sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2011-11-23	Modified sdap_parse_search_base()	Jan Zeleny	1	-9/+8

2011-11-02	Support to request canonicalization in LDAP/IPA provider	Jan Zeleny	1	-0/+1
	https://fedorahosted.org/sssd/ticket/957
2011-11-02	LDAP: Convert ldap_*_search_filter	Stephen Gallagher	1	-1/+5
	Instead of making this a global option for all user lookups, make it only used if the search base is passed without an explicit filter.
2011-11-02	LDAP: Add parser for multiple search bases	Stephen Gallagher	1	-0/+261

2011-11-02	Make sdap_get_id_specific_filter() more strict	Stephen Gallagher	1	-2/+2

2011-09-20	Fix uninitialized pointer read in sdap_gssapi_get_default_realm()	Jakub Hrozek	1	-1/+1
	https://fedorahosted.org/sssd/ticket/1003
2011-08-26	Use the default Kerberos realm for LDAP with GSSAPI auth	Jakub Hrozek	1	-3/+55
	https://fedorahosted.org/sssd/ticket/970
2011-08-26	Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON	Jakub Hrozek	1	-1/+2
	https://fedorahosted.org/sssd/ticket/978
2011-08-15	sysdb refactoring: deleted domain variables in sysdb API	Jan Zeleny	1	-3/+1
	The patch also updates code using modified functions. Tests have also been adjusted.
2011-07-21	fo_get_server_name() getter for a server name	Jakub Hrozek	1	-1/+10
	Allows to be more concise in tests and more defensive in resolve callbacks
2011-07-21	Rename fo_get_server_name to fo_get_server_str_name	Jakub Hrozek	1	-2/+2

2011-07-21	Do not add a NULL host parsed from LDAP URI	Jakub Hrozek	1	-1/+8
	https://fedorahosted.org/sssd/ticket/911
2011-07-08	Add LDAP access control based on NDS attributes	Sumit Bose	1	-2/+8

2011-07-08	Add helper function msgs2attrs_array	Stephen Gallagher	1	-0/+29
	This function converts a list of ldb_messages into a list of sysdb_attrs.
2011-06-30	Use name based URI instead of IP address based URIs	Sumit Bose	1	-37/+2

2011-06-30	Add sockaddr_storage to sdap_service	Sumit Bose	1	-0/+11

2011-06-15	Switch resolver to using resolv_hostent and honor TTL	Jakub Hrozek	1	-2/+2

2011-06-02	Use escaped IP addresses in LDAP provider	Jakub Hrozek	1	-6/+56

2011-05-24	Make "password" the default for ldap_default_authtok_type	Stephen Gallagher	1	-1/+1

2011-05-20	Use dereference when processing RFC2307bis nested groups	Jakub Hrozek	1	-1/+2
	Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799
2011-04-27	Add ldap_page_size configuration option	Stephen Gallagher	1	-1/+2

2011-04-25	Modify principal selection for keytab authentication	Jan Zeleny	1	-0/+1
	Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
2011-04-19	Add user and group search LDAP filter options	Jakub Hrozek	1	-0/+20
	https://fedorahosted.org/sssd/ticket/647
2011-04-12	Never remove gecos from the sysdb cache	Stephen Gallagher	1	-0/+9
	Now that gecos can come from either the 'gecos' or 'cn' attributes, we need to ensure that we never remove it from the cache.
2011-03-24	Add host access control support	Pierre Ossman	1	-2/+4
	https://fedorahosted.org/sssd/ticket/746
2011-02-16	Do not attempt to use START_TLS on SSL connections	Stephen Gallagher	1	-0/+9
	Not all LDAP servers are capable of handling dual-encryption with both TLS and SSL. https://fedorahosted.org/sssd/ticket/795
2011-01-27	Add option to disable TLS for LDAP auth	Stephen Gallagher	1	-1/+5
	Option is named to discourage use in production environments and is intentionally not listed in the SSSDConfig API.
2011-01-21	Delete attributes that are removed from LDAP	Stephen Gallagher	1	-0/+117
	Sometimes, a value in LDAP will cease to exist (the classic example being shadowExpire). We need to make sure we purge that value from SSSD's sysdb as well. https://fedorahosted.org/sssd/ticket/750
2011-01-20	Add ldap_tls_{cert,key,cipher_suite} config options	Tyson Whitehead	1	-0/+3
	Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2011-01-19	Add LDAP expire policy base RHDS/IPA attribute	Sumit Bose	1	-2/+4
	The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
2011-01-19	Add LDAP expire policy based on AD attributes	Sumit Bose	1	-2/+6
	The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
2011-01-17	Add ldap_search_enumeration_timeout config option	Sumit Bose	1	-2/+3

2011-01-06	Convert obfuscated password once at startup	Sumit Bose	1	-0/+41

2010-12-21	Add authorizedService support	Stephen Gallagher	1	-2/+4
	https://fedorahosted.org/sssd/ticket/670
2010-12-17	Start first enumeration immediately	Stephen Gallagher	1	-3/+28
	Previously, we would wait for ten seconds before starting an enumeration. However, this meant that on the first startup (before we had run our first enumeration) there was a ten-second window where clients would immediately get back a response with no entries instead of blocking until the enumeration completed. With this patch, SSSD will now run an enumeration immediately upon startup. Further startups will retain the ten-second delay so as not to slow down system bootups. https://fedorahosted.org/sssd/ticket/616
2010-12-14	Fix uninitialized value error in sdap_account_expired_shadow()	Sumit Bose	1	-2/+2
	https://fedorahosted.org/sssd/ticket/726
2010-12-07	Replace krb5_kdcip by krb5_server in LDAP provider	Sumit Bose	1	-3/+11

2010-12-07	ldap: Use USN entries if available.	Simo Sorce	1	-2/+6
	Otherwise fallback to the default modifyTimestamp indicator
2010-12-07	ldap: add checks to determine if USN features are available.	Simo Sorce	1	-5/+5

2010-12-06	Add ldap_chpass_uri config option	Sumit Bose	1	-1/+9

2010-12-06	Add new account expired rule to LDAP access provider	Sumit Bose	1	-1/+3
	Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
2010-12-06	Make string_to_shadowpw_days() public	Sumit Bose	1	-0/+34

2010-12-01	Allow protocol fallback for SRV queries	Jakub Hrozek	1	-3/+2
	https://fedorahosted.org/sssd/ticket/691
2010-11-15	Properly document ldap_purge_cache_timeout	Stephen Gallagher	1	-1/+9
	Also allow it to be disabled entirely
2010-11-04	Make ldap_search_base a non-mandatory option	Sumit Bose	1	-35/+25

2010-10-22	Add ldap_deref option	Sumit Bose	1	-1/+12

2010-10-18	Add option to limit nested groups	Simo Sorce	1	-1/+2

2010-10-13	Add infrastructure to LDAP provider for netgroup support	Sumit Bose	1	-2/+38

2010-10-13	Initialize kerberos service for GSSAPI	Jakub Hrozek	1	-0/+171

2010-10-13	Add KDC to the list of LDAP options	Jakub Hrozek	1	-0/+1