summaryrefslogtreecommitdiff
path: root/src/providers/ldap/ldap_init.c
AgeCommit message (Collapse)AuthorFilesLines
2013-06-10providers: refresh expired netgroupsPavel Březina1-0/+11
https://fedorahosted.org/sssd/ticket/1713
2013-06-07LDAP: new SDAP domain structureJakub Hrozek1-1/+1
Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain.
2013-06-07LDAP: sdap_id_ctx might contain several connectionsJakub Hrozek1-22/+23
With some LDAP server implementations, one server might provide different "views" of the identites on different ports. One example is the Active Directory Global catalog. The provider would contact different view depending on which operation it is performing and against which SSSD domain. At the same time, these views run on the same server, which means the same server options, enumeration, cleanup or Kerberos service should be used. So instead of using several different failover ports or several instances of sdap_id_ctx, this patch introduces a new "struct sdap_id_conn_ctx" that contains the connection cache to the particular view and an instance of "struct sdap_options" that contains the URI. No functional changes are present in this patch, currently all providers use a single connection. Multiple connections will be used later in the upcoming patches.
2013-05-20Remove unneeded parameter of setup_child and namespace itJakub Hrozek1-1/+1
setup_child() was accepting a parameter it didn't use. Also the function name was too generic, so I added a sdap prefix.
2013-05-20Fixing critical format string issues.Lukas Slebodnik1-1/+3
--missing arguments. --format '%s', but argument is integer. --wrong format string, examle: '%\n'
2013-05-13LDAP: Always initialize idmap objectJakub Hrozek1-5/+3
https://fedorahosted.org/sssd/ticket/1922 Since we always store the SID now, we need to always initialize the ID mapping object in LDAP provider as well. Some users might want to configure the LDAP provider with ID mapping, not the AD provider itself.
2013-04-10DNS sites support - use SRV DNS lookup plugin in all providersPavel Březina1-0/+9
https://fedorahosted.org/sssd/ticket/1032 We set a plugin during an initialization of ID provider, which is an authoritative provider for a plugin choice. The plugin is set only once. When other provider is initalized (e.g. id = IPA, sudo = LDAP), we do not overwrite the plugin. Since sssm_*_id_init() is called from all module constructors, this patch relies on the fact, that ID provider is initialized before all other providers.
2013-01-14let ldap_backup_chpass_uri workPavel Březina1-2/+4
https://fedorahosted.org/sssd/ticket/1760
2013-01-02failover: Protect against empty host namesMichal Zidek1-1/+1
Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484
2012-08-01Primary server support: new option in ldap providerJan Zeleny1-4/+3
This patch adds support for new config option ldap_backup_uri. The description of this option's functionality is included in man page in previous patch.
2012-08-01Primary server support: LDAP adaptationJan Zeleny1-2/+3
This patch adds support for the primary server functionality into LDAP provider. No backup servers are added at the moment, just the basic support is in place.
2012-06-20Move some debug lines to new debug log levelsStef Walter1-1/+1
* These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
2012-05-03LDAP: Initialize ID mapping when configuredStephen Gallagher1-0/+7
2012-02-05Do not call sudo functions if built without-sudoJakub Hrozek1-1/+7
2012-02-05AUTOFS: LDAP providerJakub Hrozek1-0/+31
2012-02-04Move BUILD_SUDO outside the generic LDAP source filesJakub Hrozek1-27/+8
Avoid #ifdefs in the general part of the code
2012-01-17SUDO Integration - periodical update of rules in data providerPavel Březina1-0/+5
https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
2011-12-19Move child_common routines to utilStephen Gallagher1-1/+1
2011-12-16SUDO integration - LDAP providerPavel Březina1-0/+39
2011-11-02Fix size return for split_on_separator()Stephen Gallagher1-5/+5
It was returning the size of the array, rather than the number of elements. (The array was NULL-terminated). This argument was only used in one place that was actually working around this odd return value.
2011-07-08Add LDAP access control based on NDS attributesSumit Bose1-0/+1
2011-03-24Add host access control supportPierre Ossman1-0/+2
https://fedorahosted.org/sssd/ticket/746
2011-01-19Add LDAP expire policy base RHDS/IPA attributeSumit Bose1-1/+4
The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
2011-01-19Add LDAP expire policy based on AD attributesSumit Bose1-1/+2
The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
2010-12-21Add authorizedService supportStephen Gallagher1-0/+2
https://fedorahosted.org/sssd/ticket/670
2010-12-20Avoid multiple initializations in LDAP providerSumit Bose1-39/+30
Currently in a domain where LDAP was used for id and auth the LDAP UIR was added multiple times to the failover code which may cause unwanted delays.
2010-12-07Pass sdap_id_ctx in sdap_id_op functions.Simo Sorce1-3/+1
2010-12-06Add ldap_chpass_uri config optionSumit Bose1-0/+21
2010-12-06Add new account expired rule to LDAP access providerSumit Bose1-22/+112
Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
2010-12-01Add check_online method to LDAP ID providerSumit Bose1-1/+2
2010-10-15Check for GSSAPI before attempting to kinitJakub Hrozek1-8/+12
2010-10-13Initialize kerberos service for GSSAPIJakub Hrozek1-0/+11
2010-07-09Remove remainder of now unused global LDAP connection handle.eindenbom1-7/+0
2010-07-09LDAP connection usage tracking, sharing and failover retry framework.eindenbom1-0/+7
2010-06-14Don't segfault if ldap_access_filter is unspecifiedStephen Gallagher1-12/+13
https://fedorahosted.org/sssd/ticket/539
2010-06-09Allow ldap_access_filter values wrapped in parenthesesStephen Gallagher1-2/+20
2010-05-27Fix check if LDAP id provider is already initializedSumit Bose1-1/+1
2010-05-27Add ldap_access_filter optionStephen Gallagher1-0/+56
This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
2010-05-27Add offline callback to disconnect global SDAP handleSumit Bose1-0/+7
2010-05-07Use service discovery in backendsJakub Hrozek1-8/+16
Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
2010-04-16Make ID provider init functions clearerStephen Gallagher1-3/+3
Using sssm_*_init() as the name of the initialization function for identity providers was a holdover from earlier development when we thought we would only have a single "provider" entry in the config file. As we have now separated out the initialization functions for auth, chpass and access, we should rename sssm_*_init() to sssm_*_id_init() for a cleaner interface.
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+179
Also update BUILD.txt