summaryrefslogtreecommitdiff
path: root/src/providers/ldap/ldap_init.c
AgeCommit message (Collapse)AuthorFilesLines
2012-06-20Move some debug lines to new debug log levelsStef Walter1-1/+1
* These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
2012-05-03LDAP: Initialize ID mapping when configuredStephen Gallagher1-0/+7
2012-02-05Do not call sudo functions if built without-sudoJakub Hrozek1-1/+7
2012-02-05AUTOFS: LDAP providerJakub Hrozek1-0/+31
2012-02-04Move BUILD_SUDO outside the generic LDAP source filesJakub Hrozek1-27/+8
Avoid #ifdefs in the general part of the code
2012-01-17SUDO Integration - periodical update of rules in data providerPavel Březina1-0/+5
https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
2011-12-19Move child_common routines to utilStephen Gallagher1-1/+1
2011-12-16SUDO integration - LDAP providerPavel Březina1-0/+39
2011-11-02Fix size return for split_on_separator()Stephen Gallagher1-5/+5
It was returning the size of the array, rather than the number of elements. (The array was NULL-terminated). This argument was only used in one place that was actually working around this odd return value.
2011-07-08Add LDAP access control based on NDS attributesSumit Bose1-0/+1
2011-03-24Add host access control supportPierre Ossman1-0/+2
https://fedorahosted.org/sssd/ticket/746
2011-01-19Add LDAP expire policy base RHDS/IPA attributeSumit Bose1-1/+4
The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
2011-01-19Add LDAP expire policy based on AD attributesSumit Bose1-1/+2
The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
2010-12-21Add authorizedService supportStephen Gallagher1-0/+2
https://fedorahosted.org/sssd/ticket/670
2010-12-20Avoid multiple initializations in LDAP providerSumit Bose1-39/+30
Currently in a domain where LDAP was used for id and auth the LDAP UIR was added multiple times to the failover code which may cause unwanted delays.
2010-12-07Pass sdap_id_ctx in sdap_id_op functions.Simo Sorce1-3/+1
2010-12-06Add ldap_chpass_uri config optionSumit Bose1-0/+21
2010-12-06Add new account expired rule to LDAP access providerSumit Bose1-22/+112
Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
2010-12-01Add check_online method to LDAP ID providerSumit Bose1-1/+2
2010-10-15Check for GSSAPI before attempting to kinitJakub Hrozek1-8/+12
2010-10-13Initialize kerberos service for GSSAPIJakub Hrozek1-0/+11
2010-07-09Remove remainder of now unused global LDAP connection handle.eindenbom1-7/+0
2010-07-09LDAP connection usage tracking, sharing and failover retry framework.eindenbom1-0/+7
2010-06-14Don't segfault if ldap_access_filter is unspecifiedStephen Gallagher1-12/+13
https://fedorahosted.org/sssd/ticket/539
2010-06-09Allow ldap_access_filter values wrapped in parenthesesStephen Gallagher1-2/+20
2010-05-27Fix check if LDAP id provider is already initializedSumit Bose1-1/+1
2010-05-27Add ldap_access_filter optionStephen Gallagher1-0/+56
This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
2010-05-27Add offline callback to disconnect global SDAP handleSumit Bose1-0/+7
2010-05-07Use service discovery in backendsJakub Hrozek1-8/+16
Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
2010-04-16Make ID provider init functions clearerStephen Gallagher1-3/+3
Using sssm_*_init() as the name of the initialization function for identity providers was a holdover from earlier development when we thought we would only have a single "provider" entry in the config file. As we have now separated out the initialization functions for auth, chpass and access, we should rename sssm_*_init() to sssm_*_id_init() for a cleaner interface.
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+179
Also update BUILD.txt