summaryrefslogtreecommitdiff
path: root/src/providers/ldap
AgeCommit message (Collapse)AuthorFilesLines
2013-10-10LDAP: handle SID requests if noexist_delete is setSumit Bose1-0/+10
Fixes https://fedorahosted.org/sssd/ticket/2116
2013-09-27LDAP: Allow searching subdomain during RFC2307bis initgroupsJakub Hrozek1-9/+11
Related: https://fedorahosted.org/sssd/ticket/2070 Until now, the POSIX-compliant initgroups would only be able to search the parent domain. Since we want to allow using POSIX attributes from AD subdomains as well, we should allow searching a custom sdap_domain.
2013-09-27LDAP: Require ID numbers when ID mapping is offJakub Hrozek2-7/+77
Related: https://fedorahosted.org/sssd/ticket/2070 When searching for users and groups without the use of ID mapping, make sure the UIDs and GIDs are included in the search. This will make the SSSD seemigly "miss" entries when searching in Global Catalog in the scenario where the POSIX attributes are not replicated to the GC.
2013-09-26ad: store group in correct tree on initgroups via tokenGroupsPavel Březina1-11/+41
If tokenGroups contains group from different domain than user's, we stored it under the user's domain tree in sysdb. This patch changes it so we store it under group's domain tree. Resolves: https://fedorahosted.org/sssd/ticket/2066
2013-09-26sysdb: get_sysdb_grouplist() can return either names or dnPavel Březina2-16/+55
We need to work with distinguish names when processing cross-domain membership, because groups and users may be stored in different sysdb tree. Resolves: https://fedorahosted.org/sssd/ticket/2066
2013-09-24Include header file in implementation module.Lukas Slebodnik5-0/+5
Declarations of public functions was in header files, but header files was not included in implementation file.
2013-09-24Convert IN_MULTICAST parameter to host orderJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/2087 IN_MULTICAST accepts address in the host order, but network order was supplied.
2013-09-20LDAP: Use primary cn to search netgroupLukas Slebodnik3-7/+22
Resolves: https://fedorahosted.org/sssd/ticket/2075
2013-09-20sdap_domain_add: remove too strict consistency checkSumit Bose1-10/+0
The check worked for simple setups but fails e.g. in environment with trusts.
2013-09-20LDAP: Deprecate ldap_{user,group}_search_filterJakub Hrozek1-0/+12
2013-09-18AD: Download master domain info when enumeratingJakub Hrozek2-6/+11
https://fedorahosted.org/sssd/ticket/2068 With the current design, downloading master domain data was tied to subdomains refresh, triggered by responders. But because enumeration is a background task that can't be triggered on its own, we can't rely on responders to download the master domain data and we need to check the master domain on each enumeration request.
2013-09-18LDAP: sdap_id_setup_tasks accepts a custom enum requestJakub Hrozek3-17/+26
AD provider will override the default with its own.
2013-09-17util: add sss_idmap_talloc[_free]Pavel Březina1-14/+3
Remove code duplication.
2013-09-11Fix formating of variables with type: gid_tLukas Slebodnik1-2/+1
2013-09-11Fix formating of variables with type: id_tLukas Slebodnik1-5/+7
2013-09-11Fix warning: data argument not used by format stringLukas Slebodnik1-2/+5
2013-09-11Fix formating of variables with ber_ typeLukas Slebodnik2-3/+4
2013-09-11Fix formating of variables with type: time_tLukas Slebodnik5-6/+6
2013-09-11Fix formating of variables with type defined in stdint.hLukas Slebodnik1-2/+3
2013-09-11Fix formating of variables with type: size_tLukas Slebodnik14-43/+53
2013-09-11Use the same variable type like in struct ldb_message_elementLukas Slebodnik1-1/+1
struct ldb_message_element.num_values is unsigned This patch indirectly fixes printf format string warning.
2013-09-11Fix formating of variables with type: intLukas Slebodnik2-3/+4
2013-09-11Fix formating of variables with type: longLukas Slebodnik3-8/+11
2013-09-11LDAP: Store cleanup timestamp after initial cleanupJakub Hrozek3-10/+10
When the SSSD changes serves (and hence lastUSN) we perform a cleanup as well. However, after recent changes, we didn't set the cleanup timestamp correctly, which made the lastUSN logic fail.
2013-09-10is_dn(): free dnPavel Březina1-0/+2
2013-09-02Fix czech specific character in my namePavel Březina2-2/+2
2013-08-28LDAP: Make sdap_id_setup_tasks reusable for subdomainsJakub Hrozek3-7/+19
Instead of always performing the setup for the main domain, the setup can now be performed for subdomains as well.
2013-08-28LDAP: Make the cleanup task reusable for subdomainsJakub Hrozek5-42/+73
Instead of always performing the cleanup on the main domain, the task now accepts a sdap_domain structure to perform the cleanup on. This change will make the cleanup task reusable for subdomains.
2013-08-28LDAP: Make cleanup synchronousJakub Hrozek3-150/+34
The LDAP cleanup request was asynchronous for no good reason, probably a leftover from the days of async sysdb. This patch makes it sychronous again, removing a lot of uneeded code.
2013-08-28LDAP: Convert enumeration to the ptask APIJakub Hrozek4-136/+132
https://fedorahosted.org/sssd/ticket/1942 Identity providers other than LDAP need to customize the enumeration in different ways while sharing the way the task is scheduled etc. The easiest way to accomplish it is to leverage the recently introduced ptask framework.
2013-08-28LDAP: Move the ldap enum request to its own reusable moduleJakub Hrozek6-642/+741
The LDAP enumeration was too closely tied to the LDAP identity provider. Because some providers might need special handling such as refresh the master domain record before proceeding with the enumeration itself, this patch splits the request itself to a separate async request and lets the ldap_id_enum.c module only configure this new request. Also move the enum timestamp to sdap_domain to make the enum tracking per sdap domain. The cleanup timestamp will be moved in another patch.
2013-08-28LDAP: Remove unused constantJakub Hrozek1-2/+0
The constant was not used since Euegene came up with his reconnection logic.
2013-08-28LDAP: Add enum_{users,groups}_recv to follow the tevent_req styleJakub Hrozek1-24/+19
The enum code was quite old and predated the tevent_req style. In particular, the enum code was checking tevent state direcly and not using _recv functions or the helper macros we added later. As a consequence, it was not easy to read. This patch adds the standard _recv functions to read the status of the enum requests.
2013-08-26sudo: do not strdup usn on ENOENTPavel Březina1-1/+1
If USN attribute is not present, we call strdup on uninitialized variable. This may cause segfault, or if we are lucky and usn is NULL it will return ENOMEM.
2013-08-26sudo: do not fail to store the rule if we can't read usnPavel Březina1-3/+4
Resolves: https://fedorahosted.org/sssd/ticket/2052
2013-08-19sysdb_add_incomplete_group: store SID string is availableSumit Bose2-9/+18
During initgroups request we read the SID of a group from the server but do not save it to the cache. This patch fixes this and might help to avoid an additional lookup of the SID later.
2013-08-19save_rfc2307bis_user_memberships: use fq names for subdomainsSumit Bose1-0/+16
For subdomains the group names must be expanded to fully qualified names to be able to find existing groups or properly add new ones.
2013-08-19sdap_add_incomplete_groups: use fully qualified name if neededSumit Bose1-4/+14
For subdomains the group names must be expanded to fully qualified names to be able to find existing groups or properly add new ones.
2013-08-19sudo: continue if we are unable to resolve fqdnPavel Březina1-1/+0
https://fedorahosted.org/sssd/ticket/2043
2013-08-19sdap_save_user: save original primary GID of subdomain usersSumit Bose1-11/+22
If ID mapping is enabled we use magic private groups (MPG) for subdomains, i.e. the UID and the primary GID of the user will have the same numerical value. As a consequence the information about the original primary group might get lost because neither in AD domains nor on a typical UNIX system the user is an explicit member of it's primary group. With this patch the mapped GID or the original primary group is saved in the cached user object under a new attribute. Fixes https://fedorahosted.org/sssd/ticket/2027
2013-08-19sdap_get_initgr_done: use the right SID to get a GIDSumit Bose1-1/+2
2013-08-11ldap, krb5: More descriptive msg on chpass failure.Michal Zidek1-0/+15
Print more descriptive message when wrong current password is given during password change operation. resolves: https://fedorahosted.org/sssd/ticket/2029
2013-08-08Enable removing nonexisting dn in sdap_handle_account_infoLukas Slebodnik1-1/+1
Change was introduced in commit ca344fde
2013-08-08Fix memory context for hash entriesSumit Bose1-2/+4
In sdap_nested_group_populate_users() username and orignal_dn are allocated on a temporary memory context. If the corresponding user is not found in the cache both are added to a hash which is later on returned to the caller. To avoid a use-after-free when the hash entries are looked up both must be reassigned to the memory context of the hash.
2013-08-07Fix memory context for a state memberSumit Bose1-1/+1
primary_name was allocated on a temporary memory context but as it is a member of the state struct it should belong to the memory context of the state.
2013-08-05sudo: print better debug message when a rule has multiple cn valuesPavel Březina1-1/+5
2013-08-05sudo: skip rule on error instead of failing completelyPavel Březina1-1/+3
https://fedorahosted.org/sssd/ticket/2031
2013-07-25Prevent using uninitialized "group_name" in done section.Lukas Slebodnik1-1/+1
Coverity ID: 11927
2013-07-24LDAP: Use domain-specific name where appropriateJakub Hrozek5-112/+159
The subdomain users user FQDN in their name attribute. However, handling of whether to use FQDN in the LDAP code was not really good. This patch introduces a utility function and converts code that was relying on user/group names matching to this utility function. This is a temporary fix until we can refactor the sysdb API in #2011.
2013-07-17SIGCHLD handler: do not call callback when pvt data where freedPavel Březina1-1/+1
https://fedorahosted.org/sssd/ticket/1992