summaryrefslogtreecommitdiff
path: root/src/providers/ldap
AgeCommit message (Collapse)AuthorFilesLines
2011-06-30Use ldap_init_fd() instead of ldap_initialize() if availableSumit Bose3-37/+88
2011-06-30Use name based URI instead of IP address based URIsSumit Bose1-37/+2
2011-06-30Add sdap_call_conn_cb() to call add connection callback directlySumit Bose2-0/+40
2011-06-30Add sockaddr_storage to sdap_serviceSumit Bose2-0/+12
2011-06-16Do not check pwdAttributeSumit Bose1-9/+0
It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy.
2011-06-15Switch resolver to using resolv_hostent and honor TTLJakub Hrozek1-2/+2
2011-06-02Non-posix group processing - ldap provider and nss responderJan Zeleny2-28/+79
2011-06-02Use escaped IP addresses in LDAP providerJakub Hrozek1-6/+56
2011-05-25Sanitize username during initgroups callSumit Bose1-1/+7
2011-05-25Separate return paths for success and failure in sdap_nested_group_check_cacheJakub Hrozek1-6/+10
2011-05-24Make "password" the default for ldap_default_authtok_typeStephen Gallagher1-1/+1
2011-05-24Fix uninitialized scalar variable in sdap_nested_group_check_cacheJakub Hrozek1-2/+4
https://fedorahosted.org/sssd/ticket/878
2011-05-24Fix uninitialized pointer read in sdap_x_deref_parse_entryJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/877
2011-05-24Fix bad comparison in sdap_has_deref_supportJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/876
2011-05-20Use dereference when processing RFC2307bis nested groupsJakub Hrozek3-15/+457
Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799
2011-05-20Refactor RFC2307bis nested group processingJakub Hrozek1-123/+188
This patch splits checking cache and hash tables into standalone functions. This will make it easy to reuse the code in a new branch that uses dereferencing.
2011-05-20Use fake users during RFC2307bis nested group processingJakub Hrozek1-13/+165
Instead of downloading complete user data which is potentionally very slow, only download the necessary minimum information and store the users as dummy entries.
2011-05-20Change sysdb_add_fake_user to add OriginalDNJakub Hrozek1-1/+1
RFC2307bis code relies heavily on originalDN, so the fake users need to have an option to store it, too.
2011-05-20Generic dereference searchJakub Hrozek2-0/+157
A generic wrapper around ASQ and OpenLDAP dereference searches. https://fedorahosted.org/sssd/ticket/635
2011-05-20OpenLDAP dereference searchesJakub Hrozek3-0/+376
This dereference method is supported at least by OpenLDAP and 389DS/RHDS For more details, see: http://tools.ietf.org/html/draft-masarati-ldap-deref-00
2011-05-20Add support for Attribute Scoped QueriesJakub Hrozek1-0/+203
For more details on ASQ, see: http://msdn.microsoft.com/en-us/library/aa366976%28VS.85%29.aspx http://msdn.microsoft.com/en-us/library/aa746418%28v=VS.85%29.aspx
2011-05-20Generic dereference data structures and utilitiesJakub Hrozek2-0/+45
These will be shared by both dereference methods in a later patch.
2011-05-20sdap_get_generic_extJakub Hrozek1-73/+202
Add a private sdap_get_generic_ext_send()/_recv() request that exposes more of ldap_search_ext options, in particular the server contols. The existing sdap_generic_search_send()/_recv() request is now a thin wrapper around the new _ext request. The other important change is that an entry parsing is a callback now. That was done in order to allow custom parsing for results such as OpenLDAP deref or Attribute Scoped Queries.
2011-05-20Remove append_attrs_to_arrayJakub Hrozek2-12/+0
This function was not used anywhere
2011-05-20IPA Provider: don't fail if user is not a member of any groupsStephen Gallagher1-2/+5
2011-05-16Possible memory leak fixedJan Zeleny1-1/+1
2011-05-16Fixed wrong variable in sdap_initgr_nested_storeJan Zeleny1-1/+1
2011-05-04Fixed lastUSN checking improvementsJan Zeleny3-5/+23
This patch fixes some issues with setting lastUSN attribute and it adds check against the highest user/group USN after enumeration to keep better track of the real highest USN. Optimal solution here would be to schedule a check of rootDSE entry right after the enumeration finishes, but for the moment this is good enough.
2011-05-04Do not leak LDAP URI with high log levelJakub Hrozek1-2/+7
2011-04-28Do not leak LDAP paging controlsJakub Hrozek1-0/+5
2011-04-27Add ldap_page_size configuration optionStephen Gallagher4-3/+9
2011-04-27Enable paging support for LDAPStephen Gallagher1-23/+117
2011-04-27Log the LDAP message type we're processingStephen Gallagher1-0/+57
2011-04-25Modify principal selection for keytab authenticationJan Zeleny5-6/+19
Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
2011-04-19Add last usn checking after reconnectionJan Zeleny2-1/+31
When reconnecting to the LDAP server supporting USNs (either because of new incomming id operation or invokation of callback responsible for checking status of the backend), detect whether the highest USN is lower than the one SSSD has recorded. If so, setup enumeration/cleanup to refresh potentionally changed account information in the SSSD cache. Related ticket: https://fedorahosted.org/sssd/ticket/734
2011-04-19Add value of the last USN to server configurationStephen Gallagher2-0/+16
Related: https://fedorahosted.org/sssd/ticket/734
2011-04-19Add user and group search LDAP filter optionsJakub Hrozek4-19/+82
https://fedorahosted.org/sssd/ticket/647
2011-04-15Do not throw a DP error when failing to delete a nonexistent entityStephen Gallagher1-4/+4
2011-04-12Never remove gecos from the sysdb cacheStephen Gallagher1-0/+9
Now that gecos can come from either the 'gecos' or 'cn' attributes, we need to ensure that we never remove it from the cache.
2011-04-12Initialise rootdse to NULL if not availableSumit Bose1-0/+1
2011-04-11Initialise srv_opts even if rootDSE is missingSumit Bose2-46/+49
2011-04-08Read only rootDSE data if rootDSE is availableSumit Bose1-20/+22
2011-04-08Fix unchecked return values of pam_add_responseJakub Hrozek1-2/+7
https://fedorahosted.org/sssd/ticket/798
2011-04-08Don't pass NULL to printf for TLS errorsJakub Hrozek3-33/+24
https://fedorahosted.org/sssd/ticket/643
2011-04-01Only save members for successfully saved groupsJakub Hrozek1-2/+17
2011-03-30Fall back to cn if gecos is not availableStephen Gallagher1-0/+9
We were not fully compliant with section 5.3 of RFC 2307 which states: An account's GECOS field is preferably determined by a value of the gecos attribute. If no gecos attribute exists, the value of the cn attribute MUST be used. (The existence of the gecos attribute allows information embedded in the GECOS field, such as a user's telephone number, to be returned to the client without overloading the cn attribute. It also accommodates directories where the common name does not contain the user's full name.)
2011-03-28Mark transaction as done when cancelledJakub Hrozek1-2/+8
2011-03-28RFC2307: Ignore zero-length member names in group lookupsStephen Gallagher1-0/+4
2011-03-28Always complete the transaction in sdap_process_group_members_2307Stephen Gallagher1-0/+11
If the loop ran through at least one sdap_process_missing_member_2307() call and errored out later, we were not canceling the transaction.
2011-03-28Fix typo in sdap_nested_group_process_stepJakub Hrozek1-1/+1
generated by cgit (git 2.34.1) at 2025-02-07 16:46:34 +0000