summaryrefslogtreecommitdiff
path: root/src/providers/ipa/ipa_init.c
AgeCommit message (Collapse)AuthorFilesLines
2012-06-10IPA subdomains - ask for information about master domainJan Zeleny1-2/+2
The query is performed only if there is missing information in the cache. That means this should be done only once after restart when cache doesn't exist. All subsequent requests for subdomains won't include the request for master domain.
2012-04-24IPA: Add get-domains targetSumit Bose1-0/+38
2012-03-09IPA: Check nsAccountLock during PAM_ACCT_MGMTStephen Gallagher1-0/+11
https://fedorahosted.org/sssd/ticket/1227
2012-02-24IPA hosts refactoringJan Zeleny1-7/+3
2012-02-07AUTOFS: IPA providerJakub Hrozek1-2/+24
2012-02-07IPA: Add host info handlerJan Cholasta1-0/+49
2012-02-06Session target in IPA providerJan Zeleny1-0/+42
2012-02-06Implemented support for multiple search bases in HBAC rules and servicesJan Zeleny1-0/+1
2012-01-14Support multiple search bases in HBACJan Zeleny1-0/+1
2011-12-19Pass sdap_id_ctx to online check from IPA providerJakub Hrozek1-1/+1
2011-12-19Move child_common routines to utilStephen Gallagher1-1/+1
2011-11-29IPA migration fixesJakub Hrozek1-0/+9
* use the id connection for looking up the migration flag * force TLS on the password based authentication connection https://fedorahosted.org/sssd/ticket/924
2011-11-25Fix sdap_id_ctx/ipa_id_ctx mismatch in IPA providerJakub Hrozek1-1/+3
This was causing a segfault during HBAC processing and any ID lookups except for netgroups
2011-11-23Added IPA account info handlerJan Zeleny1-1/+2
Currently it is only handling netgroups by itself, other requests are forwarded to LDAP provider.
2011-11-23New IPA ID contextJan Zeleny1-13/+21
2011-11-22Cleanup: Remove unused parametersJakub Hrozek1-1/+1
2011-07-11Check DNS records before updatingJakub Hrozek1-4/+2
https://fedorahosted.org/sssd/ticket/802
2011-02-22Allow krb5_realm to override ipa_domainStephen Gallagher1-8/+1
It is possible to set up FreeIPA servers where the Kerberos realm differs from the IPA domain name. We need to allow setting the krb5_realm explicitly to handle this.
2010-12-08Remove check_access_time() from IPA access providerSumit Bose1-7/+0
It is planned to release IPA 2.0 without time range specifications in the access control rules. To avoid confusion the evaluation is removed from sssd, too.
2010-12-07Pass sdap_id_ctx in sdap_id_op functions.Simo Sorce1-3/+1
2010-12-07Add support for FAST in krb5 providerSumit Bose1-1/+2
2010-12-01Add check_online method to LDAP ID providerSumit Bose1-1/+2
2010-07-09Use new LDAP connection framework in IPA access backend.eindenbom1-3/+3
2010-05-27Add offline callback to disconnect global SDAP handleSumit Bose1-0/+7
2010-05-27Add krb5 SIGTERM handler to ipa auth providerSumit Bose1-0/+6
2010-05-27Add callback to remove krb5 info files when going offlineSumit Bose1-0/+6
2010-05-26Add support for delayed kinit if offlineSumit Bose1-0/+9
If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
2010-05-16Add dynamic DNS updates to FreeIPAStephen Gallagher1-0/+41
This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
2010-05-16Properly set up SIGCHLD handlersStephen Gallagher1-15/+0
Instead of having all-purpose SIGCHLD handlers that try to catch every occurrence, we instead create a per-PID handler. This will allow us to specify callbacks to occur when certain children exit.
2010-05-16New version of IPA auth and password migrationSumit Bose1-20/+63
The current version modified some global structures to be able to use Kerberos and LDAP authentication during the IPA password migration. This new version only uses tevent requests. Additionally the ipaMigrationEnabled attribute is read from the IPA server to see if password migration is allowed or not.
2010-05-07Revert "Add dynamic DNS updates to FreeIPA"Stephen Gallagher1-41/+0
This reverts commit 973b7c27c0b294b8b2f120296f64c6a3a36e44b7. While this patch applied cleanly, it was uncompilable. Reverting until it can be properly merged.
2010-05-07Add dynamic DNS updates to FreeIPAStephen Gallagher1-0/+41
This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
2010-05-07Use service discovery in backendsJakub Hrozek1-2/+1
Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
2010-04-16Make ID provider init functions clearerStephen Gallagher1-5/+5
Using sssm_*_init() as the name of the initialization function for identity providers was a holdover from earlier development when we thought we would only have a single "provider" entry in the config file. As we have now separated out the initialization functions for auth, chpass and access, we should rename sssm_*_init() to sssm_*_id_init() for a cleaner interface.
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+293
Also update BUILD.txt