summaryrefslogtreecommitdiff
path: root/src/config/etc/sssd.api.d/sssd-ldap.conf
AgeCommit message (Collapse)AuthorFilesLines
2011-08-26Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/978
2011-07-08Add LDAP access control based on NDS attributesSumit Bose1-0/+3
2011-05-20Use dereference when processing RFC2307bis nested groupsJakub Hrozek1-0/+1
Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799
2011-04-27Add ldap_page_size configuration optionStephen Gallagher1-0/+1
2011-04-25Configuration parsing updatesJan Zeleny1-2/+2
These changes are all related to following ticket: https://fedorahosted.org/sssd/ticket/763 Changes in SSSDConfig.py merge old and new domain record instead of just deleting the old and inserting the new one. The old approach let to loss of some information like comments and blank lines in the config file. Changes in API config were performed so our Python scripts (like sss_obfuscate) don't add extra config options to the config file.
2011-03-24Add host access control supportPierre Ossman1-0/+1
https://fedorahosted.org/sssd/ticket/746
2011-01-20Add ldap_tls_{cert,key,cipher_suite} config optionsTyson Whitehead1-0/+3
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2011-01-19Add LDAP expire policy base RHDS/IPA attributeSumit Bose1-0/+1
The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
2011-01-19Add LDAP expire policy based on AD attributesSumit Bose1-0/+2
The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
2011-01-17Add ldap_search_enumeration_timeout config optionSumit Bose1-0/+1
2010-12-21Add authorizedService supportStephen Gallagher1-0/+1
https://fedorahosted.org/sssd/ticket/670
2010-12-21Update config API filesSumit Bose1-1/+1
Over the time a couple of new config options didn't made it into the config API files. This patch updates the files and removes some duplications.
2010-12-07ldap: Use USN entries if available.Simo Sorce1-0/+2
Otherwise fallback to the default modifyTimestamp indicator
2010-12-06Add ldap_chpass_uri config optionSumit Bose1-1/+2
2010-12-06Add new account expired rule to LDAP access providerSumit Bose1-0/+2
Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
2010-11-04Make ldap_search_base a non-mandatory optionSumit Bose1-1/+1
2010-10-22Add ldap_deref optionSumit Bose1-0/+1
2010-10-19Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip.Jan Zeleny1-0/+1
For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543
2010-10-18Add option to limit nested groupsSimo Sorce1-0/+1
2010-10-13Add infrastructure to LDAP provider for netgroup supportSumit Bose1-0/+8
2010-05-27Add ldap_access_filter optionStephen Gallagher1-0/+3
This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
2010-05-16SSSDConfigAPI fixesJakub Hrozek1-1/+3
* add forgotten ldap_dns_service option * sync IPA and LDAP options (ldap_pwd_policy and ldap_tls_cacertdir) * ldap_uri is no longer mandatory for LDAP provider - the default is to use service discovery with no address set now. Ditto for krb5_kdcip and ipa_server
2010-03-18Add missing ldap_tls_cacertdir option to SSSDConfig APIStephen Gallagher1-0/+1
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+68
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-07-22 13:55:01 +0000