Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-12-14 | Fix uninitialized value error in sdap_account_expired_shadow() | Sumit Bose | 1 | -2/+2 | |
https://fedorahosted.org/sssd/ticket/726 | |||||
2010-12-14 | Fix unchecked return value in sdap_parse_entry() | Sumit Bose | 1 | -1/+5 | |
https://fedorahosted.org/sssd/ticket/712 | |||||
2010-12-14 | Fix unchecked return value in sdap_get_msg_dn() | Sumit Bose | 1 | -1/+6 | |
https://fedorahosted.org/sssd/ticket/712 | |||||
2010-12-07 | Replace krb5_kdcip by krb5_server in LDAP provider | Sumit Bose | 2 | -4/+12 | |
2010-12-07 | Mark unavailable Kerberos server as PORT_NOT_WORKING | Sumit Bose | 1 | -0/+1 | |
2010-12-07 | ldap: Use USN entries if available. | Simo Sorce | 7 | -88/+186 | |
Otherwise fallback to the default modifyTimestamp indicator | |||||
2010-12-07 | ldap: add checks to determine if USN features are available. | Simo Sorce | 8 | -24/+133 | |
2010-12-07 | ldap: remove variable that was never assigned nor used | Simo Sorce | 2 | -10/+0 | |
2010-12-07 | Pass sdap_id_ctx in sdap_id_op functions. | Simo Sorce | 3 | -47/+51 | |
2010-12-06 | Add ldap_chpass_uri config option | Sumit Bose | 5 | -6/+47 | |
2010-12-06 | Add new account expired rule to LDAP access provider | Sumit Bose | 5 | -90/+508 | |
Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute. | |||||
2010-12-06 | Make string_to_shadowpw_days() public | Sumit Bose | 3 | -33/+36 | |
2010-12-02 | Add a special filter type to handle enumerations | Sumit Bose | 1 | -17/+6 | |
2010-12-01 | Add check_online method to LDAP ID provider | Sumit Bose | 3 | -1/+44 | |
2010-12-01 | Fix offline detection in sdap_cli_connect request | Sumit Bose | 1 | -0/+1 | |
sdap_cli_connect_recv_ext() checks if the failover server is not set to determine if the backend is offline. To make this work properly if multiple servers are defined the failover server must be set to NULL if all servers are checked. | |||||
2010-12-01 | Allow protocol fallback for SRV queries | Jakub Hrozek | 1 | -3/+2 | |
https://fedorahosted.org/sssd/ticket/691 | |||||
2010-11-19 | Fix offline detection for LDAP auth/chpass | Sumit Bose | 1 | -5/+13 | |
2010-11-15 | Fix const cast warning in build_attrs_from_map | Stephen Gallagher | 1 | -3/+3 | |
2010-11-15 | Fix const cast warning for sysdb_update_members | Stephen Gallagher | 1 | -6/+6 | |
2010-11-15 | Sanitize ldap attributes in the config file | Stephen Gallagher | 1 | -2/+21 | |
https://fedorahosted.org/sssd/ticket/458 | |||||
2010-11-15 | Properly document ldap_purge_cache_timeout | Stephen Gallagher | 1 | -1/+9 | |
Also allow it to be disabled entirely | |||||
2010-11-15 | Sanitize search filters in LDAP provider | Stephen Gallagher | 4 | -7/+61 | |
2010-11-15 | Sanitize sysdb dn for memberof lookup | Stephen Gallagher | 1 | -1/+11 | |
2010-11-15 | Sanitize sysdb filters in the LDAP provider | Stephen Gallagher | 1 | -2/+11 | |
2010-11-05 | Review comments for namingContexts patches | Sumit Bose | 2 | -14/+14 | |
2010-11-04 | Make ldap_search_base a non-mandatory option | Sumit Bose | 1 | -35/+25 | |
2010-11-04 | Use (default)namingContext to set empty search bases | Sumit Bose | 4 | -1/+117 | |
2010-11-04 | Add defaultNamingContext to RootDSE attributes | Sumit Bose | 2 | -0/+3 | |
2010-11-04 | Don't clean up groups for which a user has it as primary GID | Stephen Gallagher | 1 | -2/+15 | |
We were cleaning up all groups that were expired and for which there existed no user with memberOf: <thegroup> as an attribute. This patch modifies the search to also check for cached users with this group's GID as their primary GID. Fixes https://fedorahosted.org/sssd/ticket/624 | |||||
2010-11-01 | Fix misused SDAP_SEARCH_BASE | Moritz Baumann | 1 | -1/+1 | |
2010-10-27 | Allow authentication for referrals | Sumit Bose | 1 | -0/+193 | |
2010-10-26 | Always use uint32_t for UID/GID numbers | Jakub Hrozek | 2 | -23/+17 | |
2010-10-22 | Add some missing ldap_memfree() | Sumit Bose | 2 | -3/+6 | |
2010-10-22 | Add ldap_deref option | Sumit Bose | 4 | -1/+52 | |
2010-10-18 | set in_transaction explicitly to false | Jakub Hrozek | 1 | -1/+1 | |
2010-10-18 | Use unsigned long for conversion to id_t | Jakub Hrozek | 2 | -34/+16 | |
We used strtol() on a number of places to convert into uid_t or gid_t from a string representation such as LDAP attribute, but on some platforms, unsigned long might be necessary to store big id_t values. This patch converts to using strtoul() instead. | |||||
2010-10-18 | Add proper nested initgroup support for RFC2307bis servers | Stephen Gallagher | 1 | -3/+761 | |
2010-10-18 | Modify sysdb_[add|remove]_group_member to accept users and groups | Stephen Gallagher | 1 | -0/+1 | |
Previously, it assumed that all members were users. This changes the interface so that either a user or a group can be specified. Also, it eliminates the need for a memory context to be passed, since the internal memory should be self-contained. | |||||
2010-10-18 | Handle nested groups in RFC2307bis | Stephen Gallagher | 1 | -1/+776 | |
This first approach handles the non-optimized "pure" RFC2307bis case. It recursively calls into nested groups until it it has found them all or hits the pre-defined nesting limit. It then saves all member users first, then all groups to the sysdb | |||||
2010-10-18 | Make sdap_save_users_send handle zero users gracefully | Stephen Gallagher | 1 | -0/+5 | |
If we send a zero num_users value, we should just immediately return success, rather than starting a useless transaction | |||||
2010-10-18 | Add option to limit nested groups | Simo Sorce | 2 | -1/+3 | |
2010-10-15 | Save dummy member users during RFC2307 getgr{nam,gid} | Jakub Hrozek | 1 | -82/+279 | |
2010-10-15 | sysdb interface for adding fake users | Jakub Hrozek | 1 | -3/+4 | |
2010-10-15 | Save dummy groups to cache during initgroups | Jakub Hrozek | 1 | -0/+125 | |
If during initgroups operation we find out that any of the groups the user is a member of is not cached yet we add a incomplete, expired group entry. That way, we save ourselves from looking up and saving all the potential user entries the group may also consist of. Because the group is expired, it will be refreshed during the next getgrgid/getgrnam call and correct member list will be returned. | |||||
2010-10-15 | Check for GSSAPI before attempting to kinit | Jakub Hrozek | 1 | -8/+12 | |
2010-10-13 | Implement netgroup support for LDAP provider | Sumit Bose | 5 | -1/+982 | |
2010-10-13 | Add infrastructure to LDAP provider for netgroup support | Sumit Bose | 2 | -2/+51 | |
2010-10-13 | Initialize kerberos service for GSSAPI | Jakub Hrozek | 6 | -4/+294 | |
2010-10-13 | Make ldap_child report kerberos return code to parent | Jakub Hrozek | 4 | -13/+31 | |
2010-10-13 | Report Kerberos error code from ldap_child_get_tgt_sync | Jakub Hrozek | 1 | -23/+16 | |