ipa.la in rpm packageSumit Bose1-0/+1