| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Remove code duplication.
|
|
|
|
This patch implements a wrapper for
sss_idmap_domain_has_algorithmic_mapping() for the sdap ID mapping.
Fixes https://fedorahosted.org/sssd/ticket/1960
|
|
Currently the range management code is in the generic LDAP provider and
can be used by the LDAP and AD provider. New ranges are allocated with
the help of a hash value of the domain SID.
If the IPA provider cannot find a range for a given domain it cannot
allocate a new range on its own but has to look up the idrange objects
on the FreeIPA server and use them accordingly. To allow the LDAP, AD
and IPA provider to use as much common code as possible a plugin
interface, similar to the one used to find the DNS site, to find a
missing range would be useful. The default plugin will be used by the
LDAP and the AD provider and the IPA provider will implement a plugin to
read the data from the server.
Fixes https://fedorahosted.org/sssd/ticket/1961
|
|
To allow libsss_idmap to manage all id-ranges the id-ranges of the
domains configured in sssd.conf which are currently unmanaged must be
added to libsss_idmap.
|
|
https://fedorahosted.org/sssd/ticket/1930
On misconfigured id-mapping range variables, the provider should not
start. We were internally correctly setting error code for failure, but
interruption of startup was not performed.
Also raised the debug level of message for this misconfiguration.
|
|
In commit 46222e5191473f9a46aec581273eb2eef22e23be we removed a very
similar DEBUG message while moving the whole piece of code to the idmap
library. But it turned out that the DEBUG message was useful while
testing the functionality, so this patch adds it back.
|
|
Calculation of range for domains is moved from
sdap_idmap code to sss_idmap code. Some refactoring
have been done to allow this move.
https://fedorahosted.org/sssd/ticket/1844
|
|
The sysdb context is already available through the 'domain' structure.
|
|
|
|
When converting built-in SID to unix GID/UID a confusing debug
message about the failed conversion was printed. This patch special
cases these built-in objects.
https://fedorahosted.org/sssd/ticket/1593
|
|
|
|
Previously, we were failing to start if ldap_idmap_autorid_compat
was True but the default domain SID was unspecified. This is the
recommended configuration, but it is functional without it. There
is just a slight risk that the IDs will be inconsistent between
machines if the first user requested is not from the default
domain.
https://fedorahosted.org/sssd/ticket/1530
|
|
This function will also auto-create a new ID map if the domain has
not been seen previously.
|
|
Also makes the domain prefix macros from sss_idmap public.
|
|
|
|
|
|
|
