summaryrefslogtreecommitdiff
path: root/src/providers/ldap/sdap.h
AgeCommit message (Collapse)AuthorFilesLines
2012-08-01Primary server support: new options in krb5 providerJan Zeleny1-0/+1
This patch adds support for new config options krb5_backup_server and krb5_backup_kpasswd. The description of this option's functionality is included in man page in one of previous patches.
2012-08-01Primary server support: new option in ldap providerJan Zeleny1-0/+2
This patch adds support for new config option ldap_backup_uri. The description of this option's functionality is included in man page in previous patch.
2012-06-29sudo: add host info optionsPavel Březina1-0/+5
Adds some option that allows to manually configure a host filter. ldap_sudo_use_host_filter - if false, we will download all rules regardless their sudoHost attribute ldap_sudo_hostnames - list hostnames and/or fqdn that should be downloaded, separated with spaces ldap_sudo_ip - list of IPv4/6 address and/or network that should be downloaded, separated with spaces ldap_sudo_include_netgroups - include rules that contains netgroup in sudoHost ldap_sudo_include_regexp - include rules that contains regular expression in sudoHost
2012-06-29sudo provider: add ldap_sudo_smart_refresh_intervalPavel Březina1-0/+1
2012-06-29ldap provider: add sudo usn valuePavel Březina1-0/+2
2012-06-29sudo provider: remove old timerPavel Březina1-2/+0
2012-06-29sudo provider: add ldap_sudo_full_refresh_intervalPavel Březina1-0/+1
2012-06-13LDAP: Auto-detect support for the ldap match ruleStephen Gallagher1-0/+2
This patch extends the RootDSE lookup so that we will perform a second request to test whether the match rule syntax can be used. If both groups and initgroups are disabled in the configuration, this lookup request can be skipped.
2012-06-13LDAP: Add ldap_*_use_matching_rule_in_chain optionsStephen Gallagher1-0/+2
2012-05-31Add support for filtering atributesJan Zeleny1-0/+1
This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
2012-05-10LDAP: Add attr_count return value to build_attrs_from_map()Stephen Gallagher1-1/+3
This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL.
2012-05-03LDAP: Map the user's primaryGroupIDStephen Gallagher1-0/+1
2012-05-03LDAP: Allow setting a default domain for id-mapping slice 0Stephen Gallagher1-0/+2
2012-05-03LDAP: Add autorid compatibility modeStephen Gallagher1-0/+1
2012-05-03LDAP: Initialize ID mapping when configuredStephen Gallagher1-0/+3
2012-05-03LDAP: Add ID mapping range settingsStephen Gallagher1-0/+3
2012-05-03LDAP: Add id-mapping optionStephen Gallagher1-0/+1
2012-05-03LDAP: Add objectSID config optionStephen Gallagher1-0/+2
2012-03-28Add terminator for sdap_attr_mapStephen Gallagher1-0/+1
2012-02-24IPA hosts refactoringJan Zeleny1-2/+0
2012-02-07LDAP: Add support for SSH user public keysJan Cholasta1-0/+1
2012-02-06Update shadowLastChanged attribute during LDAP password changeJan Zeleny1-0/+1
https://fedorahosted.org/sssd/ticket/1019
2012-02-06Session target in IPA providerJan Zeleny1-0/+1
2012-02-05AUTOFS: LDAP providerJakub Hrozek1-0/+19
2012-02-04NSS: Add individual timeouts for entry typesStephen Gallagher1-1/+0
https://fedorahosted.org/sssd/ticket/1016
2012-01-31LDAP: Add enumeration support for servicesStephen Gallagher1-0/+1
2012-01-31LDAP: Add support for service lookups (non-enum)Stephen Gallagher1-0/+13
2012-01-18LDAP: Add option to disable paging controlStephen Gallagher1-0/+1
Fixes https://fedorahosted.org/sssd/ticket/967
2012-01-17SUDO Integration - periodical update of rules in data providerPavel Březina1-0/+2
https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
2011-12-16SUDO Integration - LDAP configuration optionsPavel Březina1-0/+20
2011-12-12Add sdap_connection_expire_timeout optionStephen Gallagher1-0/+1
https://fedorahosted.org/sssd/ticket/1036
2011-12-08Add ldap_sasl_minssf optionJan Zeleny1-0/+1
https://fedorahosted.org/sssd/ticket/1075
2011-11-23Renamed some LDAP routinesJan Zeleny1-0/+1
These were renamed just ot make sure they are not mistook for IPA netgroup functions.
2011-11-22Cleanup: Remove unused parametersJakub Hrozek1-2/+0
2011-11-02Support to request canonicalization in LDAP/IPA providerJan Zeleny1-0/+1
https://fedorahosted.org/sssd/ticket/957
2011-11-02LDAP: Add parser for multiple search basesStephen Gallagher1-0/+11
2011-11-02Remove unused sdap_options attributesStephen Gallagher1-3/+0
These DNs were never assigned or referenced anywhere.
2011-09-06Improve error message for LDAP password constraint violationJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/985
2011-08-26Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/978
2011-07-08Add LDAP access control based on NDS attributesSumit Bose1-0/+6
2011-06-30Add sockaddr_storage to sdap_serviceSumit Bose1-0/+1
2011-05-20Use dereference when processing RFC2307bis nested groupsJakub Hrozek1-0/+1
Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799
2011-05-20OpenLDAP dereference searchesJakub Hrozek1-0/+7
This dereference method is supported at least by OpenLDAP and 389DS/RHDS For more details, see: http://tools.ietf.org/html/draft-masarati-ldap-deref-00
2011-05-20Generic dereference data structures and utilitiesJakub Hrozek1-0/+10
These will be shared by both dereference methods in a later patch.
2011-05-20Remove append_attrs_to_arrayJakub Hrozek1-1/+0
This function was not used anywhere
2011-04-27Add ldap_page_size configuration optionStephen Gallagher1-0/+2
2011-04-25Modify principal selection for keytab authenticationJan Zeleny1-0/+1
Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
2011-04-19Add value of the last USN to server configurationStephen Gallagher1-0/+1
Related: https://fedorahosted.org/sssd/ticket/734
2011-04-08Don't pass NULL to printf for TLS errorsJakub Hrozek1-10/+0
https://fedorahosted.org/sssd/ticket/643
2011-03-24Add host access control supportPierre Ossman1-0/+1
https://fedorahosted.org/sssd/ticket/746