Age | Commit message (Collapse) | Author | Files | Lines |
|
Groups also need to honor the settable password field and use * by default.
|
|
This allows for correctly reporting nested group members, while at the same
time not paying a too high price for caluclating nested groups at runtime e
very time a search is made.
|
|
This patch adds a new generated attribute to every group that has
direct or indirect members.
This attribute is called memberuid and contains the name of the users
that are directo or indirect members of this group.
This is done to greatly speed up group enumerations when NSS reads groups
off the cache.
|
|
A loop was badly built and was skipping entries.
This left some memberof attributes in place that should have been removed.
|
|
|
|
Fixes: #241
|
|
Fixes: #296
|
|
Mainly typo fixes and grammar updates.
Application of RH doc styles where appropriate.
|
|
This reverts commit 9a446ad6d6445ed22f0d5132a241a3c8be5e1008.
|
|
This reverts commit a7360aa07780133b77c7fa0ab629b5e660e1e49a.
|
|
|
|
Until such time as ELAPI is in a usable state, it makes no sense
to be building and distributing it in the tarball. This patch
will disable it from building and inclusion in the tarball.
|
|
Fixes: #235
|
|
Fixes: #268
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
To avoid blocking in a synchronous call, the TGT is saved in a separate
process
Fixes: #277
|
|
Moves several functions out of providers/krb5 hierarchy into a separate
module so it can be shared by the ldap child.
|
|
|
|
|
|
|
|
Unfortunately since we changed the defines to an enum the preprocessor test
stopped working.
Turn tests into runtime tests that will abort the process.
|
|
|
|
When I converted fill_grent to speed up enumerations I left out this check
by mistake.
|
|
|
|
Then name or IP adress of the KDC is written into the pubconf directory
into a file named kdcinfo.REALM. The locator plugin will then read this
file and pass the data to the kerberos libraries.
|
|
This adds a new boolean option to sss_dp_send_acct_req() called
fast_reply. If we make a request to the backends and we are
currently offline, this option will determine whether we should
immediately return from the cache (acceptable for NSS requests) or
potentially wait for an online check to complete (required for PAM
requests).
|
|
|
|
|
|
|
|
|
|
The retun values are still not directly used with ldap libraries that still do
their own name resolution, but this patch introduces a very basic framework to
have a multiple providers in one domain use and share a single failover
service if they want to.
|
|
When using high debug levels or valgrind the code maybe slow enough that these
timeouts were too strict.
|
|
This way we do not need to check for id ranges on every search.
|
|
This brings down the time needed to enumerate my group database
from 2.4 seconds to 0.15 seconds.
|
|
If you want to turn verbosity back on, just set the environment
variable CK_VERBOSITY=verbose
|
|
|
|
To support IPA DS to Kerberos password migration a seperate
authentication target is added. It calls the Kerberos authentication
target and in the case of a 'Preauthentication Error' the LDAP
authentication target. On success the Kerberos target is called again to
request the TGT.
|
|
Thanks to Marko Myllynen for spotting this.
|
|
- save current ccache file to sysdb
- use the saved ccache file if the user has running processes
- create an empty ccache if offline
- return enviroment variables if offline
|
|
In building the DN string we weren't correctly escaping the value of the RDN
component. This patches fixes that.
|
|
With the previous code in domains with many users and enumeration enable we
would eventually end up making thousands of individual searches for entries in
the clean-up process.
Change the code to do a full enumeration before a cleanup so we do one single
big search to update all entries and only then search for entries to purge.
This also fixes the fact that the cleanup task was running at every enumeration
instead of running every "ldap_purge_cache_timeout" seconds.
|
|
|
|
|