sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2012-02-04	NSS: Add individual timeouts for entry types	Stephen Gallagher	1	-1/+0
	https://fedorahosted.org/sssd/ticket/1016
2012-02-04	LDAP: Do not fail if RootDSE check cannot determine search bases	Stephen Gallagher	1	-3/+2
	https://fedorahosted.org/sssd/ticket/1152
2012-01-31	LDAP: Add support for service lookups (non-enum)	Stephen Gallagher	1	-0/+33

2012-01-18	LDAP: Add option to disable paging control	Stephen Gallagher	1	-1/+2
	Fixes https://fedorahosted.org/sssd/ticket/967
2012-01-18	Do not use sudo symbols in LDAP provider unconditionally	Jakub Hrozek	1	-0/+2

2012-01-17	SUDO Integration - periodical update of rules in data provider	Pavel Březina	1	-0/+60
	https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
2012-01-17	SUDO Integration review issues	Pavel Březina	1	-1/+1

2011-12-16	SUDO Integration - LDAP configuration options	Pavel Březina	1	-1/+72

2011-12-16	Export the function to convert ldb_result to sysdb_attrs	Jakub Hrozek	1	-29/+0
	It will be reused later in the sudo responder
2011-12-12	Add sdap_connection_expire_timeout option	Stephen Gallagher	1	-1/+2
	https://fedorahosted.org/sssd/ticket/1036
2011-12-08	Add ldap_sasl_minssf option	Jan Zeleny	1	-0/+1
	https://fedorahosted.org/sssd/ticket/1075
2011-11-23	Modified sdap_parse_search_base()	Jan Zeleny	1	-9/+8

2011-11-02	Support to request canonicalization in LDAP/IPA provider	Jan Zeleny	1	-0/+1
	https://fedorahosted.org/sssd/ticket/957
2011-11-02	LDAP: Convert ldap_*_search_filter	Stephen Gallagher	1	-1/+5
	Instead of making this a global option for all user lookups, make it only used if the search base is passed without an explicit filter.
2011-11-02	LDAP: Add parser for multiple search bases	Stephen Gallagher	1	-0/+261

2011-11-02	Make sdap_get_id_specific_filter() more strict	Stephen Gallagher	1	-2/+2

2011-09-20	Fix uninitialized pointer read in sdap_gssapi_get_default_realm()	Jakub Hrozek	1	-1/+1
	https://fedorahosted.org/sssd/ticket/1003
2011-08-26	Use the default Kerberos realm for LDAP with GSSAPI auth	Jakub Hrozek	1	-3/+55
	https://fedorahosted.org/sssd/ticket/970
2011-08-26	Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON	Jakub Hrozek	1	-1/+2
	https://fedorahosted.org/sssd/ticket/978
2011-08-15	sysdb refactoring: deleted domain variables in sysdb API	Jan Zeleny	1	-3/+1
	The patch also updates code using modified functions. Tests have also been adjusted.
2011-07-21	fo_get_server_name() getter for a server name	Jakub Hrozek	1	-1/+10
	Allows to be more concise in tests and more defensive in resolve callbacks
2011-07-21	Rename fo_get_server_name to fo_get_server_str_name	Jakub Hrozek	1	-2/+2

2011-07-21	Do not add a NULL host parsed from LDAP URI	Jakub Hrozek	1	-1/+8
	https://fedorahosted.org/sssd/ticket/911
2011-07-08	Add LDAP access control based on NDS attributes	Sumit Bose	1	-2/+8

2011-07-08	Add helper function msgs2attrs_array	Stephen Gallagher	1	-0/+29
	This function converts a list of ldb_messages into a list of sysdb_attrs.
2011-06-30	Use name based URI instead of IP address based URIs	Sumit Bose	1	-37/+2

2011-06-30	Add sockaddr_storage to sdap_service	Sumit Bose	1	-0/+11

2011-06-15	Switch resolver to using resolv_hostent and honor TTL	Jakub Hrozek	1	-2/+2

2011-06-02	Use escaped IP addresses in LDAP provider	Jakub Hrozek	1	-6/+56

2011-05-24	Make "password" the default for ldap_default_authtok_type	Stephen Gallagher	1	-1/+1

2011-05-20	Use dereference when processing RFC2307bis nested groups	Jakub Hrozek	1	-1/+2
	Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799
2011-04-27	Add ldap_page_size configuration option	Stephen Gallagher	1	-1/+2

2011-04-25	Modify principal selection for keytab authentication	Jan Zeleny	1	-0/+1
	Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
2011-04-19	Add user and group search LDAP filter options	Jakub Hrozek	1	-0/+20
	https://fedorahosted.org/sssd/ticket/647
2011-04-12	Never remove gecos from the sysdb cache	Stephen Gallagher	1	-0/+9
	Now that gecos can come from either the 'gecos' or 'cn' attributes, we need to ensure that we never remove it from the cache.
2011-03-24	Add host access control support	Pierre Ossman	1	-2/+4
	https://fedorahosted.org/sssd/ticket/746
2011-02-16	Do not attempt to use START_TLS on SSL connections	Stephen Gallagher	1	-0/+9
	Not all LDAP servers are capable of handling dual-encryption with both TLS and SSL. https://fedorahosted.org/sssd/ticket/795
2011-01-27	Add option to disable TLS for LDAP auth	Stephen Gallagher	1	-1/+5
	Option is named to discourage use in production environments and is intentionally not listed in the SSSDConfig API.
2011-01-21	Delete attributes that are removed from LDAP	Stephen Gallagher	1	-0/+117
	Sometimes, a value in LDAP will cease to exist (the classic example being shadowExpire). We need to make sure we purge that value from SSSD's sysdb as well. https://fedorahosted.org/sssd/ticket/750
2011-01-20	Add ldap_tls_{cert,key,cipher_suite} config options	Tyson Whitehead	1	-0/+3
	Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2011-01-19	Add LDAP expire policy base RHDS/IPA attribute	Sumit Bose	1	-2/+4
	The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
2011-01-19	Add LDAP expire policy based on AD attributes	Sumit Bose	1	-2/+6
	The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
2011-01-17	Add ldap_search_enumeration_timeout config option	Sumit Bose	1	-2/+3

2011-01-06	Convert obfuscated password once at startup	Sumit Bose	1	-0/+41

2010-12-21	Add authorizedService support	Stephen Gallagher	1	-2/+4
	https://fedorahosted.org/sssd/ticket/670
2010-12-17	Start first enumeration immediately	Stephen Gallagher	1	-3/+28
	Previously, we would wait for ten seconds before starting an enumeration. However, this meant that on the first startup (before we had run our first enumeration) there was a ten-second window where clients would immediately get back a response with no entries instead of blocking until the enumeration completed. With this patch, SSSD will now run an enumeration immediately upon startup. Further startups will retain the ten-second delay so as not to slow down system bootups. https://fedorahosted.org/sssd/ticket/616
2010-12-14	Fix uninitialized value error in sdap_account_expired_shadow()	Sumit Bose	1	-2/+2
	https://fedorahosted.org/sssd/ticket/726
2010-12-07	Replace krb5_kdcip by krb5_server in LDAP provider	Sumit Bose	1	-3/+11

2010-12-07	ldap: Use USN entries if available.	Simo Sorce	1	-2/+6
	Otherwise fallback to the default modifyTimestamp indicator
2010-12-07	ldap: add checks to determine if USN features are available.	Simo Sorce	1	-5/+5