| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2012-05-04 | If canon'ing principals, write ccache with updated default principal | Stef Walter | 1 | -1/+2 | |
| * When calling krb5_get_init_creds_keytab() with krb5_get_init_creds_opt_set_canonicalize() the credential principal can get updated. * Create the cache file with the correct default credential. * LDAP GSSAPI SASL would fail due to the mismatched credentials before this patch. https://bugzilla.redhat.com/show_bug.cgi?id=811518 | |||||
| 2012-05-04 | Modify behavior of pam_pwd_expiration_warning | Jan Zeleny | 1 | -12/+30 | |
| New option pwd_expiration_warning is introduced which can be set per domain and can override the value specified by the original pam_pwd_expiration_warning. If the value of expiration warning is set to zero, the filter isn't apllied at all - if backend server returns the warning, it will be automatically displayed. Default value for Kerberos: 7 days Default value for LDAP: don't apply the filter Technical note: default value when creating the domain is -1. This is important so we can distinguish between "no value set" and 0. Without this possibility it would be impossible to set different values for LDAP and Kerberos provider. | |||||
| 2012-05-03 | LDAP: Add support for enumeration of ID-mapped users and groups | Stephen Gallagher | 1 | -31/+102 | |
| 2012-05-03 | LDAP: Treat groups with unmappable SIDs as non-POSIX groups | Stephen Gallagher | 1 | -9/+12 | |
| 2012-05-03 | LDAP: Add helper function to map IDs | Stephen Gallagher | 5 | -119/+81 | |
| This function will also auto-create a new ID map if the domain has not been seen previously. | |||||
| 2012-05-03 | LDAP: Do not remove uidNumber and gidNumber attributes when saving id-mapped ↵ | Stephen Gallagher | 2 | -0/+16 | |
| entries | |||||
| 2012-05-03 | LDAP: Add helper routine to convert LDAP blob to SID string | Stephen Gallagher | 5 | -68/+195 | |
| 2012-05-03 | LDAP: Map the user's primaryGroupID | Stephen Gallagher | 3 | -12/+68 | |
| 2012-05-03 | LDAP: Enable looking up id-mapped groups by GID | Stephen Gallagher | 1 | -2/+45 | |
| 2012-05-03 | LDAP: Allow looking up ID-mapped groups by name | Stephen Gallagher | 2 | -29/+125 | |
| 2012-05-03 | LDAP: Enable looking up id-mapped users by UID | Stephen Gallagher | 1 | -6/+43 | |
| 2012-05-03 | LDAP: Allow automatically-provisioning a domain and range | Stephen Gallagher | 1 | -3/+43 | |
| If we get a user who is a member of a domain we haven't seen before, add a domain entry (auto-assigning its slice). Since we don't know the domain's real name, we'll just save the domain SID string as the name as well. | |||||
| 2012-05-03 | LDAP: Add routine to extract domain SID from an object SID | Stephen Gallagher | 2 | -0/+49 | |
| Also makes the domain prefix macros from sss_idmap public. | |||||
| 2012-05-03 | LDAP: Allow setting a default domain for id-mapping slice 0 | Stephen Gallagher | 3 | -0/+40 | |
| 2012-05-03 | LDAP: Add autorid compatibility mode | Stephen Gallagher | 3 | -8/+16 | |
| 2012-05-03 | LDAP: Enable looking up ID-mapped users by name | Stephen Gallagher | 2 | -9/+55 | |
| 2012-05-03 | LDAP: Initialize ID mapping when configured | Stephen Gallagher | 2 | -0/+10 | |
| 2012-05-03 | LDAP: Add ID mapping range settings | Stephen Gallagher | 2 | -0/+6 | |
| 2012-05-03 | LDAP: Add helper routines for ID-mapping | Stephen Gallagher | 2 | -0/+334 | |
| 2012-05-03 | LDAP: Add id-mapping option | Stephen Gallagher | 2 | -0/+2 | |
| 2012-05-03 | LDAP: Add objectSID config option | Stephen Gallagher | 2 | -0/+8 | |
| 2012-05-03 | Read sysdb attribute name, not LDAP attribute map name | Jakub Hrozek | 1 | -2/+2 | |
| https://fedorahosted.org/sssd/ticket/1320 | |||||
| 2012-05-02 | LDAP: check return value of sysdb_attrs_get_el | Jakub Hrozek | 1 | -0/+7 | |
| 2012-05-01 | execv, excvp and exec_child never return EOK | Stef Walter | 1 | -5/+3 | |
| * So don't need to handle that case | |||||
| 2012-04-24 | Accept be_req instead if be_ctx in LDAP access provider | Jan Zeleny | 2 | -14/+15 | |
| 2012-04-20 | Get the RootDSE after binding if not successfull before | Jakub Hrozek | 1 | -26/+104 | |
| https://fedorahosted.org/sssd/ticket/1258 | |||||
| 2012-04-20 | Convert read and write operations to sss_atomic_read | Jakub Hrozek | 1 | -32/+21 | |
| https://fedorahosted.org/sssd/ticket/1209 | |||||
| 2012-04-20 | sdap_check_aliases must not error when detects the same user | Jakub Hrozek | 1 | -13/+31 | |
| https://fedorahosted.org/sssd/ticket/1307 | |||||
| 2012-04-20 | Free controls in sdap_rebind_proc | Jakub Hrozek | 1 | -4/+6 | |
| 2012-04-18 | Fixed minor memory leak in ldap provider | Jan Zeleny | 1 | -0/+1 | |
| 2012-04-18 | Fixed memory context in sdap_fill_memberships() | Jan Zeleny | 1 | -1/+1 | |
| 2012-04-18 | Removed unused block of code is sdap_fill_memberships() | Jan Zeleny | 1 | -57/+29 | |
| 2012-04-18 | Removed a block of dead code in sdap_async_groups.c | Jan Zeleny | 1 | -20/+1 | |
| 2012-04-18 | Do not call sdap_auth if not needed | Jakub Hrozek | 1 | -7/+11 | |
| 2012-04-18 | Prevent printing NULL from DEBUG messages | Jakub Hrozek | 2 | -6/+13 | |
| 2012-04-05 | Clean up log messages about keytab_name | Stephen Gallagher | 1 | -7/+12 | |
| There were many places where we were printing (null) to the logs because a NULL keytab name tells libkrb5 to use its configured default instead of a particular path. This patch should clean up all uses of this to print "default" in the logs. https://fedorahosted.org/sssd/ticket/1288 | |||||
| 2012-03-29 | LDAP services: Save lowercased protocol names in case-insensitive domains | Jakub Hrozek | 1 | -1/+17 | |
| https://fedorahosted.org/sssd/ticket/1260 | |||||
| 2012-03-28 | Add terminator for sdap_attr_map | Stephen Gallagher | 2 | -14/+31 | |
| 2012-03-28 | Add terminator for dp_option | Stephen Gallagher | 1 | -1/+2 | |
| 2012-03-28 | Put dp_option maps in their own file | Stephen Gallagher | 2 | -279/+314 | |
| There is no functional change due to this patch. | |||||
| 2012-03-26 | LDAP: Fix memory leaks in synchronous_tls_setup | Stephen Gallagher | 1 | -8/+10 | |
| We were never freeing "result" if it was allocated by ldap_result(). We were also not freeing "errmsg" if it was allocated but ldap_parse_result() returned an error. Also disambiguate error messages from ldap_parse_result() and error messages from sss_ldap_get_diagnostic_msg() since they use differing memory-management functions. | |||||
| 2012-03-26 | LDAP services: Keep the protocol around | Jakub Hrozek | 1 | -0/+1 | |
| 2012-03-21 | LDAP: Add better error logging when ldap_result() fails | Stephen Gallagher | 1 | -1/+3 | |
| 2012-03-16 | LDAP: Errors retrieving the RootDSE should not be fatal | Stephen Gallagher | 1 | -15/+8 | |
| If we can't reach the RootDSE, let's just proceed as if it's unavailable with reasonable defaults. If we fail later on, that's fine. Fixes https://fedorahosted.org/sssd/ticket/1257 | |||||
| 2012-03-16 | Fix uninitialized variable | Jakub Hrozek | 1 | -1/+1 | |
| 2012-03-14 | LDAP: Add AD 2008r2 schema | Stephen Gallagher | 1 | -2/+49 | |
| https://fedorahosted.org/sssd/ticket/1031 | |||||
| 2012-03-09 | Missing debug message if sdap_sudo_refresh_set_timer fails | Pavel Březina | 1 | -1/+5 | |
| https://fedorahosted.org/sssd/ticket/1238 | |||||
| 2012-03-09 | LDAP: Make sdap_access_send/recv public | Stephen Gallagher | 2 | -12/+17 | |
| We want to consume this in the IPA provider. | |||||
| 2012-03-08 | Fix nested groups processing | Jakub Hrozek | 1 | -26/+60 | |
| Instead of keeping the number of parent groups in "state" and having to reset the count when moving to another group on the same level, keep track of the all groups on a particular level along with their parents and parent count. | |||||
| 2012-03-08 | Detect cycle in the fail over on subsequent resolve requests only | Jakub Hrozek | 2 | -3/+6 | |
 |
index : sssd | |
| System Security Services Daemon | ben |
| summaryrefslogtreecommitdiff |