summaryrefslogtreecommitdiff
path: root/server/providers/ldap/sdap.h
AgeCommit message (Collapse)AuthorFilesLines
2009-10-15Check for expired passwords in LDAP providerSumit Bose1-1/+27
2009-10-14Move ldap provider configuration into its own fileSimo Sorce1-4/+11
2009-10-14Make options parser available to all providersSimo Sorce1-47/+4
2009-10-13add a replacement if ldap_control_create is missingSumit Bose1-1/+1
2009-10-09Differentiate between search and network timeoutsSimo Sorce1-0/+1
Network timeouts are used in quick operations like bind. Search timeout is used for operations that can "legally" require more time. Change defaults to 6 and 60 seconds respectively.
2009-10-08add support for server side LDAP password policiesSumit Bose1-1/+2
- password policy request controls are send during bind and change password extended operation - the response control is evaluated to see if the password is expired or will expire, soon
2009-10-01Initial implementation of sasl bind supportSimo Sorce1-0/+6
Inits krb5 credentials, if sasl mech is GSSAPI. Tested with GSSAPI and host keytab as well as user credentials. Updates also manpages with the new options.
2009-09-25add new config options ldap_tls_cacert and ldap_tls_cacertdirSumit Bose1-0/+4
2009-09-14Turn ldap driver options into multitypeSimo Sorce1-53/+88
This patch makes basic options multiype, the init function assigns a type from the initialization array, and processes values fetched from confdb accordingly. 4 types are supported so far: string, number, blob and boolean Also convert defines into enums where appropriate. Add fetch functions that check the requested type.
2009-09-11Complete the removal of "legacy" option.Simo Sorce1-0/+3
The code was still dependent on it for the ldap driver. Changed the driver code to depend on the schema type. Fix defaults for user and groups trees. ATM if you use the rfc2307bis schema you have to put users and groups in 2 separate trees (what people does by default anyway. If this limitation will turn to be too hard, we will change this later.
2009-08-28fix internal order of ldap user mapping optionsSumit Bose1-4/+4
2009-08-27Make enumeration an independent taskSimo Sorce1-3/+7
Always immediately return to DP, and update users/groups in the background. Also implements an optimization to retrieve only changed/new users/groups by filtering using the modifyTimestamp after the first query.
2009-08-24some UPN handling fixesSumit Bose1-1/+3
- making the realm part upper case is now optional and done in the LDAP backend - using a username@realm UPN is now optional
2009-08-04Fix race condition in sdap codeSimo Sorce1-1/+9
Retrieving ldap results and storing users could sometimes results in race conditions where the final ldap result was retrieved before the store operations where finished resulting in the operations to be aborted before termination. Implement a serialization mechanism per operation.
2009-07-20Rework the engine that deals with openldap librariesSimo Sorce1-5/+23
The way openldap libraries work, require to have a single engine per connection as all replies are read at the same time. So we need to always read anything that comes in from the wire and then loop to dispatch results to the requests that are waiting.
2009-07-08Implement the ldap identity module.Simo Sorce1-0/+7
This uses and exapands the async helpers.
2009-07-08Add async helper functionsSimo Sorce1-0/+132
These functions use the tevent_req async model, where a pair of _send/_recv functions pilot requests, with additional helpers like _done functions, and where needed multiple stage helpers.