Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
The patch adds support for BE_REQ_BY_SECID and BE_REQ_USER_AND_GROUP to
the LDAP provider. Since the AD and the IPA provider use the same code
they support those request now as well.
Besides allowing that users and groups can be searched by the SID as
well the new request allows to search users and groups in one run, i.e.
if there is not user matching the search criteria groups are searched as
well.
|
|
This patch add a new filter type to the data-provider interface which
can be used for SID-based lookups.
|
|
Add option to fallback to fetch local users if rfc2307is being used.
This is useful for cases where people added local users as LDAP members
and rely on these group memberships to be maintained on the local host.
Disabled by default as it violates identity domain separation.
Ticket:
https://fedorahosted.org/sssd/ticket/1020
|
|
In preparation for making struct be_req opaque.
|
|
In preparation for making be_req opaque
|
|
The sysdb context is already available through the 'domain' structure.
|
|
Also remove sysdb_delete_domgroup()
|
|
Also remove sysdb_delete_domuser()
|
|
|
|
Avoids hardcoding magic numbers everywhere and self documents why a
mask is being applied.
|
|
|
|
https://fedorahosted.org/sssd/ticket/1376
|
|
https://fedorahosted.org/sssd/ticket/734
We successfully detect when the server is reinitialized by testing
the new lastUSN value. The maximum USN values are set to zero, but
the current cache content remains.
This patch removes records that were deleted from the server.
It uses the following approach:
1. remove entryUSN attribute from all entries
2. run enumeration
3. remove records that doesn't have entryUSN attribute updated
We don't need to do this for sudo rules, they will be refreshed
automatically during next smart/full refresh, or when an expired rule
is deleted.
|
|
|
|
This patch adds support for filtering attributes when constructing
attribute list from a map for LDAP query.
|
|
This is necessary because in several places in the code, we are
appending to the attrs returned from this value, and if we relied
on the map size macro, we would be appending after the NULL
terminator if one or more attributes were defined as NULL.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This was causing a segfault during HBAC processing and any ID lookups
except for netgroups
|
|
These were renamed just ot make sure they are not mistook for IPA
netgroup functions.
|
|
|
|
|
|
Instead of making this a global option for all user lookups, make
it only used if the search base is passed without an explicit
filter.
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1013
|
|
This patch deletes memory context parameter in those places in sysdb
where it is not necessary. The code using modified functions has been
updated. Tests updated as well.
|
|
The patch also updates code using modified functions. Tests have also
been adjusted.
|
|
https://fedorahosted.org/sssd/ticket/951
|
|
https://fedorahosted.org/sssd/ticket/916
|
|
This patch fixes some issues with setting lastUSN attribute and it adds
check against the highest user/group USN after enumeration to keep
better track of the real highest USN. Optimal solution here would be to
schedule a check of rootDSE entry right after the enumeration finishes,
but for the moment this is good enough.
|
|
When reconnecting to the LDAP server supporting USNs (either because of new incomming
id operation or invokation of callback responsible for checking status
of the backend), detect whether the highest USN is lower than the one
SSSD has recorded. If so, setup enumeration/cleanup to refresh
potentionally changed account information in the SSSD cache.
Related ticket:
https://fedorahosted.org/sssd/ticket/734
|
|
https://fedorahosted.org/sssd/ticket/647
|
|
|
|
https://fedorahosted.org/sssd/ticket/824
|
|
This behavior was present for getpwnam() but was lacking for
initgroups.
|
|
The user may not be a direct member of their primary group, but
we still want to make sure that group is cached on the system.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We used strtol() on a number of places to convert into uid_t or gid_t
from a string representation such as LDAP attribute, but on some
platforms, unsigned long might be necessary to store big id_t values.
This patch converts to using strtoul() instead.
|