summaryrefslogtreecommitdiff
path: root/server
AgeCommit message (Collapse)AuthorFilesLines
2009-11-05Update midpoint refresh logic to be relative to cache timeoutStephen Gallagher6-15/+49
2009-11-05Add configure check for sasl.hStephen Gallagher1-0/+2
2009-11-05add replacements for missing Kerberos callsSumit Bose7-48/+160
2009-11-04Do not delete users, groups outside domain rangeJakub Hrozek2-11/+35
Fixes: 240
2009-11-04Simplify debug_fn()Stephen Gallagher1-12/+2
We don't need to be allocating an output string here. This was also causing a runtime bug when the output string contained characters that would be interpreted by fprintf as specifiers.
2009-11-04Fix for a seg fault during recursive deleteSumit Bose1-1/+7
2009-11-04Add sysdb_attrs_replace_name to sysdb API.Sumit Bose3-0/+80
2009-11-04Free the PCRE regexp with destructorJakub Hrozek1-0/+10
2009-11-03Rename sdap_id_map to sdap_attr_mapSimo Sorce7-21/+75
Also start adding some infrastructure to use the USN counter when available. In particular add a place to add generic attrs mapping, ie attributes that are neither user nor group specific.
2009-11-03Add complete pydoc for SSSDConfig APIStephen Gallagher1-1/+534
2009-11-03Localize SSSDConfig stringsStephen Gallagher4-3/+919
2009-11-03Add support for option descriptions to SSSDConfig APIStephen Gallagher2-14/+148
Addresses https://fedorahosted.org/sssd/ticket/242 related to authconfig integration
2009-11-03Remove magic_private_groups from SSSDConfig API schemaStephen Gallagher2-3/+0
2009-11-03Make config_file_version a hidden setting in SSSDConfig APIStephen Gallagher5-17/+134
The config_file_version should never be changed by the API, so we will hide the option inside the SSSDConfig API and remove it from the schema. Guarantee that the config file is of the correct version
2009-11-02add sysdb_delete_recursive request to sysdb APISumit Bose4-4/+282
2009-11-02Make debug message less irritating.Sumit Bose1-2/+2
The 'Unable to load' debug message is now only shown when the backend target is given explicitly in the config file. I the other case we let the caller decided how to handle this error condition.
2009-11-02set ipa_hostname if not given in config fileSumit Bose1-0/+20
2009-10-30Fix segfault when SASL is not used at allSimo Sorce2-2/+4
2009-10-30remove old sysdb file before starting testsSumit Bose1-0/+8
2009-10-30Fix compiler warnings in krb5_utils-tests.Sumit Bose1-21/+21
2009-10-30Add AM_CFLAGS to unit testsSumit Bose1-8/+12
2009-10-29Add support to get rootDSE from the LDAP server.Simo Sorce6-121/+398
Also fic sdap_get_generic_send() to be a bit more "generic" :-) Also figs bugs within it. This patch allow us 2 good things. A) we check that the server effectively supports GSSAPI auth before we try to use it. B) against IPA it substantially cuts delays when the server is offline because it uses a 5 second async timeout on the connection and doesn't try to do a slow synchronous kinit+sasl_bind if the server is not even available.
2009-10-29Tidy up ipa optionsSimo Sorce9-223/+239
Do not replicate every and each option we may want to set in ipa. Just read out ldap and krb provider options (added reference in the manual too, and removed mention of ipa specific timeout values, use ldap options for that) Avoid calling auth module initialization twice, just pass the auth context to the chpass module too. Add a new ldap option SDAP_SEARCH_BASE, so that a single searching base can be used for both users and groups. the user and group search bases can still be set separately if necessary but they are now optional and set to be identical to SDAP_SEARCH_BASE if not explicitly specified in the configuration.
2009-10-29Allow sysdb_search_entry request to return more than one resultSumit Bose3-27/+178
2009-10-29added a ASQ search API for sysdbSumit Bose3-0/+356
2009-10-28Kill the ldap connection when we go offlineSimo Sorce1-5/+16
This patch uses a wrapper to kill the ldap connection when we are marked offline. This also makes sure we do not try to reuse a bad connection handler after a fatal error.
2009-10-28Fix sssd.api.conf with correct entry_cache_timeoutStephen Gallagher2-2/+5
Changeset 3a21103f61bf9b60256cc2d0da54b757b634319f moved the wrong option to the domain list, and also didn't update the unit tests.
2009-10-27Do not migrate Data ProviderJakub Hrozek1-22/+57
Add a way to make changes to the most recent format of config files. Use it to remove all traces of Data Provider from the config file which is being migrated.
2009-10-27Move responsibility for entry expiration timeoutSimo Sorce17-75/+109
The providers are now responsible for determining how long a cached entry is considered valid. The default is the same as before (600s)
2009-10-27Add proper support for IPA/AD schemasSimo Sorce4-202/+574
Nested groups weren't properly handled. Add 2 pass strategy to update groups memberships Stuff work as expected when enumeration is enabled now.
2009-10-27Fix segfaultSimo Sorce1-1/+1
Fix copy/paste error that picked up the wrong request structure to pass down. This was causing the talloc code that checks for the right signature to fail and abort as the 2 request structures have different state structures attacched.
2009-10-27Remove [dp] section from example configStephen Gallagher2-13/+3
Also remove references to the DP service from the sssd.conf manpages.
2009-10-27store original DN with cached group objects if availableSumit Bose1-0/+16
2009-10-27Updating polish translation for 0.7.0Piotr Drąg1-34/+31
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2009-10-26Remove DP from example configurationStephen Gallagher1-1/+1
2009-10-26Use standard coding practice to set last loginSimo Sorce1-90/+128
This rewrite should also fix a segfault in the code that may happen when exiting in case of error conditions. The previous code was attaching the transaction handle to llreq structure and then calling prepare_reply() from within the request handlers which could ultimately free the preq and llreq and handle before the transaction request was actually completed by tevent.
2009-10-26Zero pointers on freeSimo Sorce1-4/+4
If the pointer stays around, zero it when it is freed, so we do not risk access to released memory in case of bugs.
2009-10-26Add IPA conf templateSimo Sorce1-0/+9
2009-10-26Read the right buffer, avoids potential segfaultsSimo Sorce1-5/+5
Also fix some debug message levels
2009-10-26Copy option overrides.Simo Sorce1-0/+26
We were not copying IPA named options to the ldap id options list. So the ldap_id provider was always using just the default settings.
2009-10-26Fix migration script for pre-0.5 local domainsJakub Hrozek1-2/+11
Configuration files before 0.5.0 did not enforce provider= in local domains it did special-case by domain name (LOCAL). Our script was relying on provider= value, this patch adds the special-casing in case the domain was called LOCAL.
2009-10-23Update version to 0.7.0Stephen Gallagher3-222/+481
Update gettext strings
2009-10-22Add support for offline auth cache timeoutStephen Gallagher9-3/+217
This adds a new option (offline_credentials_expiration) to the [PAM] section of the sssd.conf If the user does not perform an online authentication within the timeout (in days), they will be denied auth once the timeout passes.
2009-10-22Add pam_ctx (similar to nss_ctx) for storing global PAM configStephen Gallagher2-5/+25
2009-10-22User home directories managementJakub Hrozek19-60/+1984
Create and populate user directories on useradd, delete them on userdel Fixes: #212
2009-10-22Fix setting the schema in the ipa providerSimo Sorce1-0/+3
2009-10-22fix a compiler warning about redefinition of DEBUGSumit Bose1-15/+19
2009-10-22update ipa auth options to new option schemeSumit Bose4-110/+134
2009-10-22update krb5 option handling to new option schemeSumit Bose9-131/+296
2009-10-22Bring SSSDConfig API options up-to-dateStephen Gallagher3-21/+68