summaryrefslogtreecommitdiff
path: root/server
AgeCommit message (Collapse)AuthorFilesLines
2009-12-09Add missing options to sssd-ipa configuraionStephen Gallagher1-0/+72
2009-12-09Properly deny id_provider=filesStephen Gallagher2-6/+7
2009-12-09Correctly restart server status after the timeoutMartin Nagy1-1/+1
The macro STATUS_DIFF() was wrong causing the result to always be lower than 0, therefore the timeout was never reached. Fixes: #302
2009-12-09Add some debugging statements to fail_over and resolverMartin Nagy2-5/+69
These were very useful for debugging and hopefully still will be in the future.
2009-12-09Ensure that list_active_domains returns the real valueStephen Gallagher1-4/+16
Previously, we were accidentally filtering out domains that were not configured, so deleted domains might still appear in the active domain list. This patch should ensure that this never happens.
2009-12-09SSSDConfig.get_domain() should properly detect active stateStephen Gallagher2-0/+30
2009-12-09Don't build the SRV and TXT parsing code except for testsJakub Hrozek2-8/+18
2009-12-09Import ares 1.7.0 helpersJakub Hrozek10-116/+374
2009-12-09Change ares usage to be c-ares 1.7.0 compatibleJakub Hrozek3-87/+102
* Rename structure accordingly to ares upstream * Use new ares parsing functions in the wrappers * fix tests for ares 1.7
2009-12-09SSSDConfig API: fix deactivate_domain()Stephen Gallagher2-2/+73
deactivate_domain() would crash if it attempted to deactivate an already-inactive domain
2009-12-09Reduce code duplication between LDAP child and Kerberos childJakub Hrozek4-234/+160
Fixes: #294
2009-12-08Do not start with provider=filesJakub Hrozek1-0/+6
Fixes: #233
2009-12-08Fix SSSDConfig API bugs around [de-]activation of domainsStephen Gallagher2-7/+152
Adds two new public functions: SSSDConfig.activate_domain() SSSDConfig.deactivate_domain() These two functions are used during the save_domain() call to ensure that the active domain list is always kept up to date.
2009-12-08Fix broken SSSDChangeConf.set() functionStephen Gallagher1-1/+1
The set function didn't do anything at all. It needed to use the ipachangeconf.merge() function to behave properly instead of mergeNew()
2009-12-08Reduce the verbosity of the SSSDConfigTestStephen Gallagher1-4/+4
Now it will report only failures or final success
2009-12-08Add SSSDDomain.set_name() function to SSSDConfig APIStephen Gallagher2-3/+77
This function will change the name of an existing domain
2009-12-08dhash: Add private pointer for delete callbackSimo Sorce2-2/+3
Also pass a flag to the delete callback to tell it if this is a normal entry removal or we are cleaning up the tbale definitively.
2009-12-08Add Spanish translationbeckerde1-166/+191
2009-12-08Add Portuguese translationruigo2-0/+654
2009-12-08Make SSSDDomain.remove_provider() remove configured optionsStephen Gallagher2-6/+54
We will remove all options for a provider that are not also required by another configured provider. (For example, we will not remove krb5_realm when deleting the krb5 auth provider if the LDAP provider is in use, since it may still require this argument).
2009-12-08SSSDDomain.remove_provider() requires only the provider typeStephen Gallagher2-12/+18
There was no valid reason to require the backend type when specifying a provider to remove.
2009-12-08Fix potential uninitialized value error in responder_dp.cStephen Gallagher1-1/+1
If we fell into the default case of the switch statement, we would attempt to talloc_free() a random memory location. This patch guarantees that sdp_req is NULL if it has not been initialized.
2009-12-08Fix potential uninitialized value errors in nsssrv_cmd.cStephen Gallagher1-1/+2
2009-12-08Avoid returning uninitialized result.Stephen Gallagher1-0/+1
If grouplist was a zero-length array, we would return ret unitialized.
2009-12-08Add allocation error checkStephen Gallagher1-7/+10
2009-12-08Change dhash API to be talloc-friendlySimo Sorce1-16/+4
2009-12-08Add dummy credentials to an empty ccache fileSumit Bose1-2/+54
Application like krb5-auth-dialog might get confused if there is a credential cache file without any credentials in it. This patch adds an expired credential where only the client and the server principal are set. The client principal is the user's principal and the server principal corresponds to a TGT principal of the realm the user belongs to.
2009-12-08Fail on nonexistent input fileJakub Hrozek2-3/+12
2009-12-08Handle spaces in config parserJakub Hrozek3-2/+43
Fixes: #301
2009-12-07Fix bug #311, properly set callback attributeSimo Sorce1-0/+1
2009-12-07Allow nesting to fix #310Simo Sorce3-0/+5
2009-12-07Add offline support for ipa_accessSumit Bose2-17/+134
2009-12-07Add checks to test the memberuid handlingSumit Bose1-13/+495
2009-12-07Try to renew Kerberos credentialsSumit Bose5-2/+189
When using GSSAPI we need a valid service ticket to talk to the LDAP server. If the ticket is expired the LDAP client returns with 'Can't contact LDAP server'. Currently we set the backend offline if this error occurs although the server is still available. This patch checks if the TGT is expired and tries to renew the credentials before going offline.
2009-12-07Add basic OS detectionSumit Bose4-2/+40
Detect if the OS is Fedora, RHEL or SUSE and install the SUSE start-script on SUSE systems.
2009-12-07Fix nested group membershipsSimo Sorce6-221/+299
Search the local db to find the local DN using the original DN as search key. This way we do not have to rely on weak and faulty heuristicts based on DN names. Add a few helper functions in the process and change the way we pass members to sysdb_store_group_send(), instead of passing users and groups list, just add member DNs to the other sysdb attrs.
2009-12-07Make strdn build functions more availableSimo Sorce3-42/+58
2009-12-07Resolve nested groups also when rfc2307bis is usedSimo Sorce1-68/+2
2009-12-07Do not treat missing proc files as errors.Sumit Bose1-0/+10
2009-12-07Add sysdb_search_custom requestSumit Bose3-74/+206
2009-12-03Raise debug log level for LDB_DEBUG_WARNINGStephen Gallagher1-1/+1
Level 3 was far too low for mostly-useless messages
2009-12-03Make debug log timestamps human-readableStephen Gallagher2-4/+13
2009-12-03Use the custom password field in groups too.Simo Sorce1-3/+5
Groups also need to honor the settable password field and use * by default.
2009-12-03Use memberuid and not member in group enumerationsSimo Sorce2-54/+9
This allows for correctly reporting nested group members, while at the same time not paying a too high price for caluclating nested groups at runtime e very time a search is made.
2009-12-03Compute and save memberuid in cache as wellSimo Sorce1-108/+690
This patch adds a new generated attribute to every group that has direct or indirect members. This attribute is called memberuid and contains the name of the users that are directo or indirect members of this group. This is done to greatly speed up group enumerations when NSS reads groups off the cache.
2009-12-03Fix memberof pluginSimo Sorce1-12/+15
A loop was badly built and was skipping entries. This left some memberof attributes in place that should have been removed.
2009-12-03Check LDAP structure before calling ldap_unbind_ext()Sumit Bose1-1/+3
2009-12-03Check the services started against a list of known servicesJakub Hrozek1-0/+29
Fixes: #241
2009-12-03Setup ldap child logging from IPA backendJakub Hrozek4-45/+54
Fixes: #296
2009-12-03Copy-edit sssd-ipa man pageDavid O'Brien1-18/+17
Mainly typo fixes and grammar updates. Application of RH doc styles where appropriate.