summaryrefslogtreecommitdiff
path: root/src/providers/ldap/sdap_async_connection.c
AgeCommit message (Collapse)AuthorFilesLines
2011-04-08Don't pass NULL to printf for TLS errorsJakub Hrozek1-19/+22
https://fedorahosted.org/sssd/ticket/643
2011-02-16Do not attempt to use START_TLS on SSL connectionsStephen Gallagher1-2/+10
Not all LDAP servers are capable of handling dual-encryption with both TLS and SSL. https://fedorahosted.org/sssd/ticket/795
2011-01-06Convert obfuscated password once at startupSumit Bose1-14/+0
2010-12-07Mark unavailable Kerberos server as PORT_NOT_WORKINGSumit Bose1-0/+1
2010-12-07ldap: add checks to determine if USN features are available.Simo Sorce1-9/+19
2010-12-01Fix offline detection in sdap_cli_connect requestSumit Bose1-0/+1
sdap_cli_connect_recv_ext() checks if the failover server is not set to determine if the backend is offline. To make this work properly if multiple servers are defined the failover server must be set to NULL if all servers are checked.
2010-11-04Use (default)namingContext to set empty search basesSumit Bose1-0/+8
2010-10-27Allow authentication for referralsSumit Bose1-0/+193
2010-10-22Add some missing ldap_memfree()Sumit Bose1-2/+4
2010-10-22Add ldap_deref optionSumit Bose1-0/+37
2010-10-13Initialize kerberos service for GSSAPIJakub Hrozek1-4/+88
2010-10-13Make ldap_child report kerberos return code to parentJakub Hrozek1-1/+3
2010-09-15Check if control is supported before using it.Simo Sorce1-7/+9
2010-09-15Revert "Make ldap bind asynchronous"Jakub Hrozek1-127/+91
This reverts 56d8d19ac9d857580a233d8264e851883b883c67
2010-09-15Store rootdse supported features in sdap_handlerSumit Bose1-34/+17
2010-09-08Deobfuscate password in back endsJakub Hrozek1-7/+52
When obfuscated password is used in config file, the LDAP backend converts it back to clear text and uses it to authenticate to the server.
2010-09-02Make ldap bind asynchronousMartin Nagy1-91/+127
Every ldap function that could possibly create a new connection is now wrapped in a tevent_req. If the connection is created, we will call the function again after the socket is ready for writing.
2010-07-09Log TLS errors to syslogStephen Gallagher1-0/+6
Also adds support for detecting LDAPS errors by adding a check for SDAP_DIAGNOSTIC_MESSAGE after ldap_search_ext()
2010-07-09Eliminate delayed sdap_handle destruction after fail-over retry.eindenbom1-9/+6
2010-07-09Use new LDAP connection framework in IPA dynamic DNS forwarder.eindenbom1-7/+0
2010-07-09LDAP connection usage tracking, sharing and failover retry framework.eindenbom1-0/+16
2010-07-09GSSAPI ticket expiry time is returned from ldap_child and stored in ↵eindenbom1-3/+11
sdap_handle for future reference.
2010-06-28Make RootDSE optionalStephen Gallagher1-2/+14
In violation of the standard, some LDAP servers control access to the RootDSE, thus preventing us from being able to read it before performing a bind. This patch will allow us to continue on if the RootDSE was inaccessible. All of the places that we use the return value of the RootDSE after this are already checked for NULL and use sane defaults if the RootDSE is unavailable
2010-06-28Fix SASL authenticationSumit Bose1-2/+2
2010-06-06Fix broken build against older versions of OpenLDAPStephen Gallagher1-2/+2
OpenLDAP < 2.4 used LDAP_OPT_ERROR_STRING. It was changed to LDAP_OPT_DIAGNOSTIC_MESSAGE in 2.4. This patch will allow the TLS error messages to be displayed on either version.
2010-05-20Add a better error message for TLS failuresStephen Gallagher1-3/+32
2010-05-16Add ldap_krb5_ticket_lifetime optionSumit Bose1-4/+14
2010-05-07Add callback when the ID provider switches from offline to onlineStephen Gallagher1-0/+9
Allow backends to set a callback in the be_ctx that should be invoked when the ID provider goes online. This can be used to perform regular maintenance tasks that are valid only when going online.
2010-05-07Use all available servers in LDAP providerJakub Hrozek1-7/+53
2010-05-03Better handle sdap_handle memory from callers.Simo Sorce1-0/+3
Always just mark the sdap_handle as not connected and let later _send() functions to take care of freeing the handle before reconnecting. Introduce restart functions to avoid calling _send() functions in _done() functions error paths as this would have the same effect as directly freeing the sdap_handle and cause access to freed memory in sdap_handle_release() By freeing sdap_handle only in the connection _recv() function we guarantee it can never be done within sdap_handle_release() but only in a following event.
2010-04-26Make the handling of fd events opaqueSumit Bose1-46/+8
Depending on the version of the OpenLDAP libraries we use two different schemes to find the file descriptor of the connection to the LDAP server. This patch removes the related ifdefs from the main code and introduces helper functions which can handle the specific cases.
2010-04-26Set LDAP_OPT_RESTART for all LDAP connectionsSumit Bose1-7/+7
2010-03-25Set LDAP_OPT_RESTART for ldap_sasl_interactive_bind_s()Sumit Bose1-0/+7
This option is needed for the rare case where a poll() call during ldap_sasl_interactive_bind_s() is interrupted by a signal. LDAP_OPT_RESTART enables the handling of the EINTR error instead of returning an error.
2010-03-22Improvements for LDAP Password Policy supportRalf Haferkamp1-10/+43
Display warnings about remaining grace logins and password expiration to the user, when LDAP Password Policies are used. Improved detection if LDAP Password policies are supported by LDAP Server.
2010-03-18Fix error message for ldap_start_tlsStephen Gallagher1-1/+1
2010-03-15Fixed check for expired passwordsRalf Haferkamp1-2/+4
When the user's password is expired it might also be indicated by the bind operation returning "INVALID_CREDENTIALS" with the ppolicy control's errorcode set to "PP_passwordExpired".
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+1141
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-06-02 23:42:01 +0000