| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
We will remove all options for a provider that are not also
required by another configured provider. (For example, we will not
remove krb5_realm when deleting the krb5 auth provider if the LDAP
provider is in use, since it may still require this argument).
|
|
There was no valid reason to require the backend type when
specifying a provider to remove.
|
|
|
|
Fixes: #301
|
|
|
|
|
|
Incorporates changes we made to v2 after 0.6, or that were missed by the
original upgrade script:
* removes magic_private_groups option
* removes libPath option
* changes provider=files to provider=proxy proxy_lib_name=files
* changes store-legacy-passwords to store_legacy_passwords
|
|
* splitlist is a function
* shared SSSDConfigObject to reduce code duplication
* added missing exception class
* fixed some typos
* remove extra 'pass' in unittests
* use assertRaises in unittests
|
|
With this patch, SSSDConfigAPI is able to keep comments and ordering of
sections.
Fixes: #226
|
|
With this patch, the upgrade script we use for changing the config files
is able to keep ordering and comments.
Fixes: #249
|
|
Provides a convenient wrapper around ipachangeconf that is closer
API-wise to ConfigParser
|
|
|
|
Per the discussion on sssd-devel list, nss_sss should not return a
hardcoded value but this should rather be configurable to allow whatever
the OS or distribution thinks is the best for the particular case.
Fixes: #266
|
|
|
|
|
|
Also start adding some infrastructure to use the USN counter when available.
In particular add a place to add generic attrs mapping, ie attributes that are
neither user nor group specific.
|
|
|
|
Addresses https://fedorahosted.org/sssd/ticket/242 related to
authconfig integration
|
|
|
|
The config_file_version should never be changed by the API, so we
will hide the option inside the SSSDConfig API and remove it from
the schema.
Guarantee that the config file is of the correct version
|
|
Do not replicate every and each option we may want to set in ipa.
Just read out ldap and krb provider options (added reference in the manual too,
and removed mention of ipa specific timeout values, use ldap options for that)
Avoid calling auth module initialization twice, just pass the auth context to
the chpass module too.
Add a new ldap option SDAP_SEARCH_BASE, so that a single searching base can be
used for both users and groups. the user and group search bases can still be set
separately if necessary but they are now optional and set to be identical to
SDAP_SEARCH_BASE if not explicitly specified in the configuration.
|
|
Changeset 3a21103f61bf9b60256cc2d0da54b757b634319f moved the wrong
option to the domain list, and also didn't update the unit tests.
|
|
The providers are now responsible for determining how long a cached
entry is considered valid. The default is the same as before (600s)
|
|
|
|
This adds a new option (offline_credentials_expiration) to the
[PAM] section of the sssd.conf
If the user does not perform an online authentication within the
timeout (in days), they will be denied auth once the timeout
passes.
|
|
|
|
|
|
|
|
Also adds unit tests for the SSSDConfig API
|
