summaryrefslogtreecommitdiff
path: root/server/providers/ldap/ldap_common.c
AgeCommit message (Collapse)AuthorFilesLines
2010-02-05Document when LDAP referral chasing is availableSumit Bose1-0/+12
2010-02-02Add new option ldap_referralsSumit Bose1-1/+2
2009-12-10Consolidate code for splitting strings by separatorJakub Hrozek1-3/+2
There were two functions for parsing strings by a separator. This patch consolidates on the one previously used in confdb. This also allows stripping the tokens of whitespace. Fixes: #319
2009-12-07Try to renew Kerberos credentialsSumit Bose1-0/+139
When using GSSAPI we need a valid service ticket to talk to the LDAP server. If the ticket is expired the LDAP client returns with 'Can't contact LDAP server'. Currently we set the backend offline if this error occurs although the server is still available. This patch checks if the TGT is expired and tries to renew the credentials before going offline.
2009-11-25Get TGT in a child process.Jakub Hrozek1-0/+3
To avoid blocking in a synchronous call, the TGT is saved in a separate process Fixes: #277
2009-11-23Add ldap_pwd_policy optionSumit Bose1-1/+17
2009-11-20Add initial failover support for ldap and ipaSimo Sorce1-0/+108
The retun values are still not directly used with ldap libraries that still do their own name resolution, but this patch introduces a very basic framework to have a multiple providers in one domain use and share a single failover service if they want to.
2009-11-20Raise some timeoutsSimo Sorce1-2/+2
When using high debug levels or valgrind the code maybe slow enough that these timeouts were too strict.
2009-11-10Add cleanup taskSimo Sorce1-8/+12
2009-11-06Reorganize ldap id provider filesSimo Sorce1-0/+41
Split enum task in a separate file.
2009-11-03Rename sdap_id_map to sdap_attr_mapSimo Sorce1-6/+34
Also start adding some infrastructure to use the USN counter when available. In particular add a place to add generic attrs mapping, ie attributes that are neither user nor group specific.
2009-10-29Tidy up ipa optionsSimo Sorce1-2/+28
Do not replicate every and each option we may want to set in ipa. Just read out ldap and krb provider options (added reference in the manual too, and removed mention of ipa specific timeout values, use ldap options for that) Avoid calling auth module initialization twice, just pass the auth context to the chpass module too. Add a new ldap option SDAP_SEARCH_BASE, so that a single searching base can be used for both users and groups. the user and group search bases can still be set separately if necessary but they are now optional and set to be identical to SDAP_SEARCH_BASE if not explicitly specified in the configuration.
2009-10-27Move responsibility for entry expiration timeoutSimo Sorce1-1/+1
The providers are now responsible for determining how long a cached entry is considered valid. The default is the same as before (600s)
2009-10-27Add proper support for IPA/AD schemasSimo Sorce1-0/+10
Nested groups weren't properly handled. Add 2 pass strategy to update groups memberships Stuff work as expected when enumeration is enabled now.
2009-10-16Move all ldap provider init functionsSimo Sorce1-0/+6
Put all init functions in their own file so that the other files can be reused in other providers w/o having them in the way.
2009-10-15Check for expired passwords in LDAP providerSumit Bose1-2/+22
2009-10-14Move ldap provider configuration into its own fileSimo Sorce1-0/+176
generated by cgit (git 2.34.1) at 2024-07-01 10:47:43 +0000