summaryrefslogtreecommitdiff
path: root/src/providers/ldap/sdap_async.h
AgeCommit message (Collapse)AuthorFilesLines
2013-06-07LDAP: store FQDNs for trusted users and groupsJakub Hrozek1-4/+5
Because the NSS responder expects the name attribute to contain FQDN, we must save the name as FQDN in the LDAP provider if the domain we save to is a subdomain.
2013-06-07LDAP: new SDAP domain structureJakub Hrozek1-3/+2
Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain.
2013-06-07LDAP: Pass in a connection to ID functionsJakub Hrozek1-0/+1
Instead of using the default connection from the sdap_id_ctx, allow the caller to specify which connection shall be used for this particular request. Again, no functional change is present in this patch, just another parameter is added.
2013-05-02sdap: add sdap_connect_host requestPavel Březina1-0/+15
Create connection to specified LDAP server without using any failover stuff.
2013-03-19Use common error facility instead of sdap_resultSimo Sorce1-23/+6
Simplifies and consolidates error reporting for ldap authentication paths. Adds 3 new error codes: ERR_CHPASS_DENIED - Used when password constraints deny password changes ERR_ACCOUNT_EXPIRED - Account is expired ERR_PASSWORD_EXPIRED - Password is expired
2013-01-15Add domain to sysdb_search_user_by_name()Simo Sorce1-0/+2
Also remove unused sysdb_search_domuser_by_name()
2013-01-10Change pam data auth tokens.Simo Sorce1-4/+3
Use the new authtok abstraction and interfaces throught the code.
2012-09-24AD: Optimize initgroups lookups with tokenGroupsStephen Gallagher1-0/+16
https://fedorahosted.org/sssd/ticket/1355
2012-06-13LDAP: Add support for AD chain matching extension in initgroupsStephen Gallagher1-0/+13
2012-06-13LDAP: Add support for AD chain matching extension in group lookupsStephen Gallagher1-0/+14
2012-06-13LDAP: Add ldap_*_use_matching_rule_in_chain optionsStephen Gallagher1-0/+5
2012-05-31Ghost members - removed sdap_check_aliases()Jan Zeleny1-6/+0
This function is no longer necessary because we don't have fake user entries any more. The original purpose of this function was to check if there are fake user entries for particular user and, if yes, to update its membership.
2012-02-24LDAP: Only use paging control on requests for multiple entriesStephen Gallagher1-1/+2
The paging control can cause issues on servers that put limits on how many paging controls can be active at one time (on some servers, it is limited to one per connection). We need to reduce our usage so that we only activate the paging control when making a request that may return an arbitrary number of results. https://fedorahosted.org/sssd/ticket/1202 phase one
2012-02-06Update shadowLastChanged attribute during LDAP password changeJan Zeleny1-0/+9
https://fedorahosted.org/sssd/ticket/1019
2012-01-31LDAP: Add enumeration support for servicesStephen Gallagher1-0/+11
2012-01-31LDAP: Add support for service lookups (non-enum)Stephen Gallagher1-0/+17
2011-12-16Use the case sensitivity flag in the LDAP providerJakub Hrozek1-0/+1
2011-12-16Refactor saving sdap entitiesJakub Hrozek1-0/+21
There was too much code duplication between sdap_save_{user,group,netgroup}. This patch removes the most egregious ones.
2011-11-29Provide means of forcing TLS and GSSAPI enabled/disabled for sdap connectionsJakub Hrozek1-1/+9
2011-11-02Support to request canonicalization in LDAP/IPA providerJan Zeleny1-0/+1
https://fedorahosted.org/sssd/ticket/957
2011-11-02LDAP: Add support for multiple search bases for group enumerationStephen Gallagher1-1/+2
2011-11-02LDAP: Add support for multiple search bases for user enumerationStephen Gallagher1-1/+2
2011-11-02LDAP: Support multiple group search bases (non-enumeration, RFC2307)Stephen Gallagher1-1/+2
2011-11-02LDAP: Support multiple netgroup search basesStephen Gallagher1-1/+2
2011-11-02LDAP: Support multiple user search bases (non-enumeration)Stephen Gallagher1-1/+2
2011-09-28Store name aliases for users, groupsJakub Hrozek1-0/+6
Also checks fake users for aliases when storing a real users so that getgrnam for a RFC2307 group that references a user by his secondary name followed by getpwnam for this user by his primary name works
2011-09-06Allow turning dereference off by setting the threshold to 0Jakub Hrozek1-1/+1
2011-06-30Use ldap_init_fd() instead of ldap_initialize() if availableSumit Bose1-0/+3
2011-05-20Generic dereference searchJakub Hrozek1-0/+18
A generic wrapper around ASQ and OpenLDAP dereference searches. https://fedorahosted.org/sssd/ticket/635
2011-01-21Add the user's primary group to the initgroups lookupStephen Gallagher1-3/+1
The user may not be a direct member of their primary group, but we still want to make sure that group is cached on the system.
2011-01-17Add timeout parameter to sdap_get_generic_send()Sumit Bose1-4/+8
2010-12-07ldap: add checks to determine if USN features are available.Simo Sorce1-4/+2
2010-10-13Implement netgroup support for LDAP providerSumit Bose1-1/+13
2010-10-13Initialize kerberos service for GSSAPIJakub Hrozek1-0/+3
2010-09-15Store rootdse supported features in sdap_handlerSumit Bose1-5/+3
2010-07-09LDAP connection usage tracking, sharing and failover retry framework.eindenbom1-0/+5
2010-07-09GSSAPI ticket expiry time is returned from ldap_child and stored in ↵eindenbom1-1/+3
sdap_handle for future reference.
2010-05-16Add ldap_krb5_ticket_lifetime optionSumit Bose1-1/+2
2010-03-22Improvements for LDAP Password Policy supportRalf Haferkamp1-1/+5
Display warnings about remaining grace logins and password expiration to the user, when LDAP Password Policies are used. Improved detection if LDAP Password policies are supported by LDAP Server.
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+126
Also update BUILD.txt