| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The DP was sending the reply in a format the responder did not expect,
so the responder always failed to parse the message.
|
|
https://fedorahosted.org/sssd/ticket/1345
When the monitor is unable to load configuration and non debug
level is set (e.g. when sssd is started via 'service'), none
message was saved into logs. This patch forces debug messages
to be written in this scenario.
|
|
In the failover, we treat both KDC and LDAP on the IPA server as a single
"port", numbered 0. This was done in order to make sure that the SSSD
always talks to the same server for both LDAP and Kerberos.
However, this clever hack breaks when the IPA provider needs to establish an
GSSAPI encrypted LDAP connection because we're asking the fail over code to
yield a server while no server has yet been marked as tried. This triggers a
fail over for the KDC, so in effect, the TGT is received from second server.
If the second server is not available for some reason, the whole provider
goes offline.
The fail over needs to detect that the server asked for is still being
resolved and return the same pointer.
|
|
|
|
https://fedorahosted.org/sssd/ticket/1457
|
|
|
|
https://fedorahosted.org/sssd/ticket/1456
|
|
https://fedorahosted.org/sssd/ticket/1393
|
|
|
|
https://fedorahosted.org/sssd/ticket/1453
|
|
Also adds a regression test to the unit test suite.
https://fedorahosted.org/sssd/ticket/1388
|
|
The version number was set incorrectly to the value that should have
been set when we release the 1.9.0 final version.
|
|
|
|
|
|
This bug was producing harmless, but annoying error messages.
|
|
https://fedorahosted.org/sssd/ticket/1426
|
|
|
|
|
|
When new subdomains are discovered, the SSSD creates a file that
includes the domain-realm mappings. This file can in turn be included in
the krb5.conf using the includedir directive, such as:
includedir /var/lib/sss/pubconf/realm_mappings
|
|
|
|
|
|
|
|
This patch keeps a local copy of the subdomains in the ipa subdomains plugin
context.
This has 2 advantages:
1. allows to check if anything changed w/o always hitting the sysdb.
2. later will allows us to dump this information w/o having to retrieve it
again. The timestamp also allows to avoid refreshing too often.
|
|
Instead of exporting internal structures, expose an initilizer function
like the autofs code and initialize everything inside the
ipa_subdomains.c file.
|
|
This will be used later for setting domain_realm mappings in krb5.conf
|
|
I am all for readable names, but there is a tradeof between expressing purpose
and compactness.
|
|
Something like this:
sysdb = (be_req->sysdb)?be_req->sysdb:be_req->be_ctx->sysdb;
really is not readable, and we always discourage using obfuscated C, please
refrain in future.
|
|
|
|
The debuf message was trying to print the number of returned entries, but no
integer was provided.
Return ENOENT as the error for when there are no entries, not EINVAL.
|
|
|
|
|
|
|
|
|
|
Declaring a bunch of structures as const and then wrapping all uses in
discard_const_p() is a bit silly. Remove all these useless decorations.
|
|
Rename the structure to use a standard name prefix so it is properly
name-spaced, in preparation for changing the structure itself.
|
|
|
|
|
|
The SSSD subpackages were not calling ldconfig even though they contain
shared libraries.
|
|
|
|
This patch adds support for new config option ad_backup_server. The
description of this option's functionality is included in man page in
one of previous patches.
|
|
This patch adds support for new config option ipa_backup_server. The
description of this option's functionality is included in man page in
one of previous patches.
|
|
This patch adds support for new config options krb5_backup_server and
krb5_backup_kpasswd. The description of this option's functionality
is included in man page in one of previous patches.
|
|
This patch adds support for new config option ldap_backup_uri. The
description of this option's functionality is included in man page in
previous patch.
|
|
|
|
This patch adds support for the primary server functionality into AD
provider. No backup servers are added at the moment, just the basic
support is in place.
|
|
This patch adds support for the primary server functionality into LDAP
provider. No backup servers are added at the moment, just the basic
support is in place.
|
|
This patch adds support for the primary server functionality
into krb5 provider. No backup servers are added at the moment,
just the basic support is in place.
|
|
This patch adds support for the primary server functionality into IPA
provider. No backup servers are added at the moment, just the basic
support is in place.
|
|
This patch adds support for marking existing connections as being
disconnected. Each such connection can't be used for new queries and a
new one has to be created instead if necessary. This will ensure that
pending operations will end gracefully during reconnection. Also all new
queries to the server we are reconnecting to will use another (probably
newly created) connection.
|
|
Now there are two list of servers for each service. If currently
selected server is only backup, then an event will be scheduled which
tries to get connection to one of primary servers and if it succeeds,
it starts using this server instead of the one which is currently
connected to.
|
