summaryrefslogtreecommitdiff
path: root/src/providers/ldap/sdap_async_connection.c
AgeCommit message (Collapse)AuthorFilesLines
2012-01-14LDAP: Copy URI instead of pointing at failover service recordStephen Gallagher1-2/+8
In a heavy load environment, sometimes the failover service record would be updated and free the URI value. We need to guarantee that this URI string remains valid throughout the entire request. https://fedorahosted.org/sssd/ticket/1139
2011-12-12Add sdap_connection_expire_timeout optionStephen Gallagher1-0/+12
https://fedorahosted.org/sssd/ticket/1036
2011-12-08LDAP: Fix missing break statements in force_tlsStephen Gallagher1-6/+12
Also add a default case to protect against bad input
2011-12-08LDAP provider: Error while setting the nocanon option should not be fatalJakub Hrozek1-3/+9
https://fedorahosted.org/sssd/ticket/1100
2011-12-08Add ldap_sasl_minssf optionJan Zeleny1-0/+17
https://fedorahosted.org/sssd/ticket/1075
2011-11-29Provide means of forcing TLS and GSSAPI enabled/disabled for sdap connectionsJakub Hrozek1-7/+28
2011-11-29LDAP: Try next failover server on any errorStephen Gallagher1-9/+5
2011-11-22Cleanup: Remove unused parametersJakub Hrozek1-9/+5
2011-11-18Prevent printing NULL in several places of LDAP providerJakub Hrozek1-3/+5
2011-11-02Support to request canonicalization in LDAP/IPA providerJan Zeleny1-0/+15
https://fedorahosted.org/sssd/ticket/957
2011-09-06sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string()Pavel Březina1-16/+16
https://fedorahosted.org/sssd/ticket/986
2011-09-06sss_ldap_err2string() - function createdPavel Březina1-2/+0
https://fedorahosted.org/sssd/ticket/986
2011-08-26Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek1-0/+11
https://fedorahosted.org/sssd/ticket/978
2011-08-15Handle timeout during sss_ldap_init_sendJakub Hrozek1-1/+5
In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds.
2011-08-01Request password control unconditionally during bindJakub Hrozek1-6/+6
https://fedorahosted.org/sssd/ticket/940
2011-06-30Use ldap_init_fd() instead of ldap_initialize() if availableSumit Bose1-36/+83
2011-04-27Add ldap_page_size configuration optionStephen Gallagher1-0/+4
2011-04-25Modify principal selection for keytab authenticationJan Zeleny1-2/+7
Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
2011-04-12Initialise rootdse to NULL if not availableSumit Bose1-0/+1
2011-04-11Initialise srv_opts even if rootDSE is missingSumit Bose1-8/+9
2011-04-08Read only rootDSE data if rootDSE is availableSumit Bose1-20/+22
2011-04-08Don't pass NULL to printf for TLS errorsJakub Hrozek1-19/+22
https://fedorahosted.org/sssd/ticket/643
2011-02-16Do not attempt to use START_TLS on SSL connectionsStephen Gallagher1-2/+10
Not all LDAP servers are capable of handling dual-encryption with both TLS and SSL. https://fedorahosted.org/sssd/ticket/795
2011-01-06Convert obfuscated password once at startupSumit Bose1-14/+0
2010-12-07Mark unavailable Kerberos server as PORT_NOT_WORKINGSumit Bose1-0/+1
2010-12-07ldap: add checks to determine if USN features are available.Simo Sorce1-9/+19
2010-12-01Fix offline detection in sdap_cli_connect requestSumit Bose1-0/+1
sdap_cli_connect_recv_ext() checks if the failover server is not set to determine if the backend is offline. To make this work properly if multiple servers are defined the failover server must be set to NULL if all servers are checked.
2010-11-04Use (default)namingContext to set empty search basesSumit Bose1-0/+8
2010-10-27Allow authentication for referralsSumit Bose1-0/+193
2010-10-22Add some missing ldap_memfree()Sumit Bose1-2/+4
2010-10-22Add ldap_deref optionSumit Bose1-0/+37
2010-10-13Initialize kerberos service for GSSAPIJakub Hrozek1-4/+88
2010-10-13Make ldap_child report kerberos return code to parentJakub Hrozek1-1/+3
2010-09-15Check if control is supported before using it.Simo Sorce1-7/+9
2010-09-15Revert "Make ldap bind asynchronous"Jakub Hrozek1-127/+91
This reverts 56d8d19ac9d857580a233d8264e851883b883c67
2010-09-15Store rootdse supported features in sdap_handlerSumit Bose1-34/+17
2010-09-08Deobfuscate password in back endsJakub Hrozek1-7/+52
When obfuscated password is used in config file, the LDAP backend converts it back to clear text and uses it to authenticate to the server.
2010-09-02Make ldap bind asynchronousMartin Nagy1-91/+127
Every ldap function that could possibly create a new connection is now wrapped in a tevent_req. If the connection is created, we will call the function again after the socket is ready for writing.
2010-07-09Log TLS errors to syslogStephen Gallagher1-0/+6
Also adds support for detecting LDAPS errors by adding a check for SDAP_DIAGNOSTIC_MESSAGE after ldap_search_ext()
2010-07-09Eliminate delayed sdap_handle destruction after fail-over retry.eindenbom1-9/+6
2010-07-09Use new LDAP connection framework in IPA dynamic DNS forwarder.eindenbom1-7/+0
2010-07-09LDAP connection usage tracking, sharing and failover retry framework.eindenbom1-0/+16
2010-07-09GSSAPI ticket expiry time is returned from ldap_child and stored in ↵eindenbom1-3/+11
sdap_handle for future reference.
2010-06-28Make RootDSE optionalStephen Gallagher1-2/+14
In violation of the standard, some LDAP servers control access to the RootDSE, thus preventing us from being able to read it before performing a bind. This patch will allow us to continue on if the RootDSE was inaccessible. All of the places that we use the return value of the RootDSE after this are already checked for NULL and use sane defaults if the RootDSE is unavailable
2010-06-28Fix SASL authenticationSumit Bose1-2/+2
2010-06-06Fix broken build against older versions of OpenLDAPStephen Gallagher1-2/+2
OpenLDAP < 2.4 used LDAP_OPT_ERROR_STRING. It was changed to LDAP_OPT_DIAGNOSTIC_MESSAGE in 2.4. This patch will allow the TLS error messages to be displayed on either version.
2010-05-20Add a better error message for TLS failuresStephen Gallagher1-3/+32
2010-05-16Add ldap_krb5_ticket_lifetime optionSumit Bose1-4/+14
2010-05-07Add callback when the ID provider switches from offline to onlineStephen Gallagher1-0/+9
Allow backends to set a callback in the be_ctx that should be invoked when the ID provider goes online. This can be used to perform regular maintenance tasks that are valid only when going online.
2010-05-07Use all available servers in LDAP providerJakub Hrozek1-7/+53