summaryrefslogtreecommitdiff
path: root/src/providers/ldap/ldap_id.c
AgeCommit message (Collapse)AuthorFilesLines
2012-05-31Add support for filtering atributesJan Zeleny1-6/+6
This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
2012-05-10LDAP: Add attr_count return value to build_attrs_from_map()Stephen Gallagher1-3/+3
This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL.
2012-05-03LDAP: Enable looking up id-mapped groups by GIDStephen Gallagher1-2/+45
2012-05-03LDAP: Allow looking up ID-mapped groups by nameStephen Gallagher1-11/+20
2012-05-03LDAP: Enable looking up id-mapped users by UIDStephen Gallagher1-6/+43
2012-01-31LDAP: Add enumeration support for servicesStephen Gallagher1-0/+2
2012-01-31LDAP: Add support for service lookups (non-enum)Stephen Gallagher1-0/+30
2011-12-19Pass sdap_id_ctx to online check from IPA providerJakub Hrozek1-17/+40
2011-11-29Provide means of forcing TLS and GSSAPI enabled/disabled for sdap connectionsJakub Hrozek1-1/+2
2011-11-25Fix sdap_id_ctx/ipa_id_ctx mismatch in IPA providerJakub Hrozek1-2/+13
This was causing a segfault during HBAC processing and any ID lookups except for netgroups
2011-11-23Renamed some LDAP routinesJan Zeleny1-2/+2
These were renamed just ot make sure they are not mistook for IPA netgroup functions.
2011-11-02LDAP: Add support for multiple search bases for group enumerationStephen Gallagher1-1/+2
2011-11-02LDAP: Add support for multiple search bases for user enumerationStephen Gallagher1-1/+2
2011-11-02LDAP: Convert ldap_*_search_filterStephen Gallagher1-32/+12
Instead of making this a global option for all user lookups, make it only used if the search base is passed without an explicit filter.
2011-11-02LDAP: Support multiple group search bases (non-enumeration, RFC2307)Stephen Gallagher1-1/+3
2011-11-02LDAP: Support multiple user search bases (non-enumeration)Stephen Gallagher1-0/+1
2011-10-03Use explicit base 10 for converting strings to integersJakub Hrozek1-2/+2
https://fedorahosted.org/sssd/ticket/1013
2011-08-15sysdb refactoring: memory context deletedJan Zeleny1-7/+5
This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
2011-08-15sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny1-9/+4
The patch also updates code using modified functions. Tests have also been adjusted.
2011-08-04Fix returning groups when gidNumber attribute is not orderedJakub Hrozek1-1/+3
https://fedorahosted.org/sssd/ticket/951
2011-07-27Explicitly ignore groups with gidNumber=0Jakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/916
2011-05-04Fixed lastUSN checking improvementsJan Zeleny1-3/+6
This patch fixes some issues with setting lastUSN attribute and it adds check against the highest user/group USN after enumeration to keep better track of the real highest USN. Optimal solution here would be to schedule a check of rootDSE entry right after the enumeration finishes, but for the moment this is good enough.
2011-04-19Add last usn checking after reconnectionJan Zeleny1-1/+16
When reconnecting to the LDAP server supporting USNs (either because of new incomming id operation or invokation of callback responsible for checking status of the backend), detect whether the highest USN is lower than the one SSSD has recorded. If so, setup enumeration/cleanup to refresh potentionally changed account information in the SSSD cache. Related ticket: https://fedorahosted.org/sssd/ticket/734
2011-04-19Add user and group search LDAP filter optionsJakub Hrozek1-13/+32
https://fedorahosted.org/sssd/ticket/647
2011-04-15Do not throw a DP error when failing to delete a nonexistent entityStephen Gallagher1-4/+4
2011-03-14Require existence of GID number and name in group searchesStephen Gallagher1-3/+6
https://fedorahosted.org/sssd/ticket/824
2011-02-18Remove cached user entry if initgroups returns ENOENTStephen Gallagher1-0/+11
This behavior was present for getpwnam() but was lacking for initgroups.
2011-01-21Add the user's primary group to the initgroups lookupStephen Gallagher1-5/+6
The user may not be a direct member of their primary group, but we still want to make sure that group is cached on the system.
2011-01-17Add timeout parameter to sdap_get_generic_send()Sumit Bose1-2/+6
2010-12-07ldap: add checks to determine if USN features are available.Simo Sorce1-1/+1
2010-12-02Add a special filter type to handle enumerationsSumit Bose1-17/+6
2010-12-01Add check_online method to LDAP ID providerSumit Bose1-0/+41
2010-11-15Sanitize search filters in LDAP providerStephen Gallagher1-2/+16
2010-10-26Always use uint32_t for UID/GID numbersJakub Hrozek1-6/+5
2010-10-18Use unsigned long for conversion to id_tJakub Hrozek1-2/+2
We used strtol() on a number of places to convert into uid_t or gid_t from a string representation such as LDAP attribute, but on some platforms, unsigned long might be necessary to store big id_t values. This patch converts to using strtoul() instead.
2010-10-13Implement netgroup support for LDAP providerSumit Bose1-0/+26
2010-09-22Request all group attributes during initgroups processingStephen Gallagher1-0/+1
We tried to be too clever and only requested the name of the group, but we require the objectClass to validate the results. https://fedorahosted.org/sssd/ticket/622
2010-07-09Use new LDAP connection framework to get user account groups from LDAP.eindenbom1-108/+67
2010-07-09Use new LDAP connection framework to get group account info from LDAP.eindenbom1-36/+65
2010-07-09Use new LDAP connection framework to get user account info from LDAP.eindenbom1-37/+90
2010-05-07Fix segfault in GSSAPI reconnect codeStephen Gallagher1-55/+35
Also clean up some duplicated code into a single common routine sdap_account_info_common_done()
2010-05-03Better handle sdap_handle memory from callers.Simo Sorce1-16/+40
Always just mark the sdap_handle as not connected and let later _send() functions to take care of freeing the handle before reconnecting. Introduce restart functions to avoid calling _send() functions in _done() functions error paths as this would have the same effect as directly freeing the sdap_handle and cause access to freed memory in sdap_handle_release() By freeing sdap_handle only in the connection _recv() function we guarantee it can never be done within sdap_handle_release() but only in a following event.
2010-04-12sysdb: delete sysdb_delete_groupSimo Sorce1-33/+10
2010-04-12sysdb: convert sysdb_delete_userSimo Sorce1-33/+10
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+795
Also update BUILD.txt