Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
Also remove unused sysdb_search_domgroup_by_gid()
|
|
Also remove unused sysdb_search_domgroup_by_name()
|
|
Also remove unused sysdb_search_domuser_by_uid()
|
|
Also remove unused sysdb_search_domuser_by_name()
|
|
|
|
|
|
|
|
|
|
|
|
Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore
fqnames proper value in subdomains, by testing for a parent domain being
present or not.
|
|
|
|
Storing ranges for multiple domains under any specific domain is
somewhat aritrary and unnecessary.
Put ranges under cn=ranges,cn=sysdb, without involving any specific
domain subtree.
This allows us to avoid using sysdb->domain in ranges functions.
Also storing other subdomains data under the parent domain tree felt
wrong, all other domain specific data is under their own subtree.
Moving this data in its own place seems a better solution.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We are deprecating sysdb->domain so kill the function that gives access to
this member as we should stop relying on it being available (or correct).
|
|
Bring it out of sysdb, which will slowly remove internal dependencies on
domains and instead will always require them to be passed by callers.
|
|
Change the way sysdbs are initialized. Make callers responsible for providing
the list of domains.
Remove the returned array of sysdb contexts, it was used only by sss_cache
and not really necessary there either as that tool can easily iterate the
domains.
Make sysdb ctx children of their respective domains.
Neither sysdb context nor domains are ever freed until a program is done so
there shouldn't be any memory hierarchy issue. As plus we simplify the code by
removing a destructor and a setter function.
|
|
This commit is the first of a complex work of untangling domain and sysdb.
It turns out the idea of keeping a reference to the domain within the sysdb was
a poor one so we need to split the domain out and change all functions that
needs one to get it explicitly from their callers.
|
|
Use the new authtok abstraction and interfaces throught the code.
|
|
Make it clear to the API users that we can not take arbitrary auth tokens.
We can only take a password for now so simplify and clarify the interface.
|
|
|
|
|
|
|
|
|
|
|
|
Currently only the LDB error code indicating that an entry already
exists is translated to EEXIST. To make debugging easier and return a
better indication of the reason for an error in the logs this patch
translates the LDB error code for an already existing attribute or value
to EEXIST as well.
|
|
The function itself was very long (more than 300 lines) and hard to
read, this patch splits it to three logical blocks.
|
|
https://fedorahosted.org/sssd/ticket/1714
The attempt to delete all ghosts for users name and aliases was failing,
resulting into failure of whole user-add operation. In permissive mode,
the attempts to delete non-existent entries are not interpreted as
error.
|
|
We had 2 defines for the same class.
Consolidate and remove confusion.
|
|
|
|
This sysdb API will be used later to invalidate the autofs maps
|
|
|
|
https://fedorahosted.org/sssd/ticket/1712
The timestamp doesn't have to be in the form yyyymmddHHMMSSZ any
more. It can be in any form of generalized time format.
|
|
https://fedorahosted.org/sssd/ticket/1677
|
|
|
|
We've been hitting situations where the sysdb conversion failed.
Unfortunately, the current code doesn't include enough debugging info to
pinpoint the failing entries. This patch adds more DEBUG statements for
each processed entry.
|
|
|
|
https://fedorahosted.org/sssd/ticket/1674
|
|
https://fedorahosted.org/sssd/ticket/1673
|
|
fixes https://fedorahosted.org/sssd/ticket/1628
When user's alias is same as it's name, don't use it for searching in
sysdb, and for deleting.
|
|
https://fedorahosted.org/sssd/ticket/1612
This patch changes the handling of ghost attributes when saving the
actual user entry. Instead of always linking all groups that contained
the ghost attribute with the new user entry, the original member
attributes are now saved in the group object and the user entry is only
linked with its direct parents.
As the member attribute is compared against the originalDN of the user,
if either the originalDN or the originalMember attributes are missing,
the user object is linked with all the groups as a fallback.
The original member attributes are only saved if the LDAP schema
supports nesting.
|
|
attribute
Using the convenience function instead of low-level ldb calls makes the
code more compact and more readable.
|