| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
|
|
Always just mark the sdap_handle as not connected and let later _send()
functions to take care of freeing the handle before reconnecting.
Introduce restart functions to avoid calling _send() functions in _done()
functions error paths as this would have the same effect as directly freeing
the sdap_handle and cause access to freed memory in sdap_handle_release()
By freeing sdap_handle only in the connection _recv() function we
guarantee it can never be done within sdap_handle_release() but only
in a following event.
|
|
Using sssm_*_init() as the name of the initialization function for
identity providers was a holdover from earlier development when we
thought we would only have a single "provider" entry in the config
file.
As we have now separated out the initialization functions for
auth, chpass and access, we should rename sssm_*_init() to
sssm_*_id_init() for a cleaner interface.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- use domain_to_basedn() to construct LDAP search paths for IPA HBAC
- move domain_to_basedn() to a separate file to simplify the build of
a test
|
|
The krb5 options were out of sync, causing a runtime abort.
|
|
|
|
|
|
|
|
Implements a different mechanism for cleanup task. Instead of just
deleting expired entries, this patch adds a new option
account_cache_expiration for domains. If an entry is expired and the last
login was more days in the past that account_cache_expiration, the entry is
deleted.
Groups are deleted if they are expired and and no user references them
(no user has memberof: attribute pointing at that group).
The parameter account_cache_expiration is not LDAP-specific, so that other
future backends might use the same timeout setting.
Fixes: #391
|
|
Also update BUILD.txt
|
