| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Search the local db to find the local DN using the original DN as search key.
This way we do not have to rely on weak and faulty heuristicts based on DN
names.
Add a few helper functions in the process and change the way we pass members to
sysdb_store_group_send(), instead of passing users and groups list, just add
member DNs to the other sysdb attrs.
|
|
|
|
|
|
In building the DN string we weren't correctly escaping the value of the RDN
component. This patches fixes that.
|
|
This slipped through in previous patches.
Fixes #283
|
|
Refactor user/group delete functions so that they can be used without a
transaction (they autostart an operation).
Add user and group search function where a subfilter can be specified.
|
|
When possible using a macro that correctly deals with tstate
|
|
modifications to existing users/groups were setting metadata, but creation was
not. Fixes #259
|
|
|
|
|
|
|
|
|
|
The providers are now responsible for determining how long a cached
entry is considered valid. The default is the same as before (600s)
|
|
Also fix some debug message levels
|
|
|
|
In sssd only local is a native mpg domain, and it is forced.
All other providers will have to unroll mpg users into a user/group pair of
entries in the db. This allows the provider to automatically establish if
the remote server provides mpg users w/o possibily conflicting manual
configurations on the client trying to force an mpg behavior where none
is provided.
|
|
This reverts commit 8c50bd085c0efe5fde354deee2c8118887aae29d.
Amended: commit 1016af2b1b97ad4290ccce8fa462cc7e3c191b2e also made
use of the SYSLOG_ERROR() macro, so those portions of that code
also needed to be reverted.
|
|
This is just a band-aid until ELAPI is fully functional and ready to
use.
|
|
The code was still dependent on it for the ldap driver.
Changed the driver code to depend on the schema type.
Fix defaults for user and groups trees.
ATM if you use the rfc2307bis schema you have to put users and groups
in 2 separate trees (what people does by default anyway.
If this limitation will turn to be too hard, we will change this later.
|
|
|
|
First pass to remove the legacy option and make it just a property of the
provider
|
|
|
|
If available the original DN and the user principle will be stored
in sysdb.
|
|
If there was no maxID set for a domain, the search filter to check
whether the UID was available would always return empty (because
no UIDs can be <= 0)
This patch changes the search filter if the maxID is unset so that
it has no upper limit
|
|
|
|
Also add tests
|
|
|
|
|
|
This uses and exapands the async helpers.
|
|
|
|
These functions use the tevent_req async model, where a pair
of _send/_recv functions pilot requests, with additional helpers
like _done functions, and where needed multiple stage helpers.
|
|
This is part of a set of patches to rewrite sysdb to a hopefully better
API, that will also let use use tevent_req async style calls to manipulate
our cache.
|
|
This sysdb_req has always really been a transaction handle and not
a request.
This is part of a set of patches to rewrite transaction support in sysdb to a
hopefully better API, that will also let use use tevent_req async style to
manipulate our cache.
|
|
If it's an MPG domain, set them equal. If it's a non-MPG domain, get the
next available GID and use that.
|
|
Convert auth modules to do the caching themselves
|
|
|
|
- added range check for supplied UIDs and GIDs
- initialize pc_gid to 0 to trigger gid generation
|
|
Change sysdb to always passwd sss_domain_info, not just the domain name.
This way domain specific options can always be honored at the db level.
|
|
|
|
In delete_callback we were freeing rep after having called return_done()
This caused a double free becuse rep is already freed as child of the request
when return_done calles the callback. To avoid future errors like this convert
return_error and return_done into functions and make them always be the last
call of the function and call them as part of the function return.
|
|
Gecos, homedir and shell are optional, fix the responder not to refuse to return
the user completely if they are missing, replace an empty homedir with "/".
Also fix fullname vs gecos, and always return gecos for NSS data.
On user creation set gecos to the same value as the user Full Name, to help
populate the gecos field with data that makes sense.
|
|
This allows to perform checks and modifications in one transaction.
Uses configuration stored in confdb to determins if a domain uses MPGs.
|
|
|
|
|
|
Also unify SYSDB_PW_NAME and SYSDB_GR_NAME in SYSDB_NAME and make it "name"
|
|
Calulates next id automatically if uid/gid are not specified.
Fixes to sysdb_get_next_available_id.
Add tests to create users and groups through the new functions.
|
|
Retrieve minID and maxID from domain configuration so that lower
and upper bounds can be set per domain.
Add function that keeps track of the next available id, increments
and returns it on requests, avoiding collisions with existing ids.
|
|
Provide also helper functions to build struct sysdb_attrs.
Also fix sysdb_get_user_attr() to have a consistent interface
as all other functions.
|
|
|
|
|
