sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2012-08-01	Primary server support: IPA adaptation	Jan Zeleny	1	-33/+74
	This patch adds support for the primary server functionality into IPA provider. No backup servers are added at the moment, just the basic support is in place.
2012-08-01	Primary server support: basic support in failover code	Jan Zeleny	1	-1/+1
	Now there are two list of servers for each service. If currently selected server is only backup, then an event will be scheduled which tries to get connection to one of primary servers and if it succeeds, it starts using this server instead of the one which is currently connected to.
2012-07-06	KRB5: Drop memctx parameter of krb5_try_kdcip	Stephen Gallagher	1	-1/+1
	This function is not supposed to return any newly-allocated memory directly. It was actually leaking the memory for krb5_servers if krb5_kdcip was being used, though it was undetectable because it was allocated on the provided memctx. This patch removes the memctx parameter and allocates krb5_servers temporarily on NULL and ensures that it is freed on all exit conditions. It is not necessary to retain this memory, as dp_opt_set_string() performs a talloc_strdup onto the appropriate context internally. It also updates the DEBUG messages for this function to the appropriate new macro levels.
2012-06-21	Add support for ID ranges	Sumit Bose	1	-0/+26

2012-06-10	IPA subdomains - ask for information about master domain	Jan Zeleny	1	-0/+26
	The query is performed only if there is missing information in the cache. That means this should be done only once after restart when cache doesn't exist. All subsequent requests for subdomains won't include the request for master domain.
2012-05-03	IPA: Check return values	Jakub Hrozek	1	-2/+6

2012-04-24	IPA: Add get-domains target	Sumit Bose	1	-0/+26

2012-03-28	Remove old compatibility tests	Stephen Gallagher	1	-16/+0
	These are now replaced by the more accurate tests. This patch also drops the runtime option-count check, since we are always performing the more complete check at build-time.
2012-03-28	Put dp_option maps in their own file	Stephen Gallagher	1	-215/+1
	There is no functional change due to this patch.
2012-03-09	IPA: Check nsAccountLock during PAM_ACCT_MGMT	Stephen Gallagher	1	-1/+1
	https://fedorahosted.org/sssd/ticket/1227
2012-03-01	IPA: Set the DNS discovery domain to match ipa_domain	Stephen Gallagher	1	-1/+3
	https://fedorahosted.org/sssd/ticket/1217
2012-02-24	IPA hosts refactoring	Jan Zeleny	1	-16/+36

2012-02-23	IPA: Add ipa_parse_search_base()	Stephen Gallagher	1	-9/+44
	Previously, we were using sdap_parse_search_base() for setting up the search_base objects for use in IPA. However, this was generating unfriendly log messages about unknown search base types. This patch creates a new common_parse_search_base() routine that can be used with either LDAP or IPA providers. https://fedorahosted.org/sssd/ticket/1151
2012-02-07	AUTOFS: IPA provider	Jakub Hrozek	1	-25/+91

2012-02-07	IPA: Add host info handler	Jan Cholasta	1	-0/+1

2012-02-07	LDAP: Add support for SSH user public keys	Jan Cholasta	1	-1/+2

2012-02-06	Update shadowLastChanged attribute during LDAP password change	Jan Zeleny	1	-0/+1
	https://fedorahosted.org/sssd/ticket/1019
2012-02-06	Session target in IPA provider	Jan Zeleny	1	-0/+47

2012-02-06	Renamed some sysdb constants for their wider usage	Jan Zeleny	1	-2/+2

2012-02-06	Implemented support for multiple search bases in HBAC rules and services	Jan Zeleny	1	-1/+24

2012-02-05	AUTOFS: LDAP provider	Jakub Hrozek	1	-0/+25

2012-02-04	NSS: Add individual timeouts for entry types	Stephen Gallagher	1	-1/+0
	https://fedorahosted.org/sssd/ticket/1016
2012-02-01	Fixed wrong position of ldap_service_search_base	Jan Zeleny	1	-1/+1
	The wrong position in configuration directive array caused problems in IPA provider, which tried to fetch another value instead of the services lookup base.
2012-01-31	IPA: Add support for services lookups (non-enum)	Stephen Gallagher	1	-0/+38

2012-01-18	LDAP: Add option to disable paging control	Stephen Gallagher	1	-1/+2
	Fixes https://fedorahosted.org/sssd/ticket/967
2012-01-17	SUDO Integration - periodical update of rules in data provider	Pavel Březina	1	-0/+2
	https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
2012-01-17	SUDO Integration review issues	Pavel Březina	1	-2/+2

2011-12-16	SUDO Integration - LDAP configuration options	Pavel Březina	1	-0/+39

2011-12-12	Add sdap_connection_expire_timeout option	Stephen Gallagher	1	-1/+2
	https://fedorahosted.org/sssd/ticket/1036
2011-12-09	Fixed IPA netgroup processing	Jan Zeleny	1	-0/+1
	In case IPA netgroup had indirect member hosts, they wouldn't be detected. This patch also modifies debug messages for easier debugging in the future.
2011-12-08	Add ldap_sasl_minssf option	Jan Zeleny	1	-0/+1
	https://fedorahosted.org/sssd/ticket/1075
2011-11-29	Add ipa_hbac_support_srchost option to IPA provider	Jan Zeleny	1	-1/+2
	don't fetch all host groups if this option is false https://fedorahosted.org/sssd/ticket/1078
2011-11-23	Added and modified options for IPA netgroups	Jan Zeleny	1	-24/+46

2011-11-23	Modified sdap_parse_search_base()	Jan Zeleny	1	-4/+4

2011-11-02	Support to request canonicalization in LDAP/IPA provider	Jan Zeleny	1	-0/+1
	https://fedorahosted.org/sssd/ticket/957
2011-11-02	Add support to request canonicalization on krb AS requests	Jan Zeleny	1	-1/+2
	https://fedorahosted.org/sssd/ticket/957
2011-11-02	LDAP: Add parser for multiple search bases	Stephen Gallagher	1	-0/+20

2011-08-26	Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON	Jakub Hrozek	1	-1/+2
	https://fedorahosted.org/sssd/ticket/978
2011-08-01	Change the default value of ldap_tls_cacert in IPA provider	Jakub Hrozek	1	-1/+1
	https://fedorahosted.org/sssd/ticket/944
2011-07-21	fo_get_server_name() getter for a server name	Jakub Hrozek	1	-1/+9
	Allows to be more concise in tests and more defensive in resolve callbacks
2011-07-21	Rename fo_get_server_name to fo_get_server_str_name	Jakub Hrozek	1	-2/+2

2011-07-13	Remove unused krb5_service structure member	Jakub Hrozek	1	-2/+0

2011-07-11	Escape IP address in kdcinfo	Jakub Hrozek	1	-10/+10
	https://fedorahosted.org/sssd/ticket/909
2011-07-11	Move IP adress escaping from the LDAP namespace	Jakub Hrozek	1	-3/+3

2011-07-08	Add LDAP access control based on NDS attributes	Sumit Bose	1	-1/+4

2011-07-08	Add ipa_hbac_treat_deny_as option	Stephen Gallagher	1	-1/+2
	By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
2011-07-08	Add ipa_hbac_refresh option	Stephen Gallagher	1	-1/+2
	This option describes the time between refreshes of the HBAC rules on the IPA server.
2011-06-30	Use name based URI instead of IP address based URIs	Sumit Bose	1	-1/+1

2011-06-30	Add sockaddr_storage to sdap_service	Sumit Bose	1	-0/+10

2011-06-15	Switch resolver to using resolv_hostent and honor TTL	Jakub Hrozek	1	-2/+2