Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Currently the kerberos locator plugin needs these two variables to
be set to find a KDC which is configured in sssd but not in
/etc/krb5.conf.
|
|
|
|
|
|
This patch reduces the time needed to enumerate groups of a midsized
domain from 12 seconds to 4.4
Optimizes enumerations by doing only 2 ldb searches and some ordering
instead of a number of searches proportional to the number of groups
|
|
Always immediately return to DP, and update users/groups in the background.
Also implements an optimization to retrieve only changed/new users/groups
by filtering using the modifyTimestamp after the first query.
|
|
|
|
Provides also an upgrade function.
|
|
Also remove legacy memberuid support
|
|
First pass to remove the legacy option and make it just a property of the
provider
|
|
|
|
|
|
|
|
|
|
Update gettext strings
|
|
Try as hard as possible to store as much data as we can.
|
|
Allow to try to set members that do not actually exist.
In that case simply remove them when we find out they are not real
entries.
|
|
|
|
Seen in tests and was leading to a segfault
|
|
- making the realm part upper case is now optional and done in the
LDAP backend
- using a username@realm UPN is now optional
|
|
|
|
Added man pages sections about user and group attribute mapping.
Added an example configuration to access an AD server.
|
|
If available the original DN and the user principle will be stored
in sysdb.
|
|
- with the boolean option filterUsersInGroups it can be controlled
wether filtered users appear in groups or not.
- fixed an error which prevented the display of groups with filtered
members
- removed some tab indents
|
|
|
|
One of the previous patches disallowed adding users and groups outside
known domains but it was missing disallowing modifying, deleting, etc.
Also don't error if there's no sysdb cache to delete after deleting
legacy user/domain.
Fixes: tickets #113,#114
|
|
If a user principle name (upn) can be found in sysdb the krb5
backend will use this otherwise is build as username@realm. It is
checked that the realm is upper case only.
|
|
Per ticket #118 shortened naimes of some functions and structs I added
into ELAPI during last big functional patch .
There is no plan to do a global shortening of all names
but miving forward I will try to make them shorter than I used to.
|
|
Started looking at the ticket #107 related to
traverse functions. Realized that the return values
are not consistent. That ovelapped with the work
that I wanted to do for ticket #103 - errno cleanup.
So I (across collection, INI and ELAPI):
* Made the return codes consistent (where found)
* Removed errno where it is not needed
While was testing used valgrind and found a nasty
problem when the value was added to collection with
overwriting duplicates the count was decreased improperly.
Fixing collection.c to not decrease count made
valgrind happy. While I was debugging this
I also spotted several build warnings in trace
statements when the " exp ? v1 : v2 " was used.
Fixed those.
In ini_config.c there was a trace stament that used
variable after it was freed. Removed trace stament.
|
|
The targets are the destinations which
caller wants to send the events to.
The sinks are now on the second level
under targets and constitute a so called
fail over chain for a target.
Such approach eliminates the need for complex
routing function.
The dispatcher keeps the list of targets in a collection.
The element in the collection is the target context.
Also gispatcher keeps the list of the sinks
in a separate collection.
Each target context has a list of the sinks
associated with this target. But those are just
pointers (at least for now) to the sinks
form the list kept by dispatcher.
I had to add some internal debug callbacks
to be able to see that all the internals of
the dispatcher are actually in order.
See the conttent of config file for more comments.
Also see information posted on SSSD wiki.
https://fedorahosted.org/sssd/wiki/WikiPage/ELAPIInterface
|
|
If there was no maxID set for a domain, the search filter to check
whether the UID was available would always return empty (because
no UIDs can be <= 0)
This patch changes the search filter if the maxID is unset so that
it has no upper limit
|
|
RHEL5 did not support Docbook 4.5, and we are not using
any 4.5 features.
|
|
This is needed for support of RHEL5
Adding the assignment of $(localedir) was necessary, as
gettext 0.14 does not include automatically assign it.
|
|
This was breaking the build on RHEL5
|
|
There are some old versions of automake that do not define
$(builddir) correctly. Since $(builddir) is "Rigorously equal to
‘.’', we'll set it at the top of the Makefile.am files.
|
|
Needed for builds on RHEL5
|
|
Also updates the manpage for sssd.conf to denote this
|
|
|
|
--with-tests was confusing. Since we now build our tests only with
'make check', it doesn't make sense for this to be a configure-
time option. We will detect during configure whether the 'check'
package is available and we will use them if so. Otherwise, we
will only build and execute any test suites that do not rely on
the 'check' framework.
We will print warning during 'configure' if CHECK is not installed
|
|
|
|
If the last configured domain is broken confdb_get_domains returns
the return value of confdb_get_domain even if there are valid domains
available.
|
|
These were unintentionally committed binary files. They were used
by the Samba project during cross-compilation, but they serve no
purpose for us.
|
|
|
|
Build broken in c0f3393d4ab923e2eedab0fad88a864e2aae9fc9
|
|
Remove redundant reconnection code that was interfeering with the sbus
reconnection code.
Consolidate include files for sbus relates operations.
Make pamsrv code similar to nsssrv code.
|
|
Patch adds checks for NULL to the trace macros.
It also eliminates the unused trace.h in the collection directory.
|
|
Many of the functions in responder_dp.c were originally NSS-
specific and were moved there from the NSS responder code. Since
they are now generic to any responder, rename them to sss_dp_*
|
|
Currently, if an additional request comes in for a cache entry
while that same entry is already in the process of being refreshed,
we start a duplicate cache update request. This patch adds allows
the cache to maintain a hash table of all in-progress requests and
queue up multiple callbacks for updates in progress. Once the data
is returned, all of these callbacks will fire.
|
|
This patch introduces provider=files as a valid provider.
Upon loading the backend, its properties in confdb are overwritten to
those that represent legacy local domain.
Also document this in sssd.conf(5) and example config
|
|
The tools did not take the special case where id_max = 0 (no limit)
into account.
Also disallow adding users when ID is specified outside any domain.
Resolves trac tickets #86 and #89
|