summaryrefslogtreecommitdiff
path: root/src/providers/ldap/ldap_init.c
AgeCommit message (Collapse)AuthorFilesLines
2011-03-24Add host access control supportPierre Ossman1-0/+2
https://fedorahosted.org/sssd/ticket/746
2011-01-19Add LDAP expire policy base RHDS/IPA attributeSumit Bose1-1/+4
The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
2011-01-19Add LDAP expire policy based on AD attributesSumit Bose1-1/+2
The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
2010-12-21Add authorizedService supportStephen Gallagher1-0/+2
https://fedorahosted.org/sssd/ticket/670
2010-12-20Avoid multiple initializations in LDAP providerSumit Bose1-39/+30
Currently in a domain where LDAP was used for id and auth the LDAP UIR was added multiple times to the failover code which may cause unwanted delays.
2010-12-07Pass sdap_id_ctx in sdap_id_op functions.Simo Sorce1-3/+1
2010-12-06Add ldap_chpass_uri config optionSumit Bose1-0/+21
2010-12-06Add new account expired rule to LDAP access providerSumit Bose1-22/+112
Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
2010-12-01Add check_online method to LDAP ID providerSumit Bose1-1/+2
2010-10-15Check for GSSAPI before attempting to kinitJakub Hrozek1-8/+12
2010-10-13Initialize kerberos service for GSSAPIJakub Hrozek1-0/+11
2010-07-09Remove remainder of now unused global LDAP connection handle.eindenbom1-7/+0
2010-07-09LDAP connection usage tracking, sharing and failover retry framework.eindenbom1-0/+7
2010-06-14Don't segfault if ldap_access_filter is unspecifiedStephen Gallagher1-12/+13
https://fedorahosted.org/sssd/ticket/539
2010-06-09Allow ldap_access_filter values wrapped in parenthesesStephen Gallagher1-2/+20
2010-05-27Fix check if LDAP id provider is already initializedSumit Bose1-1/+1
2010-05-27Add ldap_access_filter optionStephen Gallagher1-0/+56
This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
2010-05-27Add offline callback to disconnect global SDAP handleSumit Bose1-0/+7
2010-05-07Use service discovery in backendsJakub Hrozek1-8/+16
Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
2010-04-16Make ID provider init functions clearerStephen Gallagher1-3/+3
Using sssm_*_init() as the name of the initialization function for identity providers was a holdover from earlier development when we thought we would only have a single "provider" entry in the config file. As we have now separated out the initialization functions for auth, chpass and access, we should rename sssm_*_init() to sssm_*_id_init() for a cleaner interface.
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+179
Also update BUILD.txt