summaryrefslogtreecommitdiff
path: root/server/providers/ldap/ldap_id.c
AgeCommit message (Collapse)AuthorFilesLines
2009-12-07Try to renew Kerberos credentialsSumit Bose1-0/+15
When using GSSAPI we need a valid service ticket to talk to the LDAP server. If the ticket is expired the LDAP client returns with 'Can't contact LDAP server'. Currently we set the backend offline if this error occurs although the server is still available. This patch checks if the TGT is expired and tries to renew the credentials before going offline.
2009-11-23Make backend request type a bitfieldStephen Gallagher1-1/+1
2009-11-20Add initial failover support for ldap and ipaSimo Sorce1-3/+9
The retun values are still not directly used with ldap libraries that still do their own name resolution, but this patch introduces a very basic framework to have a multiple providers in one domain use and share a single failover service if they want to.
2009-11-12Try to fix offline loginsSimo Sorce1-12/+6
2009-11-10Add cleanup taskSimo Sorce1-115/+280
2009-11-09Fix tevent_req error checking.Simo Sorce1-3/+3
When possible using a macro that correctly deals with tstate
2009-11-06Reorganize ldap id provider filesSimo Sorce1-547/+6
Split enum task in a separate file.
2009-11-06Make useful function more broadly available.Simo Sorce1-30/+0
2009-11-03Rename sdap_id_map to sdap_attr_mapSimo Sorce1-1/+1
Also start adding some infrastructure to use the USN counter when available. In particular add a place to add generic attrs mapping, ie attributes that are neither user nor group specific.
2009-10-29Add support to get rootDSE from the LDAP server.Simo Sorce1-10/+30
Also fic sdap_get_generic_send() to be a bit more "generic" :-) Also figs bugs within it. This patch allow us 2 good things. A) we check that the server effectively supports GSSAPI auth before we try to use it. B) against IPA it substantially cuts delays when the server is offline because it uses a 5 second async timeout on the connection and doesn't try to do a slow synchronous kinit+sasl_bind if the server is not even available.
2009-10-28Kill the ldap connection when we go offlineSimo Sorce1-5/+16
This patch uses a wrapper to kill the ldap connection when we are marked offline. This also makes sure we do not try to reuse a bad connection handler after a fatal error.
2009-10-27Add proper support for IPA/AD schemasSimo Sorce1-1/+2
Nested groups weren't properly handled. Add 2 pass strategy to update groups memberships Stuff work as expected when enumeration is enabled now.
2009-10-22Better offline/enumeration behaviorSimo Sorce1-10/+12
Go offline in case of hard errors too. It makes no sense to keep trying too often when you have bad credentials for example. Also delay starting the enumeration thread so that we finish initializations first (bind to ldap is still a blocking operation and this may interfere with clients/monitor registrations).
2009-10-16Move all ldap provider init functionsSimo Sorce1-76/+15
Put all init functions in their own file so that the other files can be reused in other providers w/o having them in the way.
2009-10-15Return the dp error from the providersSimo Sorce1-12/+22
2009-10-14Move ldap provider configuration into its own fileSimo Sorce1-1/+2
2009-10-14Make options parser available to all providersSimo Sorce1-3/+3
2009-10-14make sdap_id_connect_* independent of sdap_id_ctxSumit Bose1-180/+10
The sdap_id_connect_* request tries to bind to an LDAP server with the default credentials. Only the opts component of the sdap_id_ctx context is used. A new request sdap_cli_connect_* is created which expects only the opts pointer as parameter and not the whole context. This makes it reusable by other providers.
2009-10-01Initial implementation of sasl bind supportSimo Sorce1-52/+80
Inits krb5 credentials, if sasl mech is GSSAPI. Tested with GSSAPI and host keytab as well as user credentials. Updates also manpages with the new options.
2009-09-25add new config options ldap_tls_cacert and ldap_tls_cacertdirSumit Bose1-33/+5
2009-09-23Fix copy&paste of wrong structureSimo Sorce1-2/+2
2009-09-23Revert "Use syslog for logging error conditions in SSSD"Stephen Gallagher1-2/+2
This reverts commit 8c50bd085c0efe5fde354deee2c8118887aae29d. Amended: commit 1016af2b1b97ad4290ccce8fa462cc7e3c191b2e also made use of the SYSLOG_ERROR() macro, so those portions of that code also needed to be reverted.
2009-09-21Use syslog for logging error conditions in SSSDJakub Hrozek1-2/+2
This is just a band-aid until ELAPI is fully functional and ready to use.
2009-09-14Turn ldap driver options into multitypeSimo Sorce1-30/+50
This patch makes basic options multiype, the init function assigns a type from the initialization array, and processes values fetched from confdb accordingly. 4 types are supported so far: string, number, blob and boolean Also convert defines into enums where appropriate. Add fetch functions that check the requested type.
2009-09-14Make the offline status backend-globalSimo Sorce1-48/+7
Add helpers functions to query/set the offline status per backend. Now all providers share the same offline status.
2009-09-11Fix ldap enumeration async taskSimo Sorce1-12/+16
The request was being freed, instead of marking it done and let the callback free it when done. This was causing us to access freed memory, when trying to set the next run. Let the callback add new runs and free the request instead as normally we would do with any other tevent_req async call. Courtesy of valgrind again.
2009-09-10Fix Ldap id backend offline codeSimo Sorce1-6/+64
After the recent changes we lost the capability to actually go offline. Put back code that would mark the backend as offline when timeouts happen. Make sure the enumeration code also obbeys the offline timeout, and contributes in determining if we are offline or not.
2009-09-02Honor enumerate option in ldap_idSimo Sorce1-6/+9
If enumerations are disabled for this domain, then do not start the enumeration task.
2009-08-27Make enumeration an independent taskSimo Sorce1-42/+533
Always immediately return to DP, and update users/groups in the background. Also implements an optimization to retrieve only changed/new users/groups by filtering using the modifyTimestamp after the first query.
2009-08-27Use the correct structure.Simo Sorce1-2/+2
2009-08-19enable usage of defaultBindDnSumit Bose1-8/+27
2009-07-20Rework the engine that deals with openldap librariesSimo Sorce1-14/+13
The way openldap libraries work, require to have a single engine per connection as all replies are read at the same time. So we need to always read anything that comes in from the wire and then loop to dispatch results to the requests that are waiting.
2009-07-20add infrastructure to handle new backend targetsSumit Bose1-5/+5
2009-07-08Implement the ldap identity module.Simo Sorce1-646/+679
This uses and exapands the async helpers.
2009-05-18Split ldap backend into auth and identity filesSimo Sorce1-0/+786