summaryrefslogtreecommitdiff
path: root/src/providers/ldap/ldap_common.c
AgeCommit message (Collapse)AuthorFilesLines
2012-06-20Move some debug lines to new debug log levelsStef Walter1-1/+1
* These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
2012-05-31Add support for filtering atributesJan Zeleny1-1/+2
This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
2012-05-10LDAP: Add attr_count return value to build_attrs_from_map()Stephen Gallagher1-4/+1
This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL.
2012-05-03LDAP: Add helper routine to convert LDAP blob to SID stringStephen Gallagher1-0/+37
2012-03-28Put dp_option maps in their own fileStephen Gallagher1-279/+2
There is no functional change due to this patch.
2012-03-16Fix uninitialized variableJakub Hrozek1-1/+1
2012-03-14LDAP: Add AD 2008r2 schemaStephen Gallagher1-2/+49
https://fedorahosted.org/sssd/ticket/1031
2012-03-01IPA: Set the DNS discovery domain to match ipa_domainStephen Gallagher1-1/+2
https://fedorahosted.org/sssd/ticket/1217
2012-02-24Modifications to simplify list_missing_attrsJan Zeleny1-6/+14
2012-02-23IPA: Add ipa_parse_search_base()Stephen Gallagher1-10/+23
Previously, we were using sdap_parse_search_base() for setting up the search_base objects for use in IPA. However, this was generating unfriendly log messages about unknown search base types. This patch creates a new common_parse_search_base() routine that can be used with either LDAP or IPA providers. https://fedorahosted.org/sssd/ticket/1151
2012-02-21Don't give memory context in confdb where not neededJan Zeleny1-1/+1
2012-02-13Add missing breaks to switch statementsStephen Gallagher1-0/+1
Coverity #12525 and #12524
2012-02-07LDAP: Add support for SSH user public keysJan Cholasta1-2/+4
2012-02-06Update shadowLastChanged attribute during LDAP password changeJan Zeleny1-0/+1
https://fedorahosted.org/sssd/ticket/1019
2012-02-05AUTOFS: LDAP providerJakub Hrozek1-0/+106
2012-02-04Move BUILD_SUDO outside the generic LDAP source filesJakub Hrozek1-60/+0
Avoid #ifdefs in the general part of the code
2012-02-04NSS: Add individual timeouts for entry typesStephen Gallagher1-1/+0
https://fedorahosted.org/sssd/ticket/1016
2012-02-04LDAP: Do not fail if RootDSE check cannot determine search basesStephen Gallagher1-3/+2
https://fedorahosted.org/sssd/ticket/1152
2012-01-31LDAP: Add support for service lookups (non-enum)Stephen Gallagher1-0/+33
2012-01-18LDAP: Add option to disable paging controlStephen Gallagher1-1/+2
Fixes https://fedorahosted.org/sssd/ticket/967
2012-01-18Do not use sudo symbols in LDAP provider unconditionallyJakub Hrozek1-0/+2
2012-01-17SUDO Integration - periodical update of rules in data providerPavel Březina1-0/+60
https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
2012-01-17SUDO Integration review issuesPavel Březina1-1/+1
2011-12-16SUDO Integration - LDAP configuration optionsPavel Březina1-1/+72
2011-12-16Export the function to convert ldb_result to sysdb_attrsJakub Hrozek1-29/+0
It will be reused later in the sudo responder
2011-12-12Add sdap_connection_expire_timeout optionStephen Gallagher1-1/+2
https://fedorahosted.org/sssd/ticket/1036
2011-12-08Add ldap_sasl_minssf optionJan Zeleny1-0/+1
https://fedorahosted.org/sssd/ticket/1075
2011-11-23Modified sdap_parse_search_base()Jan Zeleny1-9/+8
2011-11-02Support to request canonicalization in LDAP/IPA providerJan Zeleny1-0/+1
https://fedorahosted.org/sssd/ticket/957
2011-11-02LDAP: Convert ldap_*_search_filterStephen Gallagher1-1/+5
Instead of making this a global option for all user lookups, make it only used if the search base is passed without an explicit filter.
2011-11-02LDAP: Add parser for multiple search basesStephen Gallagher1-0/+261
2011-11-02Make sdap_get_id_specific_filter() more strictStephen Gallagher1-2/+2
2011-09-20Fix uninitialized pointer read in sdap_gssapi_get_default_realm()Jakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/1003
2011-08-26Use the default Kerberos realm for LDAP with GSSAPI authJakub Hrozek1-3/+55
https://fedorahosted.org/sssd/ticket/970
2011-08-26Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek1-1/+2
https://fedorahosted.org/sssd/ticket/978
2011-08-15sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny1-3/+1
The patch also updates code using modified functions. Tests have also been adjusted.
2011-07-21fo_get_server_name() getter for a server nameJakub Hrozek1-1/+10
Allows to be more concise in tests and more defensive in resolve callbacks
2011-07-21Rename fo_get_server_name to fo_get_server_str_nameJakub Hrozek1-2/+2
2011-07-21Do not add a NULL host parsed from LDAP URIJakub Hrozek1-1/+8
https://fedorahosted.org/sssd/ticket/911
2011-07-08Add LDAP access control based on NDS attributesSumit Bose1-2/+8
2011-07-08Add helper function msgs2attrs_arrayStephen Gallagher1-0/+29
This function converts a list of ldb_messages into a list of sysdb_attrs.
2011-06-30Use name based URI instead of IP address based URIsSumit Bose1-37/+2
2011-06-30Add sockaddr_storage to sdap_serviceSumit Bose1-0/+11
2011-06-15Switch resolver to using resolv_hostent and honor TTLJakub Hrozek1-2/+2
2011-06-02Use escaped IP addresses in LDAP providerJakub Hrozek1-6/+56
2011-05-24Make "password" the default for ldap_default_authtok_typeStephen Gallagher1-1/+1
2011-05-20Use dereference when processing RFC2307bis nested groupsJakub Hrozek1-1/+2
Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799
2011-04-27Add ldap_page_size configuration optionStephen Gallagher1-1/+2
2011-04-25Modify principal selection for keytab authenticationJan Zeleny1-0/+1
Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
2011-04-19Add user and group search LDAP filter optionsJakub Hrozek1-0/+20
https://fedorahosted.org/sssd/ticket/647