| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Fixes: #296
|
|
Moves several functions out of providers/krb5 hierarchy into a separate
module so it can be shared by the ldap child.
|
|
|
|
Unfortunately since we changed the defines to an enum the preprocessor test
stopped working.
Turn tests into runtime tests that will abort the process.
|
|
Then name or IP adress of the KDC is written into the pubconf directory
into a file named kdcinfo.REALM. The locator plugin will then read this
file and pass the data to the kerberos libraries.
|
|
The retun values are still not directly used with ldap libraries that still do
their own name resolution, but this patch introduces a very basic framework to
have a multiple providers in one domain use and share a single failover
service if they want to.
|
|
|
|
To support IPA DS to Kerberos password migration a seperate
authentication target is added. It calls the Kerberos authentication
target and in the case of a 'Preauthentication Error' the LDAP
authentication target. On success the Kerberos target is called again to
request the TGT.
|
|
|
|
|
|
|
|
This patch add support for the host, source host and user category
'all'. All other category values are ignored so far. With the patch the
interpretation of an empty memberUser and empty sourceHost and
externalHost is changed to 'not applicable'.
|
|
|
|
|
|
When possible using a macro that correctly deals with tstate
|
|
|
|
|
|
|
|
Also start adding some infrastructure to use the USN counter when available.
In particular add a place to add generic attrs mapping, ie attributes that are
neither user nor group specific.
|
|
|
|
Do not replicate every and each option we may want to set in ipa.
Just read out ldap and krb provider options (added reference in the manual too,
and removed mention of ipa specific timeout values, use ldap options for that)
Avoid calling auth module initialization twice, just pass the auth context to
the chpass module too.
Add a new ldap option SDAP_SEARCH_BASE, so that a single searching base can be
used for both users and groups. the user and group search bases can still be set
separately if necessary but they are now optional and set to be identical to
SDAP_SEARCH_BASE if not explicitly specified in the configuration.
|
|
The providers are now responsible for determining how long a cached
entry is considered valid. The default is the same as before (600s)
|
|
We were not copying IPA named options to the ldap id options list.
So the ldap_id provider was always using just the default settings.
|
|
|
|
|
|
First step generate ldap options from ipa options.
Add sssd-ipa man page too.
|
|
|
