Age | Commit message (Collapse) | Author | Files | Lines |
|
The function itself was very long (more than 300 lines) and hard to
read, this patch splits it to three logical blocks.
|
|
https://fedorahosted.org/sssd/ticket/1714
The attempt to delete all ghosts for users name and aliases was failing,
resulting into failure of whole user-add operation. In permissive mode,
the attempts to delete non-existent entries are not interpreted as
error.
|
|
|
|
fixes https://fedorahosted.org/sssd/ticket/1628
When user's alias is same as it's name, don't use it for searching in
sysdb, and for deleting.
|
|
https://fedorahosted.org/sssd/ticket/1612
This patch changes the handling of ghost attributes when saving the
actual user entry. Instead of always linking all groups that contained
the ghost attribute with the new user entry, the original member
attributes are now saved in the group object and the user entry is only
linked with its direct parents.
As the member attribute is compared against the originalDN of the user,
if either the originalDN or the originalMember attributes are missing,
the user object is linked with all the groups as a fallback.
The original member attributes are only saved if the LDAP schema
supports nesting.
|
|
attribute
Using the convenience function instead of low-level ldb calls makes the
code more compact and more readable.
|
|
The domain can be read from the sysdb object. Removing the domain string
makes the API more self-contained.
|
|
https://fedorahosted.org/sssd/ticket/1506
Changes how the new autofs entry objects are handled. Instead of
creating the entry on the cn=autofs,cn=custom level, the entry is
created below the map it belongs to.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Deleted sysdb_add_fake_user():
This function is no longer used.
Modified sysdb_add_user():
When user object is added to sysdb, it is important to iterate over all
groups that might have its name or any of its aliases as ghost member
and replace this ghost membership by a real one. This will eliminate
duplicite memberships.
|
|
Fixes a regression in the local domain tools where sss_groupadd no longer
detected a GID duplicate. The check for EEXIST is moved one level up into
more high level function.
The patch also adds the same rename support for users. I found it odd that
we allowed a rename of groups but not users. There is a catch when storing
a user -- his cached password would be gone. I think that renaming a user
is such a rare operation that it's not severe, plus there is a warning in
the logs.
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1136
|
|
|
|
|
|
|
|
|
|
|
|
Previously, they were reported with the prefix "Error:" which
caused confusion among end-users while debugging.
|
|
https://fedorahosted.org/sssd/ticket/1040
|
|
https://fedorahosted.org/sssd/ticket/1051
|
|
https://fedorahosted.org/sssd/ticket/836
|
|
https://fedorahosted.org/sssd/ticket/1013
|
|
This is mostly a cosmetic patch.
The purpose of wrapping a multi-line macro in a do { } while(0) is to
make the macro usable as a regular statement, not a compound statement.
When the while(0) is terminated with a semicolon, the do { } while(0);
block becomes a compound statement again.
|
|
This patch deletes memory context parameter in those places in sysdb
where it is not necessary. The code using modified functions has been
updated. Tests updated as well.
|
|
The patch also updates code using modified functions. Tests have also
been adjusted.
|
|
|
|
|
|
RFC2307bis code relies heavily on originalDN, so the fake users need to
have an option to store it, too.
|
|
|
|
|
|
|
|
|
|
Sometimes, a value in LDAP will cease to exist (the classic
example being shadowExpire). We need to make sure we purge that
value from SSSD's sysdb as well.
https://fedorahosted.org/sssd/ticket/750
|
|
https://fedorahosted.org/sssd/ticket/775
|
|
Libldb performs non-indexed searches for ONELEVEL requests. We'll
use SUBTREE instead to reduce the performance hit substantially
|
|
|
|
Previously, it assumed that all members were users. This changes
the interface so that either a user or a group can be specified.
Also, it eliminates the need for a memory context to be passed,
since the internal memory should be self-contained.
|
|
|
|
Useful for optimizing the initgroups operation.
|
|
|
|
|
|
|