summaryrefslogtreecommitdiff
path: root/src/providers/ldap/sdap_access.c
AgeCommit message (Collapse)AuthorFilesLines
2012-03-09LDAP: Make sdap_access_send/recv publicStephen Gallagher1-12/+8
We want to consume this in the IPA provider.
2012-02-24LDAP: Only use paging control on requests for multiple entriesStephen Gallagher1-1/+2
The paging control can cause issues on servers that put limits on how many paging controls can be active at one time (on some servers, it is limited to one per connection). We need to reduce our usage so that we only activate the paging control when making a request that may return an arbitrary number of results. https://fedorahosted.org/sssd/ticket/1202 phase one
2011-11-22Cleanup: Remove unused parametersJakub Hrozek1-13/+2
2011-08-15sysdb refactoring: memory context deletedJan Zeleny1-2/+1
This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
2011-08-15sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny1-4/+1
The patch also updates code using modified functions. Tests have also been adjusted.
2011-07-08Add LDAP access control based on NDS attributesSumit Bose1-0/+177
2011-03-24Add host access control supportPierre Ossman1-0/+146
https://fedorahosted.org/sssd/ticket/746
2011-02-04Only print "no matching service rule" when appropriateStephen Gallagher1-6/+6
2011-01-19Add LDAP expire policy base RHDS/IPA attributeSumit Bose1-0/+38
The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
2011-01-19Add LDAP expire policy based on AD attributesSumit Bose1-0/+85
The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
2011-01-17Add timeout parameter to sdap_get_generic_send()Sumit Bose1-1/+3
2011-01-06Add syslog messages to authorized service access checkSumit Bose1-1/+31
2011-01-06Add syslog message to shadow access checkSumit Bose1-6/+14
2010-12-21Add authorizedService supportStephen Gallagher1-0/+135
https://fedorahosted.org/sssd/ticket/670
2010-12-21Pass all PAM data to the LDAP access providerStephen Gallagher1-9/+12
Previously we were only passing the username.
2010-12-06Add new account expired rule to LDAP access providerSumit Bose1-66/+377
Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
2010-11-15Sanitize search filters in LDAP providerStephen Gallagher1-1/+9
2010-09-28Suppress some 'may be used uninitialized' warningsSumit Bose1-1/+1
Additionally the handling of errno and the errno_t return value of functions is fixed in krb5_common.c.
2010-09-08Dead assignments cleanup in providers codeJan Zeleny1-11/+7
Dead assignments were deleted. Also prototype of function sdap_access_decide_offline() has been changed, since its return code was never used. Ticket: #586
2010-07-09Use new LDAP connection framework in LDAP access backend.eindenbom1-59/+73
2010-06-09Allow ldap_access_filter values wrapped in parenthesesStephen Gallagher1-1/+1
2010-05-27Add ldap_access_filter optionStephen Gallagher1-0/+457
This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
generated by cgit (git 2.34.1) at 2024-12-12 08:18:41 +0000