Age | Commit message (Collapse) | Author | Files | Lines |
|
- making the realm part upper case is now optional and done in the
LDAP backend
- using a username@realm UPN is now optional
|
|
|
|
Added man pages sections about user and group attribute mapping.
Added an example configuration to access an AD server.
|
|
If available the original DN and the user principle will be stored
in sysdb.
|
|
- with the boolean option filterUsersInGroups it can be controlled
wether filtered users appear in groups or not.
- fixed an error which prevented the display of groups with filtered
members
- removed some tab indents
|
|
|
|
One of the previous patches disallowed adding users and groups outside
known domains but it was missing disallowing modifying, deleting, etc.
Also don't error if there's no sysdb cache to delete after deleting
legacy user/domain.
Fixes: tickets #113,#114
|
|
If a user principle name (upn) can be found in sysdb the krb5
backend will use this otherwise is build as username@realm. It is
checked that the realm is upper case only.
|
|
If there was no maxID set for a domain, the search filter to check
whether the UID was available would always return empty (because
no UIDs can be <= 0)
This patch changes the search filter if the maxID is unset so that
it has no upper limit
|
|
RHEL5 did not support Docbook 4.5, and we are not using
any 4.5 features.
|
|
This is needed for support of RHEL5
Adding the assignment of $(localedir) was necessary, as
gettext 0.14 does not include automatically assign it.
|
|
This was breaking the build on RHEL5
|
|
There are some old versions of automake that do not define
$(builddir) correctly. Since $(builddir) is "Rigorously equal to
‘.’', we'll set it at the top of the Makefile.am files.
|
|
Also updates the manpage for sssd.conf to denote this
|
|
|
|
--with-tests was confusing. Since we now build our tests only with
'make check', it doesn't make sense for this to be a configure-
time option. We will detect during configure whether the 'check'
package is available and we will use them if so. Otherwise, we
will only build and execute any test suites that do not rely on
the 'check' framework.
We will print warning during 'configure' if CHECK is not installed
|
|
|
|
If the last configured domain is broken confdb_get_domains returns
the return value of confdb_get_domain even if there are valid domains
available.
|
|
|
|
Build broken in c0f3393d4ab923e2eedab0fad88a864e2aae9fc9
|
|
Remove redundant reconnection code that was interfeering with the sbus
reconnection code.
Consolidate include files for sbus relates operations.
Make pamsrv code similar to nsssrv code.
|
|
Many of the functions in responder_dp.c were originally NSS-
specific and were moved there from the NSS responder code. Since
they are now generic to any responder, rename them to sss_dp_*
|
|
Currently, if an additional request comes in for a cache entry
while that same entry is already in the process of being refreshed,
we start a duplicate cache update request. This patch adds allows
the cache to maintain a hash table of all in-progress requests and
queue up multiple callbacks for updates in progress. Once the data
is returned, all of these callbacks will fire.
|
|
This patch introduces provider=files as a valid provider.
Upon loading the backend, its properties in confdb are overwritten to
those that represent legacy local domain.
Also document this in sssd.conf(5) and example config
|
|
The tools did not take the special case where id_max = 0 (no limit)
into account.
Also disallow adding users when ID is specified outside any domain.
Resolves trac tickets #86 and #89
|
|
D-BUS handles timeouts itself and reports DBUS_ERROR_NO_REPLY if
a timeout fires, so we can rely on this instead of having an
explicit timeout ourselves. Furthermore, the two timeouts present
a potential race condition.
|
|
ticket #101
|
|
Mirrors what we have done with the monitor.
|
|
Simply delay anything other service by 1 second only at startup.
|
|
Let services identify themselves voiluntarily as the first operation
instead of polling from the monitor.
Also consolidate some common functions and make them available as monitor
helpers.
|
|
|
|
Our configuration specifies the monitor config timeout as seconds,
but we were passing it directly to dbus commands that require
milliseconds. Fixing this in get_monitor_config(). Also, the
default value of -1 for the timeout resulted in a timeout much too
short to be useful, so I'm making it 10s instead.
This fix solves the problem where a busy backend (for example, one
that is enumerating a large number of LDAP entries) would fail to
respond to the ping in time.
|
|
The child processes call prctl() and when their parent process is
killed, they are sent SIGTERM using prctl. This is currently
Linux-specific, for non-Linuxes, a similar effect is achieved by
catching a set of common termination signals and sending SIGTERM to the
process group.
|
|
Previously, we had hardcoded the paths for the NSS, PAM and
private PAM sockets to /var/lib/sss/pipes. With this patch, we
will specify the sockets with --with-pipe-path.
|
|
|
|
Moving the common utility sources into a libtool convenience
library caused problems with symbols when loading the plugin
libraries.
|
|
Changes the configure process so that configure errors out if lacks the
tools necessary to build manual pages (like xsltproc). Also adds a check
for required URI of the docbook XSL templates using the xmlcatalog tool.
|
|
When --enable-tests is set by configure, the sysdb, stress and
resolver tests will be built by 'make check', which will also then
run the sysdb and resolver tests automatically.
This patch also updates the server Makefile to create a libtool
convenience library of the common source files to spare them being
built separately for every library/executable that has different
CFLAGS.
|
|
Make as much as possible static, and remove use of talloc_reference and
allocation/deallocation of memory when not necessary.
Fix also responder use of rctx->conn, was mistakenly used for both
monitor and dp connections.
|
|
This reduce code duplication as it allows to use one set of watch and timeout
functions, and at the same time also allow not to use a secondary structure just
to unify these functions.
|
|
Rationalize and rename connection names in preparatoin for merging of server and
connection structures.
|
|
Simplify code by removing stuff that is never used or redundant.
|
|
Watches and Timeouts are now unified under one implementation that covers
both dbus server and connections.
In watches do not keep removing and adding file events simply toggle the
appropriate flags.
Also streamline some memory management within both timeout and watch related
functions, checking allocations and freeing the whole context not just
the events.
|
|
Minor style cleanups, and some name consistency cleanups that make
some names a bit more meaningful and/or shorter.
|
|
ifndef doesn't work for those functions that aren't already macro definitions in
tevent.h like tevent_req_data. However if tevent_req_data is defined in
tevent.h, all other functions are available as well. So just check for
tevent_req_data and define all of them if it is not available.
This should fix compiling on distros with the latsest tevent.
|
|
Allow adding users into different domains not only by specifying
ID directly but also by specifying fully qualified name. Exit when
both specifications are used in conflict.
|
|
|
|
|
|
|
|
Retrieving ldap results and storing users could sometimes results in race
conditions where the final ldap result was retrieved before the store operations
where finished resulting in the operations to be aborted before termination.
Implement a serialization mechanism per operation.
|