summaryrefslogtreecommitdiff
path: root/src/providers/ldap/sdap.h
AgeCommit message (Collapse)AuthorFilesLines
2013-06-10A new option krb5_use_kdcinfoJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/1883 The patch introduces a new Kerberos provider option called krb5_use_kdcinfo. The option is true by default in all providers. When set to false, the SSSD will not create krb5 info files that the locator plugin consumes and the user would have to set up the Kerberos options manually in krb5.conf
2013-06-07LDAP: new SDAP domain structureJakub Hrozek1-8/+20
Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain.
2013-05-23Adding option to disable retrieving large AD groups.Lukas Slebodnik1-1/+3
This commit adds new option ldap_disable_range_retrieval with default value FALSE. If this option is enabled, large groups(>1500) will not be retrieved and behaviour will be similar like was before commit ae8d047122c "LDAP: Handle very large Active Directory groups" https://fedorahosted.org/sssd/ticket/1823
2013-05-23Removing unused functions.Lukas Slebodnik1-8/+0
This patch remove unused functions sdap_parse_user and sdap_parse_group
2013-03-21LDAP: If deref search fails, try again without derefJan Cholasta1-0/+1
https://fedorahosted.org/sssd/ticket/1660
2013-03-20ldap: Fallback option for rfc2307 schemaSimo Sorce1-0/+1
Add option to fallback to fetch local users if rfc2307is being used. This is useful for cases where people added local users as LDAP members and rely on these group memberships to be maintained on the local host. Disabled by default as it violates identity domain separation. Ticket: https://fedorahosted.org/sssd/ticket/1020
2013-03-19Use common error facility instead of sdap_resultSimo Sorce1-13/+0
Simplifies and consolidates error reporting for ldap authentication paths. Adds 3 new error codes: ERR_CHPASS_DENIED - Used when password constraints deny password changes ERR_ACCOUNT_EXPIRED - Account is expired ERR_PASSWORD_EXPIRED - Password is expired
2013-01-09AD: replace GID/UID, do not add another oneJakub Hrozek1-0/+2
The code would call sysdb_attrs_add_uint32 which added another UID or GID to the ID=0 we already downloaded from LDAP (0 is the default value) when ID-mapping an entry. This led to funky behaviour later on when we wanted to process the ID.
2012-09-24AD: Detect domain controller compatibility versionStephen Gallagher1-0/+13
2012-08-01Primary server support: new options in krb5 providerJan Zeleny1-0/+1
This patch adds support for new config options krb5_backup_server and krb5_backup_kpasswd. The description of this option's functionality is included in man page in one of previous patches.
2012-08-01Primary server support: new option in ldap providerJan Zeleny1-0/+2
This patch adds support for new config option ldap_backup_uri. The description of this option's functionality is included in man page in previous patch.
2012-06-29sudo: add host info optionsPavel Březina1-0/+5
Adds some option that allows to manually configure a host filter. ldap_sudo_use_host_filter - if false, we will download all rules regardless their sudoHost attribute ldap_sudo_hostnames - list hostnames and/or fqdn that should be downloaded, separated with spaces ldap_sudo_ip - list of IPv4/6 address and/or network that should be downloaded, separated with spaces ldap_sudo_include_netgroups - include rules that contains netgroup in sudoHost ldap_sudo_include_regexp - include rules that contains regular expression in sudoHost
2012-06-29sudo provider: add ldap_sudo_smart_refresh_intervalPavel Březina1-0/+1
2012-06-29ldap provider: add sudo usn valuePavel Březina1-0/+2
2012-06-29sudo provider: remove old timerPavel Březina1-2/+0
2012-06-29sudo provider: add ldap_sudo_full_refresh_intervalPavel Březina1-0/+1
2012-06-13LDAP: Auto-detect support for the ldap match ruleStephen Gallagher1-0/+2
This patch extends the RootDSE lookup so that we will perform a second request to test whether the match rule syntax can be used. If both groups and initgroups are disabled in the configuration, this lookup request can be skipped.
2012-06-13LDAP: Add ldap_*_use_matching_rule_in_chain optionsStephen Gallagher1-0/+2
2012-05-31Add support for filtering atributesJan Zeleny1-0/+1
This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
2012-05-10LDAP: Add attr_count return value to build_attrs_from_map()Stephen Gallagher1-1/+3
This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL.
2012-05-03LDAP: Map the user's primaryGroupIDStephen Gallagher1-0/+1
2012-05-03LDAP: Allow setting a default domain for id-mapping slice 0Stephen Gallagher1-0/+2
2012-05-03LDAP: Add autorid compatibility modeStephen Gallagher1-0/+1
2012-05-03LDAP: Initialize ID mapping when configuredStephen Gallagher1-0/+3
2012-05-03LDAP: Add ID mapping range settingsStephen Gallagher1-0/+3
2012-05-03LDAP: Add id-mapping optionStephen Gallagher1-0/+1
2012-05-03LDAP: Add objectSID config optionStephen Gallagher1-0/+2
2012-03-28Add terminator for sdap_attr_mapStephen Gallagher1-0/+1
2012-02-24IPA hosts refactoringJan Zeleny1-2/+0
2012-02-07LDAP: Add support for SSH user public keysJan Cholasta1-0/+1
2012-02-06Update shadowLastChanged attribute during LDAP password changeJan Zeleny1-0/+1
https://fedorahosted.org/sssd/ticket/1019
2012-02-06Session target in IPA providerJan Zeleny1-0/+1
2012-02-05AUTOFS: LDAP providerJakub Hrozek1-0/+19
2012-02-04NSS: Add individual timeouts for entry typesStephen Gallagher1-1/+0
https://fedorahosted.org/sssd/ticket/1016
2012-01-31LDAP: Add enumeration support for servicesStephen Gallagher1-0/+1
2012-01-31LDAP: Add support for service lookups (non-enum)Stephen Gallagher1-0/+13
2012-01-18LDAP: Add option to disable paging controlStephen Gallagher1-0/+1
Fixes https://fedorahosted.org/sssd/ticket/967
2012-01-17SUDO Integration - periodical update of rules in data providerPavel Březina1-0/+2
https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
2011-12-16SUDO Integration - LDAP configuration optionsPavel Březina1-0/+20
2011-12-12Add sdap_connection_expire_timeout optionStephen Gallagher1-0/+1
https://fedorahosted.org/sssd/ticket/1036
2011-12-08Add ldap_sasl_minssf optionJan Zeleny1-0/+1
https://fedorahosted.org/sssd/ticket/1075
2011-11-23Renamed some LDAP routinesJan Zeleny1-0/+1
These were renamed just ot make sure they are not mistook for IPA netgroup functions.
2011-11-22Cleanup: Remove unused parametersJakub Hrozek1-2/+0
2011-11-02Support to request canonicalization in LDAP/IPA providerJan Zeleny1-0/+1
https://fedorahosted.org/sssd/ticket/957
2011-11-02LDAP: Add parser for multiple search basesStephen Gallagher1-0/+11
2011-11-02Remove unused sdap_options attributesStephen Gallagher1-3/+0
These DNs were never assigned or referenced anywhere.
2011-09-06Improve error message for LDAP password constraint violationJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/985
2011-08-26Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/978
2011-07-08Add LDAP access control based on NDS attributesSumit Bose1-0/+6
2011-06-30Add sockaddr_storage to sdap_serviceSumit Bose1-0/+1
generated by cgit (git 2.34.1) at 2024-11-15 06:01:20 +0000