| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
https://fedorahosted.org/sssd/ticket/1537
changes upper limit of slices to 2000200000 in providers code and
manpage.
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1535
|
|
https://fedorahosted.org/sssd/ticket/1303
Domain start up was taking too long when there are many principals
in a kerberos keytab. We were looking up in the keytab two times.
The first time we try to select a proper principal and remember it.
The second call happens almost right after the first one and
it is just a check if the principal exists in the keytab, without
any output information other than success/failure. It is
probably a left over from https://fedorahosted.org/sssd/ticket/781.
This patch removes the second call.
|
|
Certain LDAP servers can return an empty string as the value of
namingContexts. We need to treat these as NULL so that we can fail
gracefully.
https://fedorahosted.org/sssd/ticket/1542
|
|
The domain can be read from the sysdb object. Removing the domain string
makes the API more self-contained.
|
|
This patch switches from using just key in the RDN to using both key and
value. That is neccessary to allow multiple direct mounts in a single
map.
|
|
https://fedorahosted.org/sssd/ticket/1506
Changes how the new autofs entry objects are handled. Instead of
creating the entry on the cn=autofs,cn=custom level, the entry is
created below the map it belongs to.
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1355
|
|
|
|
Previously, we were failing to start if ldap_idmap_autorid_compat
was True but the default domain SID was unspecified. This is the
recommended configuration, but it is functional without it. There
is just a slight risk that the IDs will be inconsistent between
machines if the first user requested is not from the default
domain.
https://fedorahosted.org/sssd/ticket/1530
|
|
https://fedorahosted.org/sssd/ticket/1440
|
|
https://fedorahosted.org/sssd/ticket/1225
krb5_child already updated before. Adding more debuginfo into
ldap_child. Also old debug levels rewritten into new macros.
|
|
https://fedorahosted.org/sssd/ticket/1521
|
|
The list of resolved servers is allocated on the back end context and
kept in the fo_service structure. However, a single request often
resolves a server and keeps a pointer until the end of a request and
only then gives feedback about the server based on the request result.
This presents a big race condition in case the SRV resolution is used.
When there are requests coming in in parallel, it is possible that an
incoming request will invalidate a server until another request that
holds a pointer to the original server is able to give a feedback.
This patch simply checks if a server is in the list of servers
maintained by a service before reading its status.
https://fedorahosted.org/sssd/ticket/1364
|
|
https://fedorahosted.org/sssd/ticket/1488
|
|
|
|
https://fedorahosted.org/sssd/ticket/1365
|
|
Removing bad examples of usage of sysdb_transaction_start/commit/end
functions and making it more consistent (all files except of
src/db/sysdb_*.c).
|
|
https://fedorahosted.org/sssd/ticket/734
We successfully detect when the server is reinitialized by testing
the new lastUSN value. The maximum USN values are set to zero, but
the current cache content remains.
This patch removes records that were deleted from the server.
It uses the following approach:
1. remove entryUSN attribute from all entries
2. run enumeration
3. remove records that doesn't have entryUSN attribute updated
We don't need to do this for sudo rules, they will be refreshed
automatically during next smart/full refresh, or when an expired rule
is deleted.
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=846664
If the first group was cached when processing the nested group membership,
we would call tevent_req_done, effectivelly marking the whole nesting
level as done.
|
|
https://fedorahosted.org/sssd/ticket/1472
|
|
group members with groups outside nesting limit.
https://fedorahosted.org/sssd/ticket/1194
|
|
https://fedorahosted.org/sssd/ticket/1463
|
|
https://fedorahosted.org/sssd/ticket/1462
|
|
It does not contain name of the object class attribute but the value
itself. I renamed it to avoid confusion.
|
|
https://fedorahosted.org/sssd/ticket/1393
|
|
This patch adds support for new config options krb5_backup_server and
krb5_backup_kpasswd. The description of this option's functionality
is included in man page in one of previous patches.
|
|
This patch adds support for new config option ldap_backup_uri. The
description of this option's functionality is included in man page in
previous patch.
|
|
This patch adds support for the primary server functionality into LDAP
provider. No backup servers are added at the moment, just the basic
support is in place.
|
|
This patch adds support for marking existing connections as being
disconnected. Each such connection can't be used for new queries and a
new one has to be created instead if necessary. This will ensure that
pending operations will end gracefully during reconnection. Also all new
queries to the server we are reconnecting to will use another (probably
newly created) connection.
|
|
Now there are two list of servers for each service. If currently
selected server is only backup, then an event will be scheduled which
tries to get connection to one of primary servers and if it succeeds,
it starts using this server instead of the one which is currently
connected to.
|
|
Patch bc76428246c4ce532abd0eadcd539069fc1d94a8 changed the data
type of sasl_minssf from int to ber_len_t. Unfortunately, default
value of ldap_sasl_minssf is -1 but ber_len_t is defined as
unsigned long. This made SASL mechanism inoperative.
|
|
https://fedorahosted.org/sssd/ticket/1420
sudoHost attribute may contain hostname or fqdn of the machine.
Sudo itself supports only one hostname and its fqdn - the one that
is returned by gethostbyname().
This patch implements autoconfiguration of hostname and fqdn if
it has not been set manually by ldap_sudo_hostnames option.
|
|
|
|
https://fedorahosted.org/sssd/ticket/1379
|
|
|
|
The attribute is supposed to contain number of days since the epoch, not
the number of seconds.
|
|
Coverity #12770
|
|
Coverity #12797
|
|
Coverity #12802
|
|
* This broke corner cases when used with
default_tkt_types = des-cbc-crc
and DES enabled on an AD domain.
* This is fixed in kerberos instead, in a more correct way
and in a way which we cannot replicate.
|
|
This will eliminate ambiguity for the AD provider
|
|
This function is not supposed to return any newly-allocated memory
directly. It was actually leaking the memory for krb5_servers if
krb5_kdcip was being used, though it was undetectable because it
was allocated on the provided memctx.
This patch removes the memctx parameter and allocates krb5_servers
temporarily on NULL and ensures that it is freed on all exit
conditions. It is not necessary to retain this memory, as
dp_opt_set_string() performs a talloc_strdup onto the appropriate
context internally.
It also updates the DEBUG messages for this function to the
appropriate new macro levels.
|
