Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Remove this provider type, as well as any references in the docs and
examples to the "LEGACYLOCAL" migration domain.
Fixes: #165
|
|
Remove the "legacy" option from examples and man pages.
Legacy is is finally R.I.P
Add docs for ldapSchema in sssd-ldap man page.
|
|
Remove magicPrivateGroups since it's set automatically, use bool values
for enumerate.
Also add a notice about krb5 auth-module with a link to specialized
manpage to sssd.conf(5) similar to what we have for ldap auth-module.
Move both outside proxy domain description.
|
|
This timeout specifies the lifetime of a cache entry before it is
updated out-of-band. When this timeout is hit, the request will
still complete from cache, but the SSSD will also go and update
the cached entry in the background to extend the life of the
cache entry and reduce the wait time of a future request.
|
|
Added man pages sections about user and group attribute mapping.
Added an example configuration to access an AD server.
|
|
This patch introduces provider=files as a valid provider.
Upon loading the backend, its properties in confdb are overwritten to
those that represent legacy local domain.
Also document this in sssd.conf(5) and example config
|
|
The libPath should be constructed from the libName. There is no
benefit to specifying it separately.
|
|
The local provider needs no backend, so we'll create a special
provider entry for it called "local" that will not attempt to
retrieve provider configuration but will remain in the service
list so it can be updated when the config file changes.
|
|
Previously, every DP client was allowed to set its own "retries"
option. This option was ambiguous, and useless. All DP clients
will now use a global option set in the services config called
"reconnection_retries"
|
|
Also remove the [services/infopipe] section, since we're not
shipping InfoPipe yet, and that would be confusing.
|
|
|
|
Implement credentials caching in pam responder.
Currently works only for the proxy backend.
Also cleanup pam responder code and mode common code in data provider.
(the data provider should never include responder private headers)
|
|
The SSSD now links with the ini_config and collection libraries
in the common directory.
The monitor will track changes to the /etc/sssd/sssd.conf file
using inotify on platforms that support it, or polled every 5
seconds on platforms that do not.
At startup or modification of the conf file, the monitor will
purge the existing confdb and reread it completely from the conf
file, to ensure that there are no lingering entries. It does this
in a transaction, so there should be no race condition with the
client services.
A new option has been added to the startup options for the SSSD.
It is now possible to specify an alternate config file with the
-c <file> at the command line.
|
|
To be able to correctly filter out duplicate names when multiple non-fully
qualified domains are in use we need to be able to specify the domains order.
This is now accomplished by the configuration paramets 'domains' in the
config/domains entry. 'domains' is a comma separated list of domain names.
This paramter allows also to have disbaled domains in the configuration without
requiring to completely delete them.
The domains list is now kept in a linked list of sss_domain_info objects.
The first domain is also the "default" domain.
|
|
The same module may implement both types, but initializatrion will be
nonetheless performed separately, once for the identity module and once for the
authenticator module.
Also change the proxy module to retireve the pam target name from the domain
configuration so that it is possibile to create per-domain pam stacks.
With this modification it is actually possibile to use normal nss and pam
modules to perform a successful authentication (tested only with sudo so far)
Update exmples.
|
|
set default value of enumerate in LOCAL domain to 1
added checks to talloc_asprintf return values
fixed InfoPipe defaults
|
|
Also updating the .gitignore file to not ignore config.ldif
Signed-off-by: Simo Sorce <ssorce@redhat.com>
|
|
Signed-off-by: Simo Sorce <ssorce@redhat.com>
|
|
|
|
throw away databases
Check version and init main db if empty
|
|
|
|
Enable memberof by default in the default db example
|
|
rename everything with the sysdb suffix.
|
|
It makes no sense to have internal attribute names user configurable,
remove that option and use macros internally.
Also now always pass the domain name to all nss_ldb_* calls.
|
|
libnss library through config directives on the domain object
|
|
It is a bit inconsistent with the existing EXAMPLE, will fix later
|
|
using the same binary to fork off all services.
|
|
|
|
|
|
Changed the "section" feature of confdb.c to use '/'
as a delimiter instead of '.', because this conflicted
with the ability to use dots in domain names.
|
|
|
|
Monitor each service and restart it conditionally if it fails.
These monitoring is extremely simple at this moment and just uses
waitpid() to check if the client is alive, there is no active
probing, that will require dbus.
Make nsssrv.c read the sss pipe config option for the config db.
|
|
|