summaryrefslogtreecommitdiff
path: root/src/providers/ipa/ipa_common.c
AgeCommit message (Collapse)AuthorFilesLines
2012-03-28Put dp_option maps in their own fileStephen Gallagher1-215/+1
There is no functional change due to this patch.
2012-03-09IPA: Check nsAccountLock during PAM_ACCT_MGMTStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/1227
2012-03-01IPA: Set the DNS discovery domain to match ipa_domainStephen Gallagher1-1/+3
https://fedorahosted.org/sssd/ticket/1217
2012-02-24IPA hosts refactoringJan Zeleny1-16/+36
2012-02-23IPA: Add ipa_parse_search_base()Stephen Gallagher1-9/+44
Previously, we were using sdap_parse_search_base() for setting up the search_base objects for use in IPA. However, this was generating unfriendly log messages about unknown search base types. This patch creates a new common_parse_search_base() routine that can be used with either LDAP or IPA providers. https://fedorahosted.org/sssd/ticket/1151
2012-02-07AUTOFS: IPA providerJakub Hrozek1-25/+91
2012-02-07IPA: Add host info handlerJan Cholasta1-0/+1
2012-02-07LDAP: Add support for SSH user public keysJan Cholasta1-1/+2
2012-02-06Update shadowLastChanged attribute during LDAP password changeJan Zeleny1-0/+1
https://fedorahosted.org/sssd/ticket/1019
2012-02-06Session target in IPA providerJan Zeleny1-0/+47
2012-02-06Renamed some sysdb constants for their wider usageJan Zeleny1-2/+2
2012-02-06Implemented support for multiple search bases in HBAC rules and servicesJan Zeleny1-1/+24
2012-02-05AUTOFS: LDAP providerJakub Hrozek1-0/+25
2012-02-04NSS: Add individual timeouts for entry typesStephen Gallagher1-1/+0
https://fedorahosted.org/sssd/ticket/1016
2012-02-01Fixed wrong position of ldap_service_search_baseJan Zeleny1-1/+1
The wrong position in configuration directive array caused problems in IPA provider, which tried to fetch another value instead of the services lookup base.
2012-01-31IPA: Add support for services lookups (non-enum)Stephen Gallagher1-0/+38
2012-01-18LDAP: Add option to disable paging controlStephen Gallagher1-1/+2
Fixes https://fedorahosted.org/sssd/ticket/967
2012-01-17SUDO Integration - periodical update of rules in data providerPavel Březina1-0/+2
https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
2012-01-17SUDO Integration review issuesPavel Březina1-2/+2
2011-12-16SUDO Integration - LDAP configuration optionsPavel Březina1-0/+39
2011-12-12Add sdap_connection_expire_timeout optionStephen Gallagher1-1/+2
https://fedorahosted.org/sssd/ticket/1036
2011-12-09Fixed IPA netgroup processingJan Zeleny1-0/+1
In case IPA netgroup had indirect member hosts, they wouldn't be detected. This patch also modifies debug messages for easier debugging in the future.
2011-12-08Add ldap_sasl_minssf optionJan Zeleny1-0/+1
https://fedorahosted.org/sssd/ticket/1075
2011-11-29Add ipa_hbac_support_srchost option to IPA providerJan Zeleny1-1/+2
don't fetch all host groups if this option is false https://fedorahosted.org/sssd/ticket/1078
2011-11-23Added and modified options for IPA netgroupsJan Zeleny1-24/+46
2011-11-23Modified sdap_parse_search_base()Jan Zeleny1-4/+4
2011-11-02Support to request canonicalization in LDAP/IPA providerJan Zeleny1-0/+1
https://fedorahosted.org/sssd/ticket/957
2011-11-02Add support to request canonicalization on krb AS requestsJan Zeleny1-1/+2
https://fedorahosted.org/sssd/ticket/957
2011-11-02LDAP: Add parser for multiple search basesStephen Gallagher1-0/+20
2011-08-26Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek1-1/+2
https://fedorahosted.org/sssd/ticket/978
2011-08-01Change the default value of ldap_tls_cacert in IPA providerJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/944
2011-07-21fo_get_server_name() getter for a server nameJakub Hrozek1-1/+9
Allows to be more concise in tests and more defensive in resolve callbacks
2011-07-21Rename fo_get_server_name to fo_get_server_str_nameJakub Hrozek1-2/+2
2011-07-13Remove unused krb5_service structure memberJakub Hrozek1-2/+0
2011-07-11Escape IP address in kdcinfoJakub Hrozek1-10/+10
https://fedorahosted.org/sssd/ticket/909
2011-07-11Move IP adress escaping from the LDAP namespaceJakub Hrozek1-3/+3
2011-07-08Add LDAP access control based on NDS attributesSumit Bose1-1/+4
2011-07-08Add ipa_hbac_treat_deny_as optionStephen Gallagher1-1/+2
By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
2011-07-08Add ipa_hbac_refresh optionStephen Gallagher1-1/+2
This option describes the time between refreshes of the HBAC rules on the IPA server.
2011-06-30Use name based URI instead of IP address based URIsSumit Bose1-1/+1
2011-06-30Add sockaddr_storage to sdap_serviceSumit Bose1-0/+10
2011-06-15Switch resolver to using resolv_hostent and honor TTLJakub Hrozek1-2/+2
2011-06-02Escape IPv6 IP addresses in the IPA providerJakub Hrozek1-4/+26
https://fedorahosted.org/sssd/ticket/880
2011-06-02Add utility function to return IP address as stringJakub Hrozek1-8/+2
2011-05-20Use dereference when processing RFC2307bis nested groupsJakub Hrozek1-1/+2
Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799
2011-04-29Fix order of arguments in select_principal_from_keytab() callJakub Hrozek1-1/+1
2011-04-29Fix segfault in IPA providerStephen Gallagher1-2/+2
We were trying to request the krb5 keytab from the auth provider configuration, but it hasn't yet been set up. Much better to use the value in the ID provider.
2011-04-28Fix IPA config bug with SDAP_KRB5_REALMStephen Gallagher1-1/+1
2011-04-27Add ldap_page_size configuration optionStephen Gallagher1-1/+2
2011-04-25Modify principal selection for keytab authenticationJan Zeleny1-21/+53
Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781