Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2013-06-07 | LDAP: store FQDNs for trusted users and groups | Jakub Hrozek | 1 | -4/+5 | |
Because the NSS responder expects the name attribute to contain FQDN, we must save the name as FQDN in the LDAP provider if the domain we save to is a subdomain. | |||||
2013-06-07 | LDAP: new SDAP domain structure | Jakub Hrozek | 1 | -3/+2 | |
Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain. | |||||
2013-06-07 | LDAP: Pass in a connection to ID functions | Jakub Hrozek | 1 | -0/+1 | |
Instead of using the default connection from the sdap_id_ctx, allow the caller to specify which connection shall be used for this particular request. Again, no functional change is present in this patch, just another parameter is added. | |||||
2013-05-02 | sdap: add sdap_connect_host request | Pavel Březina | 1 | -0/+15 | |
Create connection to specified LDAP server without using any failover stuff. | |||||
2013-03-19 | Use common error facility instead of sdap_result | Simo Sorce | 1 | -23/+6 | |
Simplifies and consolidates error reporting for ldap authentication paths. Adds 3 new error codes: ERR_CHPASS_DENIED - Used when password constraints deny password changes ERR_ACCOUNT_EXPIRED - Account is expired ERR_PASSWORD_EXPIRED - Password is expired | |||||
2013-01-15 | Add domain to sysdb_search_user_by_name() | Simo Sorce | 1 | -0/+2 | |
Also remove unused sysdb_search_domuser_by_name() | |||||
2013-01-10 | Change pam data auth tokens. | Simo Sorce | 1 | -4/+3 | |
Use the new authtok abstraction and interfaces throught the code. | |||||
2012-09-24 | AD: Optimize initgroups lookups with tokenGroups | Stephen Gallagher | 1 | -0/+16 | |
https://fedorahosted.org/sssd/ticket/1355 | |||||
2012-06-13 | LDAP: Add support for AD chain matching extension in initgroups | Stephen Gallagher | 1 | -0/+13 | |
2012-06-13 | LDAP: Add support for AD chain matching extension in group lookups | Stephen Gallagher | 1 | -0/+14 | |
2012-06-13 | LDAP: Add ldap_*_use_matching_rule_in_chain options | Stephen Gallagher | 1 | -0/+5 | |
2012-05-31 | Ghost members - removed sdap_check_aliases() | Jan Zeleny | 1 | -6/+0 | |
This function is no longer necessary because we don't have fake user entries any more. The original purpose of this function was to check if there are fake user entries for particular user and, if yes, to update its membership. | |||||
2012-02-24 | LDAP: Only use paging control on requests for multiple entries | Stephen Gallagher | 1 | -1/+2 | |
The paging control can cause issues on servers that put limits on how many paging controls can be active at one time (on some servers, it is limited to one per connection). We need to reduce our usage so that we only activate the paging control when making a request that may return an arbitrary number of results. https://fedorahosted.org/sssd/ticket/1202 phase one | |||||
2012-02-06 | Update shadowLastChanged attribute during LDAP password change | Jan Zeleny | 1 | -0/+9 | |
https://fedorahosted.org/sssd/ticket/1019 | |||||
2012-01-31 | LDAP: Add enumeration support for services | Stephen Gallagher | 1 | -0/+11 | |
2012-01-31 | LDAP: Add support for service lookups (non-enum) | Stephen Gallagher | 1 | -0/+17 | |
2011-12-16 | Use the case sensitivity flag in the LDAP provider | Jakub Hrozek | 1 | -0/+1 | |
2011-12-16 | Refactor saving sdap entities | Jakub Hrozek | 1 | -0/+21 | |
There was too much code duplication between sdap_save_{user,group,netgroup}. This patch removes the most egregious ones. | |||||
2011-11-29 | Provide means of forcing TLS and GSSAPI enabled/disabled for sdap connections | Jakub Hrozek | 1 | -1/+9 | |
2011-11-02 | Support to request canonicalization in LDAP/IPA provider | Jan Zeleny | 1 | -0/+1 | |
https://fedorahosted.org/sssd/ticket/957 | |||||
2011-11-02 | LDAP: Add support for multiple search bases for group enumeration | Stephen Gallagher | 1 | -1/+2 | |
2011-11-02 | LDAP: Add support for multiple search bases for user enumeration | Stephen Gallagher | 1 | -1/+2 | |
2011-11-02 | LDAP: Support multiple group search bases (non-enumeration, RFC2307) | Stephen Gallagher | 1 | -1/+2 | |
2011-11-02 | LDAP: Support multiple netgroup search bases | Stephen Gallagher | 1 | -1/+2 | |
2011-11-02 | LDAP: Support multiple user search bases (non-enumeration) | Stephen Gallagher | 1 | -1/+2 | |
2011-09-28 | Store name aliases for users, groups | Jakub Hrozek | 1 | -0/+6 | |
Also checks fake users for aliases when storing a real users so that getgrnam for a RFC2307 group that references a user by his secondary name followed by getpwnam for this user by his primary name works | |||||
2011-09-06 | Allow turning dereference off by setting the threshold to 0 | Jakub Hrozek | 1 | -1/+1 | |
2011-06-30 | Use ldap_init_fd() instead of ldap_initialize() if available | Sumit Bose | 1 | -0/+3 | |
2011-05-20 | Generic dereference search | Jakub Hrozek | 1 | -0/+18 | |
A generic wrapper around ASQ and OpenLDAP dereference searches. https://fedorahosted.org/sssd/ticket/635 | |||||
2011-01-21 | Add the user's primary group to the initgroups lookup | Stephen Gallagher | 1 | -3/+1 | |
The user may not be a direct member of their primary group, but we still want to make sure that group is cached on the system. | |||||
2011-01-17 | Add timeout parameter to sdap_get_generic_send() | Sumit Bose | 1 | -4/+8 | |
2010-12-07 | ldap: add checks to determine if USN features are available. | Simo Sorce | 1 | -4/+2 | |
2010-10-13 | Implement netgroup support for LDAP provider | Sumit Bose | 1 | -1/+13 | |
2010-10-13 | Initialize kerberos service for GSSAPI | Jakub Hrozek | 1 | -0/+3 | |
2010-09-15 | Store rootdse supported features in sdap_handler | Sumit Bose | 1 | -5/+3 | |
2010-07-09 | LDAP connection usage tracking, sharing and failover retry framework. | eindenbom | 1 | -0/+5 | |
2010-07-09 | GSSAPI ticket expiry time is returned from ldap_child and stored in ↵ | eindenbom | 1 | -1/+3 | |
sdap_handle for future reference. | |||||
2010-05-16 | Add ldap_krb5_ticket_lifetime option | Sumit Bose | 1 | -1/+2 | |
2010-03-22 | Improvements for LDAP Password Policy support | Ralf Haferkamp | 1 | -1/+5 | |
Display warnings about remaining grace logins and password expiration to the user, when LDAP Password Policies are used. Improved detection if LDAP Password policies are supported by LDAP Server. | |||||
2010-02-18 | Rename server/ directory to src/ | Stephen Gallagher | 1 | -0/+126 | |
Also update BUILD.txt |