summaryrefslogtreecommitdiff
path: root/src/providers/ldap
AgeCommit message (Collapse)AuthorFilesLines
2011-04-27Add ldap_page_size configuration optionStephen Gallagher4-3/+9
2011-04-27Enable paging support for LDAPStephen Gallagher1-23/+117
2011-04-27Log the LDAP message type we're processingStephen Gallagher1-0/+57
2011-04-25Modify principal selection for keytab authenticationJan Zeleny5-6/+19
Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
2011-04-19Add last usn checking after reconnectionJan Zeleny2-1/+31
When reconnecting to the LDAP server supporting USNs (either because of new incomming id operation or invokation of callback responsible for checking status of the backend), detect whether the highest USN is lower than the one SSSD has recorded. If so, setup enumeration/cleanup to refresh potentionally changed account information in the SSSD cache. Related ticket: https://fedorahosted.org/sssd/ticket/734
2011-04-19Add value of the last USN to server configurationStephen Gallagher2-0/+16
Related: https://fedorahosted.org/sssd/ticket/734
2011-04-19Add user and group search LDAP filter optionsJakub Hrozek4-19/+82
https://fedorahosted.org/sssd/ticket/647
2011-04-15Do not throw a DP error when failing to delete a nonexistent entityStephen Gallagher1-4/+4
2011-04-12Never remove gecos from the sysdb cacheStephen Gallagher1-0/+9
Now that gecos can come from either the 'gecos' or 'cn' attributes, we need to ensure that we never remove it from the cache.
2011-04-12Initialise rootdse to NULL if not availableSumit Bose1-0/+1
2011-04-11Initialise srv_opts even if rootDSE is missingSumit Bose2-46/+49
2011-04-08Read only rootDSE data if rootDSE is availableSumit Bose1-20/+22
2011-04-08Fix unchecked return values of pam_add_responseJakub Hrozek1-2/+7
https://fedorahosted.org/sssd/ticket/798
2011-04-08Don't pass NULL to printf for TLS errorsJakub Hrozek3-33/+24
https://fedorahosted.org/sssd/ticket/643
2011-04-01Only save members for successfully saved groupsJakub Hrozek1-2/+17
2011-03-30Fall back to cn if gecos is not availableStephen Gallagher1-0/+9
We were not fully compliant with section 5.3 of RFC 2307 which states: An account's GECOS field is preferably determined by a value of the gecos attribute. If no gecos attribute exists, the value of the cn attribute MUST be used. (The existence of the gecos attribute allows information embedded in the GECOS field, such as a user's telephone number, to be returned to the client without overloading the cn attribute. It also accommodates directories where the common name does not contain the user's full name.)
2011-03-28Mark transaction as done when cancelledJakub Hrozek1-2/+8
2011-03-28RFC2307: Ignore zero-length member names in group lookupsStephen Gallagher1-0/+4
2011-03-28Always complete the transaction in sdap_process_group_members_2307Stephen Gallagher1-0/+11
If the loop ran through at least one sdap_process_missing_member_2307() call and errored out later, we were not canceling the transaction.
2011-03-28Fix typo in sdap_nested_group_process_stepJakub Hrozek1-1/+1
2011-03-24Return from functions in LDAP provider after marking request as failedJakub Hrozek1-1/+4
2011-03-24Add host access control supportPierre Ossman5-2/+155
https://fedorahosted.org/sssd/ticket/746
2011-03-23Add sysdb_attrs_primary_name_list() routineStephen Gallagher1-18/+22
This routine will replace the use of sysdb_attrs_to_list() for any case where we're trying to get the name of the entry. It's a necessary precaution in case the name is multi-valued.
2011-03-23Use sysdb_attrs_primary_name() in sdap_initgr_nested_store_groupStephen Gallagher1-1/+3
2011-03-23Use fake groups during IPA schema initgroupsJakub Hrozek1-114/+418
https://fedorahosted.org/sssd/ticket/822
2011-03-23Add originalDN to fake groupsJakub Hrozek1-1/+10
2011-03-23RFC2307bis: Ignore aliases for groupsStephen Gallagher1-14/+26
Groups in ldap with multiple values for their groupname attribute will now be compared against the RDN of the entry to determine the "primary" group name. We will save only this primary group name to the ldb cache.
2011-03-23RFC2307: Ignore aliases for groupsStephen Gallagher1-23/+35
Groups in ldap with multiple values for their groupname attribute will now be compared against the RDN of the entry to determine the "primary" group name. We will save only this primary group name to the ldb cache.
2011-03-23Ignore aliases for usersStephen Gallagher1-20/+26
Users in ldap with multiple values for their username attribute will now be compared against the RDN of the entry to determine the "primary" username. We will save only this primary name to the ldb cache.
2011-03-22Sanitize DN when searching the original DN in the cacheSumit Bose1-1/+9
2011-03-17Fix incorrect return value checkStephen Gallagher1-1/+1
2011-03-15Fix LDAP search filter for nested initgroupsJakub Hrozek1-1/+1
2011-03-14Fix one unlikely case of failure in sdap_id_op moduleJan Zeleny1-1/+3
There can be an unlikely scenario when the first part of sdap_id_op_connect_done works fine and there is no need to mark backend offline. But right after the check, the memory allocation can fail in which case the backend needs to be marked offline along with disabled reconnecting.
2011-03-14Require existence of username, uid and gid for user enumerationStephen Gallagher1-12/+18
We will ignore users that do not have these three values.
2011-03-14Require existence of GID number and name in group searchesStephen Gallagher3-25/+42
https://fedorahosted.org/sssd/ticket/824
2011-03-09Release handle if not connectedSumit Bose1-0/+1
2011-02-21IPA provider: remove deleted groups during initgroups()Stephen Gallagher1-3/+112
The IPA provider was not properly removing groups in the cache that the user was no longer a member of. https://fedorahosted.org/sssd/ticket/803
2011-02-18Remove cached user entry if initgroups returns ENOENTStephen Gallagher1-0/+11
This behavior was present for getpwnam() but was lacking for initgroups.
2011-02-16Do not attempt to use START_TLS on SSL connectionsStephen Gallagher4-11/+43
Not all LDAP servers are capable of handling dual-encryption with both TLS and SSL. https://fedorahosted.org/sssd/ticket/795
2011-02-14Verify LDAP file descriptor validityStephen Gallagher1-1/+1
2011-02-11Fix cleanup transactionStephen Gallagher1-0/+1
Without setting in_transaction=true, if the sysdb operations threw an error, we wouldn't cancel the transaction.
2011-02-04Only print "no matching service rule" when appropriateStephen Gallagher1-6/+6
2011-02-03Wrap cleanup task in a sysdb transactionStephen Gallagher1-0/+20
2011-02-01Sanitize search filters for nested group lookupsStephen Gallagher1-3/+17
2011-01-31Remove LDAP_DEPRECATEDSumit Bose1-1/+0
2011-01-27Add option to disable TLS for LDAP authStephen Gallagher3-2/+19
Option is named to discourage use in production environments and is intentionally not listed in the SSSDConfig API.
2011-01-27Do not fail if attributes are emptySumit Bose1-16/+29
Currently we fail if attributes are empty. But there are some use cases where requested attributes are empty. E.g Active Directory uses an empty member attribute to indicate that a subset of the members are in a range sub-attribute.
2011-01-21Delete attributes that are removed from LDAPStephen Gallagher3-8/+163
Sometimes, a value in LDAP will cease to exist (the classic example being shadowExpire). We need to make sure we purge that value from SSSD's sysdb as well. https://fedorahosted.org/sssd/ticket/750
2011-01-21Fix nested group handling during enumerationSumit Bose1-0/+14
Nested groups where not unrolled completely during the first enumeration run because not all where present in the cache.
2011-01-21Add missing include file to sdap_async_accounts.cStephen Gallagher1-0/+1
generated by cgit (git 2.34.1) at 2024-11-01 08:05:00 +0000