sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2013-09-27	AD: talk to GC first even for local domain objects	Jakub Hrozek	1	-6/+11
	Related: https://fedorahosted.org/sssd/ticket/2070 Since we are recommending to configure the POSIX attributes so that they are replicated to the Global Catalog, we can start connecting to the GC by default even for local users. If the object is not matches in the GC, there is a possibility to fall back to LDAP.
2013-09-20	AD: Failure to get flat name is not fatal	Jakub Hrozek	1	-3/+0
	https://fedorahosted.org/sssd/ticket/2067 Some AD or AD-like servers do not contain the netlogon attribute in the master domain name. Instead of failing completely, we should just abort the master domain request and carry on. The only functionality we miss would be getting users by domain flat name.
2013-09-18	AD: Download master domain info when enumerating	Jakub Hrozek	1	-0/+185
	https://fedorahosted.org/sssd/ticket/2068 With the current design, downloading master domain data was tied to subdomains refresh, triggered by responders. But because enumeration is a background task that can't be triggered on its own, we can't rely on responders to download the master domain data and we need to check the master domain on each enumeration request.
2013-06-28	IPA: Look up AD users directly if IPA server mode is on	Jakub Hrozek	1	-2/+2
	https://fedorahosted.org/sssd/ticket/1962 If the ipa_server_mode is selected IPA subdomain user and group lookups are not done with the help of the extdom plugin but directly against AD using the AD ID code.
2013-06-07	AD ID lookups - choose GC or LDAP as appropriate	Jakub Hrozek	1	-1/+262
	https://fedorahosted.org/sssd/ticket/1557 Some lookups should be performed from GC only -- for example trusted users are only present in the Global Catalog, while some lookups should be performed from LDAP only as not all objects or attributes are replicated to Global Catalog. This patch adds a generic failover mechanism for identity lookups in the AD provider that allows to choose the appropriate source and even fail over to the other source if available.
2013-06-07	LDAP: Pass in a connection to ID functions	Jakub Hrozek	1	-1/+1
	Instead of using the default connection from the sdap_id_ctx, allow the caller to specify which connection shall be used for this particular request. Again, no functional change is present in this patch, just another parameter is added.
2013-01-21	Add be_req_get_be_ctx() helper.	Simo Sorce	1	-5/+7
	In preparation for making be_req opaque
2012-08-23	AD context was set to null due to type mismatch	Ondrej Kos	1	-0/+11

2012-07-06	AD: Add AD identity provider	Stephen Gallagher	1	-0/+37
	This new identity provider takes advantage of existing code for the LDAP provider, but provides sensible defaults for operating against an Active Directory 2008 R2 or later server.