sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2012-01-14	LDAP: Copy URI instead of pointing at failover service record	Stephen Gallagher	1	-2/+8
	In a heavy load environment, sometimes the failover service record would be updated and free the URI value. We need to guarantee that this URI string remains valid throughout the entire request. https://fedorahosted.org/sssd/ticket/1139
2011-12-12	Add sdap_connection_expire_timeout option	Stephen Gallagher	1	-0/+12
	https://fedorahosted.org/sssd/ticket/1036
2011-12-08	LDAP: Fix missing break statements in force_tls	Stephen Gallagher	1	-6/+12
	Also add a default case to protect against bad input
2011-12-08	LDAP provider: Error while setting the nocanon option should not be fatal	Jakub Hrozek	1	-3/+9
	https://fedorahosted.org/sssd/ticket/1100
2011-12-08	Add ldap_sasl_minssf option	Jan Zeleny	1	-0/+17
	https://fedorahosted.org/sssd/ticket/1075
2011-11-29	Provide means of forcing TLS and GSSAPI enabled/disabled for sdap connections	Jakub Hrozek	1	-7/+28

2011-11-29	LDAP: Try next failover server on any error	Stephen Gallagher	1	-9/+5

2011-11-22	Cleanup: Remove unused parameters	Jakub Hrozek	1	-9/+5

2011-11-18	Prevent printing NULL in several places of LDAP provider	Jakub Hrozek	1	-3/+5

2011-11-02	Support to request canonicalization in LDAP/IPA provider	Jan Zeleny	1	-0/+15
	https://fedorahosted.org/sssd/ticket/957
2011-09-06	sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string()	Pavel Březina	1	-16/+16
	https://fedorahosted.org/sssd/ticket/986
2011-09-06	sss_ldap_err2string() - function created	Pavel Březina	1	-2/+0
	https://fedorahosted.org/sssd/ticket/986
2011-08-26	Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON	Jakub Hrozek	1	-0/+11
	https://fedorahosted.org/sssd/ticket/978
2011-08-15	Handle timeout during sss_ldap_init_send	Jakub Hrozek	1	-1/+5
	In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds.
2011-08-01	Request password control unconditionally during bind	Jakub Hrozek	1	-6/+6
	https://fedorahosted.org/sssd/ticket/940
2011-06-30	Use ldap_init_fd() instead of ldap_initialize() if available	Sumit Bose	1	-36/+83

2011-04-27	Add ldap_page_size configuration option	Stephen Gallagher	1	-0/+4

2011-04-25	Modify principal selection for keytab authentication	Jan Zeleny	1	-2/+7
	Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
2011-04-12	Initialise rootdse to NULL if not available	Sumit Bose	1	-0/+1

2011-04-11	Initialise srv_opts even if rootDSE is missing	Sumit Bose	1	-8/+9

2011-04-08	Read only rootDSE data if rootDSE is available	Sumit Bose	1	-20/+22

2011-04-08	Don't pass NULL to printf for TLS errors	Jakub Hrozek	1	-19/+22
	https://fedorahosted.org/sssd/ticket/643
2011-02-16	Do not attempt to use START_TLS on SSL connections	Stephen Gallagher	1	-2/+10
	Not all LDAP servers are capable of handling dual-encryption with both TLS and SSL. https://fedorahosted.org/sssd/ticket/795
2011-01-06	Convert obfuscated password once at startup	Sumit Bose	1	-14/+0

2010-12-07	Mark unavailable Kerberos server as PORT_NOT_WORKING	Sumit Bose	1	-0/+1

2010-12-07	ldap: add checks to determine if USN features are available.	Simo Sorce	1	-9/+19

2010-12-01	Fix offline detection in sdap_cli_connect request	Sumit Bose	1	-0/+1
	sdap_cli_connect_recv_ext() checks if the failover server is not set to determine if the backend is offline. To make this work properly if multiple servers are defined the failover server must be set to NULL if all servers are checked.
2010-11-04	Use (default)namingContext to set empty search bases	Sumit Bose	1	-0/+8

2010-10-27	Allow authentication for referrals	Sumit Bose	1	-0/+193

2010-10-22	Add some missing ldap_memfree()	Sumit Bose	1	-2/+4

2010-10-22	Add ldap_deref option	Sumit Bose	1	-0/+37

2010-10-13	Initialize kerberos service for GSSAPI	Jakub Hrozek	1	-4/+88

2010-10-13	Make ldap_child report kerberos return code to parent	Jakub Hrozek	1	-1/+3

2010-09-15	Check if control is supported before using it.	Simo Sorce	1	-7/+9

2010-09-15	Revert "Make ldap bind asynchronous"	Jakub Hrozek	1	-127/+91
	This reverts 56d8d19ac9d857580a233d8264e851883b883c67
2010-09-15	Store rootdse supported features in sdap_handler	Sumit Bose	1	-34/+17

2010-09-08	Deobfuscate password in back ends	Jakub Hrozek	1	-7/+52
	When obfuscated password is used in config file, the LDAP backend converts it back to clear text and uses it to authenticate to the server.
2010-09-02	Make ldap bind asynchronous	Martin Nagy	1	-91/+127
	Every ldap function that could possibly create a new connection is now wrapped in a tevent_req. If the connection is created, we will call the function again after the socket is ready for writing.
2010-07-09	Log TLS errors to syslog	Stephen Gallagher	1	-0/+6
	Also adds support for detecting LDAPS errors by adding a check for SDAP_DIAGNOSTIC_MESSAGE after ldap_search_ext()
2010-07-09	Eliminate delayed sdap_handle destruction after fail-over retry.	eindenbom	1	-9/+6

2010-07-09	Use new LDAP connection framework in IPA dynamic DNS forwarder.	eindenbom	1	-7/+0

2010-07-09	LDAP connection usage tracking, sharing and failover retry framework.	eindenbom	1	-0/+16

2010-07-09	GSSAPI ticket expiry time is returned from ldap_child and stored in ↵	eindenbom	1	-3/+11
	sdap_handle for future reference.
2010-06-28	Make RootDSE optional	Stephen Gallagher	1	-2/+14
	In violation of the standard, some LDAP servers control access to the RootDSE, thus preventing us from being able to read it before performing a bind. This patch will allow us to continue on if the RootDSE was inaccessible. All of the places that we use the return value of the RootDSE after this are already checked for NULL and use sane defaults if the RootDSE is unavailable
2010-06-28	Fix SASL authentication	Sumit Bose	1	-2/+2

2010-06-06	Fix broken build against older versions of OpenLDAP	Stephen Gallagher	1	-2/+2
	OpenLDAP < 2.4 used LDAP_OPT_ERROR_STRING. It was changed to LDAP_OPT_DIAGNOSTIC_MESSAGE in 2.4. This patch will allow the TLS error messages to be displayed on either version.
2010-05-20	Add a better error message for TLS failures	Stephen Gallagher	1	-3/+32

2010-05-16	Add ldap_krb5_ticket_lifetime option	Sumit Bose	1	-4/+14

2010-05-07	Add callback when the ID provider switches from offline to online	Stephen Gallagher	1	-0/+9
	Allow backends to set a callback in the be_ctx that should be invoked when the ID provider goes online. This can be used to perform regular maintenance tasks that are valid only when going online.
2010-05-07	Use all available servers in LDAP provider	Jakub Hrozek	1	-7/+53