summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-12-03Use the custom password field in groups too.Simo Sorce1-3/+5
Groups also need to honor the settable password field and use * by default.
2009-12-03Use memberuid and not member in group enumerationsSimo Sorce2-54/+9
This allows for correctly reporting nested group members, while at the same time not paying a too high price for caluclating nested groups at runtime e very time a search is made.
2009-12-03Compute and save memberuid in cache as wellSimo Sorce1-108/+690
This patch adds a new generated attribute to every group that has direct or indirect members. This attribute is called memberuid and contains the name of the users that are directo or indirect members of this group. This is done to greatly speed up group enumerations when NSS reads groups off the cache.
2009-12-03Fix memberof pluginSimo Sorce1-12/+15
A loop was badly built and was skipping entries. This left some memberof attributes in place that should have been removed.
2009-12-03Check LDAP structure before calling ldap_unbind_ext()Sumit Bose1-1/+3
2009-12-03Check the services started against a list of known servicesJakub Hrozek1-0/+29
Fixes: #241
2009-12-03Setup ldap child logging from IPA backendJakub Hrozek4-45/+54
Fixes: #296
2009-12-03Copy-edit sssd-ipa man pageDavid O'Brien1-18/+17
Mainly typo fixes and grammar updates. Application of RH doc styles where appropriate.
2009-12-01Revert "Remove ELAPI from build and tarball"Stephen Gallagher1-2/+3
This reverts commit 9a446ad6d6445ed22f0d5132a241a3c8be5e1008.
2009-12-01Revert "Stop configuring ELAPI"Stephen Gallagher1-1/+1
This reverts commit a7360aa07780133b77c7fa0ab629b5e660e1e49a.
2009-12-01Stop configuring ELAPIStephen Gallagher1-1/+1
2009-12-01Remove ELAPI from build and tarballStephen Gallagher1-3/+2
Until such time as ELAPI is in a usable state, it makes no sense to be building and distributing it in the tarball. This patch will disable it from building and inclusion in the tarball.
2009-12-01Better error message when there is no local domain configuredJakub Hrozek7-7/+31
Fixes: #235
2009-12-01Warn visibly about permission problems with the config fileJakub Hrozek1-1/+8
Fixes: #268
2009-12-01Immediately return a krb5 change password request when offlineSumit Bose1-0/+7
2009-12-01Do not include libsss_ipa.la in rpm packageSumit Bose1-0/+1
2009-12-01Fix tabsSimo Sorce1-21/+21
2009-11-30Update version to 0.99.0Stephen Gallagher1-1/+1
2009-11-25Remove unneeded debugging codeSumit Bose1-9/+0
2009-11-25Fix an internal error when cache_credentials=FALSESumit Bose1-1/+4
2009-11-25Fix bug with bad ldb pkg-config filesStephen Gallagher1-1/+1
2009-11-25Update PL translationraven1-7/+6
2009-11-25Get TGT in a child process.Jakub Hrozek10-165/+1081
To avoid blocking in a synchronous call, the TGT is saved in a separate process Fixes: #277
2009-11-25Split helpers for child processesJakub Hrozek8-174/+267
Moves several functions out of providers/krb5 hierarchy into a separate module so it can be shared by the ldap child.
2009-11-25In IPA, the realm is always the domain uppercased.Simo Sorce1-2/+7
2009-11-25Make ldb lib dir configurableSumit Bose2-1/+19
2009-11-25Use ldb modules from build root for testsSumit Bose2-0/+5
2009-11-25Fix internal options numbers testSimo Sorce1-12/+24
Unfortunately since we changed the defines to an enum the preprocessor test stopped working. Turn tests into runtime tests that will abort the process.
2009-11-23Really check return value from pam_set_itemSumit Bose1-3/+3
2009-11-23Fix ticket #289Simo Sorce1-0/+18
When I converted fill_grent to speed up enumerations I left out this check by mistake.
2009-11-23Update translation strings for string freezeStephen Gallagher6-383/+463
2009-11-23Read KDC info from file instead from environmentSumit Bose13-74/+477
Then name or IP adress of the KDC is written into the pubconf directory into a file named kdcinfo.REALM. The locator plugin will then read this file and pass the data to the kerberos libraries.
2009-11-23Speed up user requests while offlineStephen Gallagher6-52/+102
This adds a new boolean option to sss_dp_send_acct_req() called fast_reply. If we make a request to the backends and we are currently offline, this option will determine whether we should immediately return from the cache (acceptable for NSS requests) or potentially wait for an online check to complete (required for PAM requests).
2009-11-23Make backend request type a bitfieldStephen Gallagher3-5/+5
2009-11-23Update NL translationStephen Gallagher1-6/+6
2009-11-23Update PL translationStephen Gallagher1-79/+80
2009-11-23Add ldap_pwd_policy optionSumit Bose7-45/+129
2009-11-20Add initial failover support for ldap and ipaSimo Sorce22-69/+938
The retun values are still not directly used with ldap libraries that still do their own name resolution, but this patch introduces a very basic framework to have a multiple providers in one domain use and share a single failover service if they want to.
2009-11-20Raise some timeoutsSimo Sorce2-3/+3
When using high debug levels or valgrind the code maybe slow enough that these timeouts were too strict.
2009-11-20Filter by id range before actually storing entries.Simo Sorce4-31/+89
This way we do not need to check for id ranges on every search.
2009-11-20Optimize sysdb_enumgrentSimo Sorce3-504/+203
This brings down the time needed to enumerate my group database from 2.4 seconds to 0.15 seconds.
2009-11-20Only display errors in unit testsStephen Gallagher10-11/+21
If you want to turn verbosity back on, just set the environment variable CK_VERBOSITY=verbose
2009-11-20Enhance check for remote hostsSumit Bose2-55/+97
2009-11-20Add ipa_authSumit Bose5-1/+352
To support IPA DS to Kerberos password migration a seperate authentication target is added. It calls the Kerberos authentication target and in the case of a 'Preauthentication Error' the LDAP authentication target. On success the Kerberos target is called again to request the TGT.
2009-11-20Add reference to sssd-krb5 man page.Simo Sorce1-0/+3
Thanks to Marko Myllynen for spotting this.
2009-11-20Improve handling of ccache filesSumit Bose8-206/+1081
- save current ccache file to sysdb - use the saved ccache file if the user has running processes - create an empty ccache if offline - return enviroment variables if offline
2009-11-20Correctly escape DN value.Simo Sorce1-6/+42
In building the DN string we weren't correctly escaping the value of the RDN component. This patches fixes that.
2009-11-20Better behavior on cleanupSimo Sorce4-20/+44
With the previous code in domains with many users and enumeration enable we would eventually end up making thousands of individual searches for entries in the clean-up process. Change the code to do a full enumeration before a cleanup so we do one single big search to update all entries and only then search for entries to purge. This also fixes the fact that the cleanup task was running at every enumeration instead of running every "ldap_purge_cache_timeout" seconds.
2009-11-20Add empty NL translationStephen Gallagher4-0/+654
2009-11-20Validate Kerberos credentials with local keytabSumit Bose16-43/+326