summaryrefslogtreecommitdiff
path: root/server/providers/ipa/ipa_common.c
AgeCommit message (Collapse)AuthorFilesLines
2009-11-25In IPA, the realm is always the domain uppercased.Simo Sorce1-2/+7
2009-11-25Fix internal options numbers testSimo Sorce1-12/+24
Unfortunately since we changed the defines to an enum the preprocessor test stopped working. Turn tests into runtime tests that will abort the process.
2009-11-23Read KDC info from file instead from environmentSumit Bose1-9/+21
Then name or IP adress of the KDC is written into the pubconf directory into a file named kdcinfo.REALM. The locator plugin will then read this file and pass the data to the kerberos libraries.
2009-11-20Add initial failover support for ldap and ipaSimo Sorce1-34/+131
The retun values are still not directly used with ldap libraries that still do their own name resolution, but this patch introduces a very basic framework to have a multiple providers in one domain use and share a single failover service if they want to.
2009-11-20Validate Kerberos credentials with local keytabSumit Bose1-0/+2
2009-11-13Fix option name krb5_changepw_principalSumit Bose1-1/+1
2009-11-12Fix inconsistent use of krb5_ccname_templateSumit Bose1-1/+1
2009-11-10Add cleanup taskSimo Sorce1-1/+2
2009-11-03Rename sdap_id_map to sdap_attr_mapSimo Sorce1-2/+15
Also start adding some infrastructure to use the USN counter when available. In particular add a place to add generic attrs mapping, ie attributes that are neither user nor group specific.
2009-11-02set ipa_hostname if not given in config fileSumit Bose1-0/+20
2009-10-29Tidy up ipa optionsSimo Sorce1-129/+141
Do not replicate every and each option we may want to set in ipa. Just read out ldap and krb provider options (added reference in the manual too, and removed mention of ipa specific timeout values, use ldap options for that) Avoid calling auth module initialization twice, just pass the auth context to the chpass module too. Add a new ldap option SDAP_SEARCH_BASE, so that a single searching base can be used for both users and groups. the user and group search bases can still be set separately if necessary but they are now optional and set to be identical to SDAP_SEARCH_BASE if not explicitly specified in the configuration.
2009-10-27Move responsibility for entry expiration timeoutSimo Sorce1-4/+4
The providers are now responsible for determining how long a cached entry is considered valid. The default is the same as before (600s)
2009-10-26Copy option overrides.Simo Sorce1-0/+26
We were not copying IPA named options to the ldap id options list. So the ldap_id provider was always using just the default settings.
2009-10-22Fix setting the schema in the ipa providerSimo Sorce1-0/+3
2009-10-22update ipa auth options to new option schemeSumit Bose1-0/+79
2009-10-20Start implementing ipa specific options.Simo Sorce1-0/+319
First step generate ldap options from ipa options. Add sssd-ipa man page too.