Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
The macro STATUS_DIFF() was wrong causing the result to always be lower
than 0, therefore the timeout was never reached.
Fixes: #302
|
|
These were very useful for debugging and hopefully still will be in the
future.
|
|
Previously, we were accidentally filtering out domains that were
not configured, so deleted domains might still appear in the
active domain list.
This patch should ensure that this never happens.
|
|
|
|
|
|
|
|
* Rename structure accordingly to ares upstream
* Use new ares parsing functions in the wrappers
* fix tests for ares 1.7
|
|
deactivate_domain() would crash if it attempted to deactivate an
already-inactive domain
|
|
Fixes: #294
|
|
Fixes: #233
|
|
Adds two new public functions:
SSSDConfig.activate_domain()
SSSDConfig.deactivate_domain()
These two functions are used during the save_domain() call to
ensure that the active domain list is always kept up to date.
|
|
The set function didn't do anything at all. It needed to use the
ipachangeconf.merge() function to behave properly instead of
mergeNew()
|
|
Now it will report only failures or final success
|
|
This function will change the name of an existing domain
|
|
Also pass a flag to the delete callback to tell it if this is a normal
entry removal or we are cleaning up the tbale definitively.
|
|
|
|
|
|
We will remove all options for a provider that are not also
required by another configured provider. (For example, we will not
remove krb5_realm when deleting the krb5 auth provider if the LDAP
provider is in use, since it may still require this argument).
|
|
There was no valid reason to require the backend type when
specifying a provider to remove.
|
|
If we fell into the default case of the switch statement, we would
attempt to talloc_free() a random memory location. This patch
guarantees that sdp_req is NULL if it has not been initialized.
|
|
|
|
If grouplist was a zero-length array, we would return ret
unitialized.
|
|
|
|
|
|
Application like krb5-auth-dialog might get confused if there is a
credential cache file without any credentials in it. This patch adds an
expired credential where only the client and the server principal are
set. The client principal is the user's principal and the server
principal corresponds to a TGT principal of the realm the user belongs
to.
|
|
|
|
Fixes: #301
|
|
|
|
|
|
|
|
|
|
When using GSSAPI we need a valid service ticket to talk to the LDAP
server. If the ticket is expired the LDAP client returns with 'Can't
contact LDAP server'. Currently we set the backend offline if this error
occurs although the server is still available. This patch checks if the
TGT is expired and tries to renew the credentials before going offline.
|
|
Detect if the OS is Fedora, RHEL or SUSE and install the SUSE
start-script on SUSE systems.
|
|
Search the local db to find the local DN using the original DN as search key.
This way we do not have to rely on weak and faulty heuristicts based on DN
names.
Add a few helper functions in the process and change the way we pass members to
sysdb_store_group_send(), instead of passing users and groups list, just add
member DNs to the other sysdb attrs.
|
|
|
|
|
|
|
|
|
|
Level 3 was far too low for mostly-useless messages
|
|
|
|
Groups also need to honor the settable password field and use * by default.
|
|
This allows for correctly reporting nested group members, while at the same
time not paying a too high price for caluclating nested groups at runtime e
very time a search is made.
|
|
This patch adds a new generated attribute to every group that has
direct or indirect members.
This attribute is called memberuid and contains the name of the users
that are directo or indirect members of this group.
This is done to greatly speed up group enumerations when NSS reads groups
off the cache.
|
|
A loop was badly built and was skipping entries.
This left some memberof attributes in place that should have been removed.
|
|
|
|
Fixes: #241
|
|
Fixes: #296
|
|
Mainly typo fixes and grammar updates.
Application of RH doc styles where appropriate.
|