sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2012-08-01	Primary server support: new options in krb5 provider	Jan Zeleny	1	-0/+1
	This patch adds support for new config options krb5_backup_server and krb5_backup_kpasswd. The description of this option's functionality is included in man page in one of previous patches.
2012-08-01	Primary server support: new option in ldap provider	Jan Zeleny	1	-0/+2
	This patch adds support for new config option ldap_backup_uri. The description of this option's functionality is included in man page in previous patch.
2012-06-29	sudo: add host info options	Pavel Březina	1	-0/+5
	Adds some option that allows to manually configure a host filter. ldap_sudo_use_host_filter - if false, we will download all rules regardless their sudoHost attribute ldap_sudo_hostnames - list hostnames and/or fqdn that should be downloaded, separated with spaces ldap_sudo_ip - list of IPv4/6 address and/or network that should be downloaded, separated with spaces ldap_sudo_include_netgroups - include rules that contains netgroup in sudoHost ldap_sudo_include_regexp - include rules that contains regular expression in sudoHost
2012-06-29	sudo provider: add ldap_sudo_smart_refresh_interval	Pavel Březina	1	-0/+1

2012-06-29	ldap provider: add sudo usn value	Pavel Březina	1	-0/+2

2012-06-29	sudo provider: remove old timer	Pavel Březina	1	-2/+0

2012-06-29	sudo provider: add ldap_sudo_full_refresh_interval	Pavel Březina	1	-0/+1

2012-06-13	LDAP: Auto-detect support for the ldap match rule	Stephen Gallagher	1	-0/+2
	This patch extends the RootDSE lookup so that we will perform a second request to test whether the match rule syntax can be used. If both groups and initgroups are disabled in the configuration, this lookup request can be skipped.
2012-06-13	LDAP: Add ldap_*_use_matching_rule_in_chain options	Stephen Gallagher	1	-0/+2

2012-05-31	Add support for filtering atributes	Jan Zeleny	1	-0/+1
	This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
2012-05-10	LDAP: Add attr_count return value to build_attrs_from_map()	Stephen Gallagher	1	-1/+3
	This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL.
2012-05-03	LDAP: Map the user's primaryGroupID	Stephen Gallagher	1	-0/+1

2012-05-03	LDAP: Allow setting a default domain for id-mapping slice 0	Stephen Gallagher	1	-0/+2

2012-05-03	LDAP: Add autorid compatibility mode	Stephen Gallagher	1	-0/+1

2012-05-03	LDAP: Initialize ID mapping when configured	Stephen Gallagher	1	-0/+3

2012-05-03	LDAP: Add ID mapping range settings	Stephen Gallagher	1	-0/+3

2012-05-03	LDAP: Add id-mapping option	Stephen Gallagher	1	-0/+1

2012-05-03	LDAP: Add objectSID config option	Stephen Gallagher	1	-0/+2

2012-03-28	Add terminator for sdap_attr_map	Stephen Gallagher	1	-0/+1

2012-02-24	IPA hosts refactoring	Jan Zeleny	1	-2/+0

2012-02-07	LDAP: Add support for SSH user public keys	Jan Cholasta	1	-0/+1

2012-02-06	Update shadowLastChanged attribute during LDAP password change	Jan Zeleny	1	-0/+1
	https://fedorahosted.org/sssd/ticket/1019
2012-02-06	Session target in IPA provider	Jan Zeleny	1	-0/+1

2012-02-05	AUTOFS: LDAP provider	Jakub Hrozek	1	-0/+19

2012-02-04	NSS: Add individual timeouts for entry types	Stephen Gallagher	1	-1/+0
	https://fedorahosted.org/sssd/ticket/1016
2012-01-31	LDAP: Add enumeration support for services	Stephen Gallagher	1	-0/+1

2012-01-31	LDAP: Add support for service lookups (non-enum)	Stephen Gallagher	1	-0/+13

2012-01-18	LDAP: Add option to disable paging control	Stephen Gallagher	1	-0/+1
	Fixes https://fedorahosted.org/sssd/ticket/967
2012-01-17	SUDO Integration - periodical update of rules in data provider	Pavel Březina	1	-0/+2
	https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
2011-12-16	SUDO Integration - LDAP configuration options	Pavel Březina	1	-0/+20

2011-12-12	Add sdap_connection_expire_timeout option	Stephen Gallagher	1	-0/+1
	https://fedorahosted.org/sssd/ticket/1036
2011-12-08	Add ldap_sasl_minssf option	Jan Zeleny	1	-0/+1
	https://fedorahosted.org/sssd/ticket/1075
2011-11-23	Renamed some LDAP routines	Jan Zeleny	1	-0/+1
	These were renamed just ot make sure they are not mistook for IPA netgroup functions.
2011-11-22	Cleanup: Remove unused parameters	Jakub Hrozek	1	-2/+0

2011-11-02	Support to request canonicalization in LDAP/IPA provider	Jan Zeleny	1	-0/+1
	https://fedorahosted.org/sssd/ticket/957
2011-11-02	LDAP: Add parser for multiple search bases	Stephen Gallagher	1	-0/+11

2011-11-02	Remove unused sdap_options attributes	Stephen Gallagher	1	-3/+0
	These DNs were never assigned or referenced anywhere.
2011-09-06	Improve error message for LDAP password constraint violation	Jakub Hrozek	1	-0/+1
	https://fedorahosted.org/sssd/ticket/985
2011-08-26	Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON	Jakub Hrozek	1	-0/+1
	https://fedorahosted.org/sssd/ticket/978
2011-07-08	Add LDAP access control based on NDS attributes	Sumit Bose	1	-0/+6

2011-06-30	Add sockaddr_storage to sdap_service	Sumit Bose	1	-0/+1

2011-05-20	Use dereference when processing RFC2307bis nested groups	Jakub Hrozek	1	-0/+1
	Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799
2011-05-20	OpenLDAP dereference searches	Jakub Hrozek	1	-0/+7
	This dereference method is supported at least by OpenLDAP and 389DS/RHDS For more details, see: http://tools.ietf.org/html/draft-masarati-ldap-deref-00
2011-05-20	Generic dereference data structures and utilities	Jakub Hrozek	1	-0/+10
	These will be shared by both dereference methods in a later patch.
2011-05-20	Remove append_attrs_to_array	Jakub Hrozek	1	-1/+0
	This function was not used anywhere
2011-04-27	Add ldap_page_size configuration option	Stephen Gallagher	1	-0/+2

2011-04-25	Modify principal selection for keytab authentication	Jan Zeleny	1	-0/+1
	Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
2011-04-19	Add value of the last USN to server configuration	Stephen Gallagher	1	-0/+1
	Related: https://fedorahosted.org/sssd/ticket/734
2011-04-08	Don't pass NULL to printf for TLS errors	Jakub Hrozek	1	-10/+0
	https://fedorahosted.org/sssd/ticket/643
2011-03-24	Add host access control support	Pierre Ossman	1	-0/+1
	https://fedorahosted.org/sssd/ticket/746