| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Previous version of the SSSD did not abort the async LDAP search
operation on errors. In cases where the request ended in progress, such
as when the paging was very strictly limited, the old versions at least
returned partial data.
This patch special-cases the LDAP_SIZELIMIT_EXCEEDED error to avoid a
user-visible regression.
https://fedorahosted.org/sssd/ticket/1322
|
|
https://fedorahosted.org/sssd/ticket/1320
|
|
https://fedorahosted.org/sssd/ticket/1307
|
|
|
|
|
|
The paging control can cause issues on servers that put limits on
how many paging controls can be active at one time (on some
servers, it is limited to one per connection). We need to reduce
our usage so that we only activate the paging control when making
a request that may return an arbitrary number of results.
https://fedorahosted.org/sssd/ticket/1202 phase one
|
|
|
|
https://fedorahosted.org/sssd/ticket/1019
|
|
Fixes https://fedorahosted.org/sssd/ticket/967
|
|
|
|
There was too much code duplication between
sdap_save_{user,group,netgroup}. This patch removes the most egregious ones.
|
|
|
|
|
|
The deref processing would return a single control back. The do-while
loop was harmless but confusing.
|
|
ldap_create_deref_control_value expects an array of LDAPDerefSpec structures
with LDAPDerefSpec.derefAttr == NULL as a sentinel. We were passing a
single instance of a LDAPDerefSpec structure.
https://fedorahosted.org/sssd/ticket/1050
|
|
Also checks fake users for aliases when storing a real users so that
getgrnam for a RFC2307 group that references a user by his secondary
name followed by getpwnam for this user by his primary name works
|
|
https://fedorahosted.org/sssd/ticket/989
John Hodrien found out that when paging is used while dereferencing an
entry, sssd_be may segfault on the second page.
This was because paging returned the control to sdap_generic_search
multiple times but sssd was freeing dereference control after the first
search invocation. The subsequend sdap searched accessed memory that was
already freed.
|
|
https://fedorahosted.org/sssd/ticket/985
|
|
|
|
https://fedorahosted.org/sssd/ticket/986
|
|
https://fedorahosted.org/sssd/ticket/925
Conversion of the old debug_level format to the new one.
(only where it was necessary)
Removed:
SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
|
|
https://fedorahosted.org/sssd/ticket/877
|
|
https://fedorahosted.org/sssd/ticket/876
|
|
A generic wrapper around ASQ and OpenLDAP dereference searches.
https://fedorahosted.org/sssd/ticket/635
|
|
This dereference method is supported at least by OpenLDAP and
389DS/RHDS
For more details, see:
http://tools.ietf.org/html/draft-masarati-ldap-deref-00
|
|
For more details on ASQ, see:
http://msdn.microsoft.com/en-us/library/aa366976%28VS.85%29.aspx
http://msdn.microsoft.com/en-us/library/aa746418%28v=VS.85%29.aspx
|
|
These will be shared by both dereference methods in a later patch.
|
|
Add a private sdap_get_generic_ext_send()/_recv() request that
exposes more of ldap_search_ext options, in particular the server
contols. The existing sdap_generic_search_send()/_recv() request
is now a thin wrapper around the new _ext request.
The other important change is that an entry parsing is a callback now.
That was done in order to allow custom parsing for results such as
OpenLDAP deref or Attribute Scoped Queries.
|
|
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/643
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This reverts 56d8d19ac9d857580a233d8264e851883b883c67
|
|
Every ldap function that could possibly create a new connection is now
wrapped in a tevent_req. If the connection is created, we will call the
function again after the socket is ready for writing.
|
|
|
|
Also adds support for detecting LDAPS errors by adding a check for
SDAP_DIAGNOSTIC_MESSAGE after ldap_search_ext()
|
|
|
|
In violation of the standard, some LDAP servers control access to
the RootDSE, thus preventing us from being able to read it before
performing a bind.
This patch will allow us to continue on if the RootDSE was
inaccessible. All of the places that we use the return value of
the RootDSE after this are already checked for NULL and use sane
defaults if the RootDSE is unavailable
|
|
Operational attributes are not returned in searched requests unless
explicitly requested according to RFC 4512 section 5.1. Therefore to
get several standard attributes of root DSE we have to request for
them. The requested attrs are:
- altServer
- namingContexts
- supportedControl
- supportedExtension
- supportedFeatures
- supportedLDAPVersion
- supportedSASLMechanisms
Signed-off-by: Alexander Gordeev <lasaine@lvk.cs.msu.su>
|
|
|
|
Prevent freeing the sdap_handle by failing in the destructor if we
are trying to recurse.
|
