summaryrefslogtreecommitdiff
path: root/src/providers/ldap/sdap_async_groups.c
AgeCommit message (Collapse)AuthorFilesLines
2012-06-20Fix possible segfault in sdap_save_group()Jan Zeleny1-2/+11
2012-06-15Fixed debug message in sdap_save_group()Jan Zeleny1-1/+1
2012-06-13Fix an issue in ghost usersJan Zeleny1-75/+47
There was an issue with ghost members in nested groups. Consider a scenario with two groups A and B, B being member of A and having some ghost members. In such case SSSD stored both groups, then added membership between them and then added ghost members to the group B. The problem was that adding ghost members to group B didn't propagate these ghost members to group A. This functionality could have been solved by memberof plugin but the logic is far more complicated that changes this patch introduces. The change is simple: add ghost members at the same time as the group is created, even if groups are supposed to be stored in two passes. That way ghost members will be present at the time A -> B membership is created and they will be propagated as expected.
2012-06-13LDAP: Auto-detect support for the ldap match ruleStephen Gallagher1-0/+1
This patch extends the RootDSE lookup so that we will perform a second request to test whether the match rule syntax can be used. If both groups and initgroups are disabled in the configuration, this lookup request can be skipped.
2012-06-13LDAP: Add support for AD chain matching extension in group lookupsStephen Gallagher1-9/+153
2012-06-12LDAP: Remove redundant checkStephen Gallagher1-11/+0
The same block appeared earlier in the function and neither variable could have changed values since.
2012-05-31Add support for filtering atributesJan Zeleny1-5/+5
This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
2012-05-31Ghost members - support in LDAP providerJan Zeleny1-186/+286
The original approach was to store name and original DN in an object in sysdb. When later referenced as member of a group, it was retrieved by its original DN and the correct information about its sysdb DN was stored in the group object which referenced it. The new approach doesn't use fake user objects, therefore this information has to be reached differently when constructing group memberships. The approach is to store all users to a hash table where original DN is used as the key and username as value. When constructing group memberships, the name is retrieved from this hash table instead of sysdb. This hash table is constructed when retrieving user objects from LDAP server - if the user is not present in sysdb, it is automatically stored in the hash table. Another situation is for rfc2307. Because there is no nesting there, we can construct the SYSDB_GHOST attribute directly and therefore don't need a hash table of ghost users.
2012-05-22LDAP nested groups: Do not process callback with _post deep in the nested ↵Jakub Hrozek1-12/+10
structure https://fedorahosted.org/sssd/ticket/1343
2012-05-16Use the sysdb attribute name, not LDAP attribute nameJakub Hrozek1-1/+1
2012-05-10LDAP: Handle very large Active Directory groupsStephen Gallagher1-17/+37
Active Directory 2008R2 allows only 1500 group members to be retrieved in a single lookup. However, when we hit such a situation, we can take advantage of the ASQ lookups, which are not similarly limited. With this patch, we will add any members found by ASQ that were not found by the initial lookup so we will end with a complete group listing. https://fedorahosted.org/sssd/ticket/783
2012-05-10LDAP: Add attr_count return value to build_attrs_from_map()Stephen Gallagher1-6/+8
This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL.
2012-05-03LDAP: Add helper function to map IDsStephen Gallagher1-46/+2
This function will also auto-create a new ID map if the domain has not been seen previously.
2012-05-03LDAP: Do not remove uidNumber and gidNumber attributes when saving id-mapped ↵Stephen Gallagher1-0/+5
entries
2012-05-03LDAP: Add helper routine to convert LDAP blob to SID stringStephen Gallagher1-20/+4
2012-05-03LDAP: Allow looking up ID-mapped groups by nameStephen Gallagher1-18/+105
2012-05-02LDAP: check return value of sysdb_attrs_get_elJakub Hrozek1-0/+7
2012-04-18Fixed minor memory leak in ldap providerJan Zeleny1-0/+1
2012-04-18Fixed memory context in sdap_fill_memberships()Jan Zeleny1-1/+1
2012-04-18Removed unused block of code is sdap_fill_memberships()Jan Zeleny1-57/+29
2012-04-18Removed a block of dead code in sdap_async_groups.cJan Zeleny1-20/+1
2012-02-24Modifications to simplify list_missing_attrsJan Zeleny1-1/+1
2012-02-24LDAP: Only use paging control on requests for multiple entriesStephen Gallagher1-5/+10
The paging control can cause issues on servers that put limits on how many paging controls can be active at one time (on some servers, it is limited to one per connection). We need to reduce our usage so that we only activate the paging control when making a request that may return an arbitrary number of results. https://fedorahosted.org/sssd/ticket/1202 phase one
2012-02-17LDAP: Ignore group member users that do not have name attributesStephen Gallagher1-2/+2
Instead of failing the group lookup, just skip them. This was impacting some users of ActiveDirectory where not all users had the appropriate attributes. https://fedorahosted.org/sssd/ticket/1169
2012-02-14Fix memory hierarchy when processing nested group membershipsJakub Hrozek1-2/+2
https://fedorahosted.org/sssd/ticket/1186
2012-02-04NSS: Add individual timeouts for entry typesStephen Gallagher1-7/+7
https://fedorahosted.org/sssd/ticket/1016
2012-02-04LDAP: Fix incorrect search timeoutsStephen Gallagher1-1/+1
2012-02-04LDAP: Do not fail if RootDSE check cannot determine search basesStephen Gallagher1-0/+9
https://fedorahosted.org/sssd/ticket/1152
2011-12-16Logically dead code in sdap_nested_group_lookup_groupPavel Březina1-1/+1
https://fedorahosted.org/sssd/ticket/1113
2011-12-16Use the case sensitivity flag in the LDAP providerJakub Hrozek1-2/+2
2011-12-16Refactor saving sdap entitiesJakub Hrozek1-39/+10
There was too much code duplication between sdap_save_{user,group,netgroup}. This patch removes the most egregious ones.
2011-12-14Support search bases in RFC2307bis enumerationPavel Březina1-10/+145
https://fedorahosted.org/sssd/ticket/960
2011-11-29Fix two small bugs in group dereferencingJakub Hrozek1-2/+5
2011-11-22Cleanup: Remove unused parametersJakub Hrozek1-12/+6
2011-11-11Use one transaction instead of two during RFC2307bis group processingJakub Hrozek1-31/+55
https://fedorahosted.org/sssd/ticket/1054
2011-11-08LDAP: Remove redundant groups from the lookup listStephen Gallagher1-23/+0
2011-11-02LDAP: Add support for multiple search bases for group enumerationStephen Gallagher1-21/+95
2011-11-02LDAP: Support multiple group search bases (non-enumeration, RFC2307)Stephen Gallagher1-13/+62
2011-10-13SysDB commands that save lastUpdate allows this value to be passed inPavel Březina1-12/+22
https://fedorahosted.org/sssd/ticket/836
2011-10-06Fix small bug where TALLOC_CTX could end up unfreed.Pavel Zuna1-3/+3
2011-09-28Store name aliases for users, groupsJakub Hrozek1-37/+92
Also checks fake users for aliases when storing a real users so that getgrnam for a RFC2307 group that references a user by his secondary name followed by getpwnam for this user by his primary name works
2011-09-06Allow turning dereference off by setting the threshold to 0Jakub Hrozek1-1/+1
2011-08-29Fix moving to next entry in deref codeJakub Hrozek1-1/+6
https://fedorahosted.org/sssd/ticket/973
2011-08-15Moved some functions in sdap_async_groupsJan Zeleny1-122/+112
2011-08-15Confusing part of code cleared outJan Zeleny1-34/+32
2011-08-15sdap_async_accounts.c splitJan Zeleny1-0/+2810
The file has been split in three: sdap_async_users.c sdap_async_groups.c sdap_async_initgroups.c https://fedorahosted.org/sssd/ticket/864
generated by cgit (git 2.34.1) at 2025-01-03 19:28:22 +0000