sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2013-09-27	AD: talk to GC first even for local domain objects	Jakub Hrozek	1	-1/+7
	Related: https://fedorahosted.org/sssd/ticket/2070 Since we are recommending to configure the POSIX attributes so that they are replicated to the Global Catalog, we can start connecting to the GC by default even for local users. If the object is not matches in the GC, there is a possibility to fall back to LDAP.
2013-09-27	ipa_server_mode: write capaths to krb5 include file	Sumit Bose	1	-1/+1
	If there are member domains in a trusted forest which are DNS-wise not proper children of the forest root the IPA KDC needs some help to determine the right authentication path. In general this should be done internally by the IPA KDC but this works requires more effort than letting sssd write the needed data to the include file for krb5.conf. If this functionality is available for the IPA KDC this patch might be removed from the sssd tree. Fixes https://fedorahosted.org/sssd/ticket/2093
2013-09-27	IPA: store forest name for forest member domains	Sumit Bose	1	-1/+1
	In order to fix https://fedorahosted.org/sssd/ticket/2093 the name of the forest must be known for a member domain of the forest.
2013-09-20	AD: Failure to get flat name is not fatal	Jakub Hrozek	1	-3/+0
	https://fedorahosted.org/sssd/ticket/2067 Some AD or AD-like servers do not contain the netlogon attribute in the master domain name. Instead of failing completely, we should just abort the master domain request and carry on. The only functionality we miss would be getting users by domain flat name.
2013-09-18	AD: async request to retrieve master domain info	Jakub Hrozek	1	-213/+22
	Adds a reusable async request to download the master domain info.
2013-09-17	util: add sss_idmap_talloc[_free]	Pavel Březina	1	-11/+3
	Remove code duplication.
2013-08-28	SYSDB: Store enumerate flag for subdomain	Jakub Hrozek	1	-2/+2

2013-08-28	DB: remove unused realm parameter from sysdb_master_domain_add_info	Jakub Hrozek	1	-1/+1
	The parameter was not used at all.
2013-06-28	AD: Move storing sdap_domain for subdomain to generic LDAP code	Jakub Hrozek	1	-65/+1
	Makes creating the sdap_domain structure for a subdomain reusable outside AD subdomain code where it was created initially. Subtask of: https://fedorahosted.org/sssd/ticket/1962
2013-06-28	Save mpg state for subdomains	Sumit Bose	1	-1/+3
	The information of a subdomain will use magic private groups (mpg) or not will be stored together with other information about the domain in the cache.
2013-06-27	AD: Write out domain-realm mappings	Jakub Hrozek	1	-0/+7
	This patch reuses the code from IPA provider to make sure that domain-realm mappings are written even for AD sub domains.
2013-06-12	Use the correct talloc context when creating AD subdomains	Jakub Hrozek	1	-1/+1
	sdom was only ever guaranteed to be set when a new domain was being created. sditer is a valid pointer in both cases, so just use that.
2013-06-07	AD: Store trusted AD domains as subdomains	Jakub Hrozek	1	-2/+364
	https://fedorahosted.org/sssd/ticket/364 Looks up trusted domain objects in the LDAP and stores them as AD subdomains. Currently only trusted domains that run NT5 or newer from the same forest are looked up and stored.
2013-06-07	LDAP: new SDAP domain structure	Jakub Hrozek	1	-1/+3
	Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain.
2013-06-07	LDAP: sdap_id_ctx might contain several connections	Jakub Hrozek	1	-1/+1
	With some LDAP server implementations, one server might provide different "views" of the identites on different ports. One example is the Active Directory Global catalog. The provider would contact different view depending on which operation it is performing and against which SSSD domain. At the same time, these views run on the same server, which means the same server options, enumeration, cleanup or Kerberos service should be used. So instead of using several different failover ports or several instances of sdap_id_ctx, this patch introduces a new "struct sdap_id_conn_ctx" that contains the connection cache to the particular view and an instance of "struct sdap_options" that contains the URI. No functional changes are present in this patch, currently all providers use a single connection. Multiple connections will be used later in the upcoming patches.
2013-05-22	Fix return code for AD subdomain request	Sumit Bose	1	-1/+3

2013-05-15	Fix segfault in AD Subdomains Module	Lukas Slebodnik	1	-0/+2
	In function ad_subdomains_get_netlogon_done: If variable "reply_count" is zero then variable "reply" will not be initialized. Therefore we should not continue.
2013-05-07	AD: read flat name and SID of the AD domain	Sumit Bose	1	-0/+522
	For various features either the flat/short/NetBIOS domain name or the domain SID is needed. Since the responders already try to do a subdomain lookup when and known domain name is encountered I added a subdomain lookup to the AD provider which currently only reads the SID from the base DN and the NetBIOS name from a reply of a LDAP ping. The results are written to the cache to have them available even if SSSD is started in offline mode. Looking up trusted domains can be added later. Since all the needed responder code is already available from the corresponding work for the IPA provider this patch fixes https://fedorahosted.org/sssd/ticket/1468