Age | Commit message (Collapse) | Author | Files | Lines |
|
A relatively small patch aligning headers
and a small portion of code for upcoming
implementation of the async event processing.
Cleanup of the test config file.
|
|
This patch creates the infrastructure for
logging of the event from the top of the interface
to the bottom. It is a start. A lot of functionality
is left aside.
The attempt of this patch is pass event from caller
of the ELAPI interface via targets to sinks
then to providers and do serialization creating
entity that is ready to be written to a file.
It also implements more specific provider related
configuration parameters.
Also it addresses couple suggestions that were
brought up against previous patch.
ELAPI Correcting issues
This patch addresses the issues found during the
review of the previous patches and addresses
ticket #166.
|
|
This patch drills down to the next level of ELAPI functionality.
I adds the creation and loading of the sinks. It also
implements a skeleton for the first low level provider
which will be capable of writing to a file.
The configuration ini file is extended to define
new configuration parameters and their meanings.
|
|
Removes the ability to proxy to shadow-utils. Also remove all the
supporting functions for getting domain type, domain by id etc.
|
|
|
|
The special persistent local database retains the original name.
All other backends now have their own cache-NAME.ldb file.
|
|
Make counter for used messages explicit.
|
|
|
|
- remove unneeded CFLAGS component
- do not leak LDFLAGS used by configure check to final Makefile
|
|
- replaced mailing list address
- let sssd base components read version from VERSION
|
|
Check if the timestamp argument of sdap_save_group_recv is NULL before
using it.
|
|
sdap_get_initgr_process() was using the wrong sdap_id_map struct
when creating the searchfilter for the initgroups() call.
|
|
New tevent library finally outlawed nested loops.
|
|
Support RHEL 5 in the spec file
|
|
If enumerations are disabled for this domain, then do not start the
enumeration task.
|
|
The data provider backends stored a name value besides the domain
name to identify themselves to the data provider. This was the name
of the id provider. Currently the backends can have different
providers for id, authentication etc. So the name may be missleading.
Also when there are more domains with the same id provider the name
is not enough to identify the backend but the domain name is. As a
consequence the backend name is removed completely and only the
domain name is used for identification.
|
|
PCRE_DUPNAMES is a new feature of libpcre 7. It is used in sssd to
make the splitting of fully qualified user names more flexible.
|
|
|
|
|
|
It seems like DBUS always adds 2 watches for the same fd.
One is for reading and the other is for writing.
DBUS then keeps disabling one and enabling the other, depending on whether
it is interested in reading or writing from/to the file descriptor.
|
|
|
|
Currently the kerberos locator plugin needs these two variables to
be set to find a KDC which is configured in sssd but not in
/etc/krb5.conf.
|
|
|
|
|
|
This patch reduces the time needed to enumerate groups of a midsized
domain from 12 seconds to 4.4
Optimizes enumerations by doing only 2 ldb searches and some ordering
instead of a number of searches proportional to the number of groups
|
|
Always immediately return to DP, and update users/groups in the background.
Also implements an optimization to retrieve only changed/new users/groups
by filtering using the modifyTimestamp after the first query.
|
|
|
|
Provides also an upgrade function.
|
|
Also remove legacy memberuid support
|
|
First pass to remove the legacy option and make it just a property of the
provider
|
|
|
|
|
|
|
|
|
|
Update gettext strings
|
|
Try as hard as possible to store as much data as we can.
|
|
Allow to try to set members that do not actually exist.
In that case simply remove them when we find out they are not real
entries.
|
|
|
|
Seen in tests and was leading to a segfault
|
|
- making the realm part upper case is now optional and done in the
LDAP backend
- using a username@realm UPN is now optional
|
|
|
|
Added man pages sections about user and group attribute mapping.
Added an example configuration to access an AD server.
|
|
If available the original DN and the user principle will be stored
in sysdb.
|
|
- with the boolean option filterUsersInGroups it can be controlled
wether filtered users appear in groups or not.
- fixed an error which prevented the display of groups with filtered
members
- removed some tab indents
|
|
|
|
One of the previous patches disallowed adding users and groups outside
known domains but it was missing disallowing modifying, deleting, etc.
Also don't error if there's no sysdb cache to delete after deleting
legacy user/domain.
Fixes: tickets #113,#114
|
|
If a user principle name (upn) can be found in sysdb the krb5
backend will use this otherwise is build as username@realm. It is
checked that the realm is upper case only.
|
|
Per ticket #118 shortened naimes of some functions and structs I added
into ELAPI during last big functional patch .
There is no plan to do a global shortening of all names
but miving forward I will try to make them shorter than I used to.
|
|
Started looking at the ticket #107 related to
traverse functions. Realized that the return values
are not consistent. That ovelapped with the work
that I wanted to do for ticket #103 - errno cleanup.
So I (across collection, INI and ELAPI):
* Made the return codes consistent (where found)
* Removed errno where it is not needed
While was testing used valgrind and found a nasty
problem when the value was added to collection with
overwriting duplicates the count was decreased improperly.
Fixing collection.c to not decrease count made
valgrind happy. While I was debugging this
I also spotted several build warnings in trace
statements when the " exp ? v1 : v2 " was used.
Fixed those.
In ini_config.c there was a trace stament that used
variable after it was freed. Removed trace stament.
|
|
The targets are the destinations which
caller wants to send the events to.
The sinks are now on the second level
under targets and constitute a so called
fail over chain for a target.
Such approach eliminates the need for complex
routing function.
The dispatcher keeps the list of targets in a collection.
The element in the collection is the target context.
Also gispatcher keeps the list of the sinks
in a separate collection.
Each target context has a list of the sinks
associated with this target. But those are just
pointers (at least for now) to the sinks
form the list kept by dispatcher.
I had to add some internal debug callbacks
to be able to see that all the internals of
the dispatcher are actually in order.
See the conttent of config file for more comments.
Also see information posted on SSSD wiki.
https://fedorahosted.org/sssd/wiki/WikiPage/ELAPIInterface
|