Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2011-08-15 | sysdb refactoring: memory context deleted | Jan Zeleny | 5 | -25/+15 | |
This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well. | |||||
2011-08-15 | sysdb refactoring: deleted domain variables in sysdb API | Jan Zeleny | 9 | -58/+35 | |
The patch also updates code using modified functions. Tests have also been adjusted. | |||||
2011-08-11 | Use sysdb attribute name for GID, not LDAP attribute | Stephen Gallagher | 1 | -3/+3 | |
2011-08-04 | Fix returning groups when gidNumber attribute is not ordered | Jakub Hrozek | 3 | -4/+10 | |
https://fedorahosted.org/sssd/ticket/951 | |||||
2011-08-01 | Request password control unconditionally during bind | Jakub Hrozek | 1 | -6/+6 | |
https://fedorahosted.org/sssd/ticket/940 | |||||
2011-08-01 | Wrong paramater to sysdb_attrs_add_uint32 | Jakub Hrozek | 1 | -1/+1 | |
2011-07-27 | Explicitly ignore groups with gidNumber=0 | Jakub Hrozek | 2 | -11/+18 | |
https://fedorahosted.org/sssd/ticket/916 | |||||
2011-07-27 | Set gidNumber of non-posix groups to 0 even on updates | Jakub Hrozek | 1 | -8/+44 | |
2011-07-21 | fo_get_server_name() getter for a server name | Jakub Hrozek | 1 | -1/+10 | |
Allows to be more concise in tests and more defensive in resolve callbacks | |||||
2011-07-21 | Rename fo_get_server_name to fo_get_server_str_name | Jakub Hrozek | 1 | -2/+2 | |
2011-07-21 | Do not add a NULL host parsed from LDAP URI | Jakub Hrozek | 1 | -1/+8 | |
https://fedorahosted.org/sssd/ticket/911 | |||||
2011-07-08 | Add LDAP access control based on NDS attributes | Sumit Bose | 5 | -2/+193 | |
2011-07-08 | Add helper function msgs2attrs_array | Stephen Gallagher | 2 | -0/+33 | |
This function converts a list of ldb_messages into a list of sysdb_attrs. | |||||
2011-06-30 | Use ldap_init_fd() instead of ldap_initialize() if available | Sumit Bose | 3 | -37/+88 | |
2011-06-30 | Use name based URI instead of IP address based URIs | Sumit Bose | 1 | -37/+2 | |
2011-06-30 | Add sdap_call_conn_cb() to call add connection callback directly | Sumit Bose | 2 | -0/+40 | |
2011-06-30 | Add sockaddr_storage to sdap_service | Sumit Bose | 2 | -0/+12 | |
2011-06-16 | Do not check pwdAttribute | Sumit Bose | 1 | -9/+0 | |
It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy. | |||||
2011-06-15 | Switch resolver to using resolv_hostent and honor TTL | Jakub Hrozek | 1 | -2/+2 | |
2011-06-02 | Non-posix group processing - ldap provider and nss responder | Jan Zeleny | 2 | -28/+79 | |
2011-06-02 | Use escaped IP addresses in LDAP provider | Jakub Hrozek | 1 | -6/+56 | |
2011-05-25 | Sanitize username during initgroups call | Sumit Bose | 1 | -1/+7 | |
2011-05-25 | Separate return paths for success and failure in sdap_nested_group_check_cache | Jakub Hrozek | 1 | -6/+10 | |
2011-05-24 | Make "password" the default for ldap_default_authtok_type | Stephen Gallagher | 1 | -1/+1 | |
2011-05-24 | Fix uninitialized scalar variable in sdap_nested_group_check_cache | Jakub Hrozek | 1 | -2/+4 | |
https://fedorahosted.org/sssd/ticket/878 | |||||
2011-05-24 | Fix uninitialized pointer read in sdap_x_deref_parse_entry | Jakub Hrozek | 1 | -1/+1 | |
https://fedorahosted.org/sssd/ticket/877 | |||||
2011-05-24 | Fix bad comparison in sdap_has_deref_support | Jakub Hrozek | 1 | -1/+1 | |
https://fedorahosted.org/sssd/ticket/876 | |||||
2011-05-20 | Use dereference when processing RFC2307bis nested groups | Jakub Hrozek | 3 | -15/+457 | |
Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799 | |||||
2011-05-20 | Refactor RFC2307bis nested group processing | Jakub Hrozek | 1 | -123/+188 | |
This patch splits checking cache and hash tables into standalone functions. This will make it easy to reuse the code in a new branch that uses dereferencing. | |||||
2011-05-20 | Use fake users during RFC2307bis nested group processing | Jakub Hrozek | 1 | -13/+165 | |
Instead of downloading complete user data which is potentionally very slow, only download the necessary minimum information and store the users as dummy entries. | |||||
2011-05-20 | Change sysdb_add_fake_user to add OriginalDN | Jakub Hrozek | 1 | -1/+1 | |
RFC2307bis code relies heavily on originalDN, so the fake users need to have an option to store it, too. | |||||
2011-05-20 | Generic dereference search | Jakub Hrozek | 2 | -0/+157 | |
A generic wrapper around ASQ and OpenLDAP dereference searches. https://fedorahosted.org/sssd/ticket/635 | |||||
2011-05-20 | OpenLDAP dereference searches | Jakub Hrozek | 3 | -0/+376 | |
This dereference method is supported at least by OpenLDAP and 389DS/RHDS For more details, see: http://tools.ietf.org/html/draft-masarati-ldap-deref-00 | |||||
2011-05-20 | Add support for Attribute Scoped Queries | Jakub Hrozek | 1 | -0/+203 | |
For more details on ASQ, see: http://msdn.microsoft.com/en-us/library/aa366976%28VS.85%29.aspx http://msdn.microsoft.com/en-us/library/aa746418%28v=VS.85%29.aspx | |||||
2011-05-20 | Generic dereference data structures and utilities | Jakub Hrozek | 2 | -0/+45 | |
These will be shared by both dereference methods in a later patch. | |||||
2011-05-20 | sdap_get_generic_ext | Jakub Hrozek | 1 | -73/+202 | |
Add a private sdap_get_generic_ext_send()/_recv() request that exposes more of ldap_search_ext options, in particular the server contols. The existing sdap_generic_search_send()/_recv() request is now a thin wrapper around the new _ext request. The other important change is that an entry parsing is a callback now. That was done in order to allow custom parsing for results such as OpenLDAP deref or Attribute Scoped Queries. | |||||
2011-05-20 | Remove append_attrs_to_array | Jakub Hrozek | 2 | -12/+0 | |
This function was not used anywhere | |||||
2011-05-20 | IPA Provider: don't fail if user is not a member of any groups | Stephen Gallagher | 1 | -2/+5 | |
2011-05-16 | Possible memory leak fixed | Jan Zeleny | 1 | -1/+1 | |
2011-05-16 | Fixed wrong variable in sdap_initgr_nested_store | Jan Zeleny | 1 | -1/+1 | |
2011-05-04 | Fixed lastUSN checking improvements | Jan Zeleny | 3 | -5/+23 | |
This patch fixes some issues with setting lastUSN attribute and it adds check against the highest user/group USN after enumeration to keep better track of the real highest USN. Optimal solution here would be to schedule a check of rootDSE entry right after the enumeration finishes, but for the moment this is good enough. | |||||
2011-05-04 | Do not leak LDAP URI with high log level | Jakub Hrozek | 1 | -2/+7 | |
2011-04-28 | Do not leak LDAP paging controls | Jakub Hrozek | 1 | -0/+5 | |
2011-04-27 | Add ldap_page_size configuration option | Stephen Gallagher | 4 | -3/+9 | |
2011-04-27 | Enable paging support for LDAP | Stephen Gallagher | 1 | -23/+117 | |
2011-04-27 | Log the LDAP message type we're processing | Stephen Gallagher | 1 | -0/+57 | |
2011-04-25 | Modify principal selection for keytab authentication | Jan Zeleny | 5 | -6/+19 | |
Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781 | |||||
2011-04-19 | Add last usn checking after reconnection | Jan Zeleny | 2 | -1/+31 | |
When reconnecting to the LDAP server supporting USNs (either because of new incomming id operation or invokation of callback responsible for checking status of the backend), detect whether the highest USN is lower than the one SSSD has recorded. If so, setup enumeration/cleanup to refresh potentionally changed account information in the SSSD cache. Related ticket: https://fedorahosted.org/sssd/ticket/734 | |||||
2011-04-19 | Add value of the last USN to server configuration | Stephen Gallagher | 2 | -0/+16 | |
Related: https://fedorahosted.org/sssd/ticket/734 | |||||
2011-04-19 | Add user and group search LDAP filter options | Jakub Hrozek | 4 | -19/+82 | |
https://fedorahosted.org/sssd/ticket/647 |