sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2009-10-15	Check for expired passwords in LDAP provider	Sumit Bose	1	-1/+27

2009-10-14	Move ldap provider configuration into its own file	Simo Sorce	1	-4/+11

2009-10-14	Make options parser available to all providers	Simo Sorce	1	-47/+4

2009-10-13	add a replacement if ldap_control_create is missing	Sumit Bose	1	-1/+1

2009-10-09	Differentiate between search and network timeouts	Simo Sorce	1	-0/+1
	Network timeouts are used in quick operations like bind. Search timeout is used for operations that can "legally" require more time. Change defaults to 6 and 60 seconds respectively.
2009-10-08	add support for server side LDAP password policies	Sumit Bose	1	-1/+2
	- password policy request controls are send during bind and change password extended operation - the response control is evaluated to see if the password is expired or will expire, soon
2009-10-01	Initial implementation of sasl bind support	Simo Sorce	1	-0/+6
	Inits krb5 credentials, if sasl mech is GSSAPI. Tested with GSSAPI and host keytab as well as user credentials. Updates also manpages with the new options.
2009-09-25	add new config options ldap_tls_cacert and ldap_tls_cacertdir	Sumit Bose	1	-0/+4

2009-09-14	Turn ldap driver options into multitype	Simo Sorce	1	-53/+88
	This patch makes basic options multiype, the init function assigns a type from the initialization array, and processes values fetched from confdb accordingly. 4 types are supported so far: string, number, blob and boolean Also convert defines into enums where appropriate. Add fetch functions that check the requested type.
2009-09-11	Complete the removal of "legacy" option.	Simo Sorce	1	-0/+3
	The code was still dependent on it for the ldap driver. Changed the driver code to depend on the schema type. Fix defaults for user and groups trees. ATM if you use the rfc2307bis schema you have to put users and groups in 2 separate trees (what people does by default anyway. If this limitation will turn to be too hard, we will change this later.
2009-08-28	fix internal order of ldap user mapping options	Sumit Bose	1	-4/+4

2009-08-27	Make enumeration an independent task	Simo Sorce	1	-3/+7
	Always immediately return to DP, and update users/groups in the background. Also implements an optimization to retrieve only changed/new users/groups by filtering using the modifyTimestamp after the first query.
2009-08-24	some UPN handling fixes	Sumit Bose	1	-1/+3
	- making the realm part upper case is now optional and done in the LDAP backend - using a username@realm UPN is now optional
2009-08-04	Fix race condition in sdap code	Simo Sorce	1	-1/+9
	Retrieving ldap results and storing users could sometimes results in race conditions where the final ldap result was retrieved before the store operations where finished resulting in the operations to be aborted before termination. Implement a serialization mechanism per operation.
2009-07-20	Rework the engine that deals with openldap libraries	Simo Sorce	1	-5/+23
	The way openldap libraries work, require to have a single engine per connection as all replies are read at the same time. So we need to always read anything that comes in from the wire and then loop to dispatch results to the requests that are waiting.
2009-07-08	Implement the ldap identity module.	Simo Sorce	1	-0/+7
	This uses and exapands the async helpers.
2009-07-08	Add async helper functions	Simo Sorce	1	-0/+132
	These functions use the tevent_req async model, where a pair of _send/_recv functions pilot requests, with additional helpers like _done functions, and where needed multiple stage helpers.