summaryrefslogtreecommitdiff
path: root/src/providers/ipa/ipa_common.h
AgeCommit message (Collapse)AuthorFilesLines
2012-10-16Make TTL configurable for dynamic dns updatesJames Hogarth1-0/+1
2012-08-01Primary server support: new option in IPA providerJan Zeleny1-0/+1
This patch adds support for new config option ipa_backup_server. The description of this option's functionality is included in man page in one of previous patches.
2012-08-01Primary server support: IPA adaptationJan Zeleny1-1/+2
This patch adds support for the primary server functionality into IPA provider. No backup servers are added at the moment, just the basic support is in place.
2012-06-21Add support for ID rangesSumit Bose1-0/+2
2012-06-10IPA subdomains - ask for information about master domainJan Zeleny1-0/+2
The query is performed only if there is missing information in the cache. That means this should be done only once after restart when cache doesn't exist. All subsequent requests for subdomains won't include the request for master domain.
2012-04-24IPA: Add get-domains targetSumit Bose1-0/+2
2012-03-28Remove old compatibility testsStephen Gallagher1-15/+0
These are now replaced by the more accurate tests. This patch also drops the runtime option-count check, since we are always performing the more complete check at build-time.
2012-02-24IPA hosts refactoringJan Zeleny1-0/+17
2012-02-07AUTOFS: IPA providerJakub Hrozek1-0/+14
2012-02-07IPA: Add host info handlerJan Cholasta1-0/+1
2012-02-06Update shadowLastChanged attribute during LDAP password changeJan Zeleny1-1/+1
https://fedorahosted.org/sssd/ticket/1019
2012-02-06Session target in IPA providerJan Zeleny1-0/+17
2012-02-06Implemented support for multiple search bases in HBAC rules and servicesJan Zeleny1-0/+1
2012-02-05AUTOFS: LDAP providerJakub Hrozek1-1/+1
2012-02-04NSS: Add individual timeouts for entry typesStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/1016
2012-01-31IPA: Add support for services lookups (non-enum)Stephen Gallagher1-1/+3
2012-01-18LDAP: Add option to disable paging controlStephen Gallagher1-1/+1
Fixes https://fedorahosted.org/sssd/ticket/967
2012-01-17SUDO Integration - periodical update of rules in data providerPavel Březina1-1/+1
https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
2011-12-16SUDO Integration - LDAP configuration optionsPavel Březina1-1/+1
2011-12-12Add sdap_connection_expire_timeout optionStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/1036
2011-12-09Fixed IPA netgroup processingJan Zeleny1-0/+1
In case IPA netgroup had indirect member hosts, they wouldn't be detected. This patch also modifies debug messages for easier debugging in the future.
2011-12-08Add ldap_sasl_minssf optionJan Zeleny1-1/+1
https://fedorahosted.org/sssd/ticket/1075
2011-11-29Add ipa_hbac_support_srchost option to IPA providerJan Zeleny1-0/+1
don't fetch all host groups if this option is false https://fedorahosted.org/sssd/ticket/1078
2011-11-29IPA migration fixesJakub Hrozek1-0/+1
* use the id connection for looking up the migration flag * force TLS on the password based authentication connection https://fedorahosted.org/sssd/ticket/924
2011-11-23New IPA ID contextJan Zeleny1-1/+6
2011-11-23Added and modified options for IPA netgroupsJan Zeleny1-0/+23
2011-11-02Support to request canonicalization in LDAP/IPA providerJan Zeleny1-1/+1
https://fedorahosted.org/sssd/ticket/957
2011-11-02Add support to request canonicalization on krb AS requestsJan Zeleny1-1/+1
https://fedorahosted.org/sssd/ticket/957
2011-08-26Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/978
2011-07-11Check DNS records before updatingJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/802
2011-07-08Add ipa_hbac_treat_deny_as optionStephen Gallagher1-0/+1
By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
2011-07-08Add ipa_hbac_refresh optionStephen Gallagher1-0/+1
This option describes the time between refreshes of the HBAC rules on the IPA server.
2011-05-20Use dereference when processing RFC2307bis nested groupsJakub Hrozek1-1/+1
Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799
2011-04-27Add ldap_page_size configuration optionStephen Gallagher1-1/+1
2011-04-25Modify principal selection for keytab authenticationJan Zeleny1-1/+1
Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
2011-04-25Allow new option to specify principal for FASTJan Zeleny1-1/+1
https://fedorahosted.org/sssd/ticket/700
2011-02-22Add krb5_realm to the basic IPA optionsStephen Gallagher1-0/+1
Previously, this was only handled by the internal LDAP and Kerberos providers, but this wasn't available early enough to properly handle setting up the krb5_service for failover and creating the krb5info files.
2011-02-22Allow krb5_realm to override ipa_domainStephen Gallagher1-1/+2
It is possible to set up FreeIPA servers where the Kerberos realm differs from the IPA domain name. We need to allow setting the krb5_realm explicitly to handle this.
2011-01-27Add option to disable TLS for LDAP authStephen Gallagher1-1/+1
Option is named to discourage use in production environments and is intentionally not listed in the SSSDConfig API.
2011-01-20Add ldap_tls_{cert,key,cipher_suite} config optionsTyson Whitehead1-1/+1
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2011-01-19Add ipa_hbac_search_base config optionSumit Bose1-0/+1
2011-01-17Add ldap_search_enumeration_timeout config optionSumit Bose1-1/+1
2010-12-07Add support for FAST in krb5 providerSumit Bose1-1/+1
2010-12-06Add ldap_chpass_uri config optionSumit Bose1-1/+1
2010-12-06Add new account expired rule to LDAP access providerSumit Bose1-1/+1
Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
2010-12-03Add support for automatic Kerberos ticket renewalSumit Bose1-1/+1
2010-12-03Add krb5_lifetime optionSumit Bose1-1/+1
2010-12-03Add krb5_renewable_lifetime optionSumit Bose1-1/+1
2010-10-22Add ldap_deref optionSumit Bose1-1/+1
2010-10-18Add option to limit nested groupsSimo Sorce1-1/+1