summaryrefslogtreecommitdiff
path: root/src/providers/ldap/sdap_access.c
AgeCommit message (Collapse)AuthorFilesLines
2011-11-22Cleanup: Remove unused parametersJakub Hrozek1-13/+2
2011-08-15sysdb refactoring: memory context deletedJan Zeleny1-2/+1
This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
2011-08-15sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny1-4/+1
The patch also updates code using modified functions. Tests have also been adjusted.
2011-07-08Add LDAP access control based on NDS attributesSumit Bose1-0/+177
2011-03-24Add host access control supportPierre Ossman1-0/+146
https://fedorahosted.org/sssd/ticket/746
2011-02-04Only print "no matching service rule" when appropriateStephen Gallagher1-6/+6
2011-01-19Add LDAP expire policy base RHDS/IPA attributeSumit Bose1-0/+38
The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
2011-01-19Add LDAP expire policy based on AD attributesSumit Bose1-0/+85
The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
2011-01-17Add timeout parameter to sdap_get_generic_send()Sumit Bose1-1/+3
2011-01-06Add syslog messages to authorized service access checkSumit Bose1-1/+31
2011-01-06Add syslog message to shadow access checkSumit Bose1-6/+14
2010-12-21Add authorizedService supportStephen Gallagher1-0/+135
https://fedorahosted.org/sssd/ticket/670
2010-12-21Pass all PAM data to the LDAP access providerStephen Gallagher1-9/+12
Previously we were only passing the username.
2010-12-06Add new account expired rule to LDAP access providerSumit Bose1-66/+377
Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
2010-11-15Sanitize search filters in LDAP providerStephen Gallagher1-1/+9
2010-09-28Suppress some 'may be used uninitialized' warningsSumit Bose1-1/+1
Additionally the handling of errno and the errno_t return value of functions is fixed in krb5_common.c.
2010-09-08Dead assignments cleanup in providers codeJan Zeleny1-11/+7
Dead assignments were deleted. Also prototype of function sdap_access_decide_offline() has been changed, since its return code was never used. Ticket: #586
2010-07-09Use new LDAP connection framework in LDAP access backend.eindenbom1-59/+73
2010-06-09Allow ldap_access_filter values wrapped in parenthesesStephen Gallagher1-1/+1
2010-05-27Add ldap_access_filter optionStephen Gallagher1-0/+457
This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com