summaryrefslogtreecommitdiff
path: root/src/providers/ldap
AgeCommit message (Collapse)AuthorFilesLines
2011-11-07Use correct state struct in sdap_initgr_rfc2307bis_next_baseJakub Hrozek1-2/+3
2011-11-07Fix segfault in sdap_get_initgr_userJakub Hrozek1-1/+2
2011-11-02Support to request canonicalization in LDAP/IPA providerJan Zeleny5-0/+26
https://fedorahosted.org/sssd/ticket/957
2011-11-02LDAP: Add support for multiple search bases for group enumerationStephen Gallagher4-24/+101
2011-11-02LDAP: Add support for multiple search bases for user enumerationStephen Gallagher4-8/+49
2011-11-02LDAP: Convert ldap_*_search_filterStephen Gallagher3-59/+23
Instead of making this a global option for all user lookups, make it only used if the search base is passed without an explicit filter.
2011-11-02LDAP: Add multiple search bases for initgroups (RFC2307bis groups)Stephen Gallagher1-77/+225
2011-11-02LDAP: Add multiple search bases for initgroups (RFC2307 groups)Stephen Gallagher1-17/+99
2011-11-02LDAP: Add multiple search bases for initgroups (users)Stephen Gallagher1-30/+72
2011-11-02LDAP: Support multiple group search bases (non-enumeration, RFC2307)Stephen Gallagher4-16/+74
2011-11-02LDAP: Support multiple netgroup search basesStephen Gallagher3-14/+65
2011-11-02LDAP: Support multiple user search bases (non-enumeration)Stephen Gallagher4-14/+70
2011-11-02LDAP: Add parser for multiple search basesStephen Gallagher4-26/+360
2011-11-02Make sdap_get_id_specific_filter() more strictStephen Gallagher2-4/+4
2011-11-02Fix size return for split_on_separator()Stephen Gallagher1-5/+5
It was returning the size of the array, rather than the number of elements. (The array was NULL-terminated). This argument was only used in one place that was actually working around this odd return value.
2011-11-02Remove unused sdap_options attributesStephen Gallagher1-3/+0
These DNs were never assigned or referenced anywhere.
2011-11-02Cleanup of unused function in ldap access providerJan Zeleny1-2/+0
2011-11-02Remove confusing do-while loopJakub Hrozek1-35/+36
The deref processing would return a single control back. The do-while loop was harmless but confusing.
2011-11-02Use LDAPDerefSpec properlyJakub Hrozek1-4/+6
ldap_create_deref_control_value expects an array of LDAPDerefSpec structures with LDAPDerefSpec.derefAttr == NULL as a sentinel. We were passing a single instance of a LDAPDerefSpec structure. https://fedorahosted.org/sssd/ticket/1050
2011-10-31Steal result onto mem_ctx in sdap_initgr_nested_get_direct_parentsJakub Hrozek1-2/+1
2011-10-31RFC2307bis initgroups: fix nested groups processingJakub Hrozek1-20/+33
Due to incorrectly written loop, SSSD would go into infitite loop if it processed the same group on two different levels of membership.
2011-10-25Plug memory leaks in LDAP providerJakub Hrozek1-0/+3
2011-10-17Cancel transactions correctly during initgroupsJakub Hrozek1-13/+31
2011-10-17Use fewer transactions during IPA initgroupsJakub Hrozek1-171/+273
2011-10-17Use fewer transactions during RFC2307bis initgroupsJakub Hrozek1-346/+366
2011-10-17Utility functions for LDAP nested schema initgroupsJakub Hrozek1-0/+119
2011-10-13SysDB commands that save lastUpdate allows this value to be passed inPavel Březina5-21/+41
https://fedorahosted.org/sssd/ticket/836
2011-10-06Fix small bug where TALLOC_CTX could end up unfreed.Pavel Zuna1-3/+3
2011-10-03Use explicit base 10 for converting strings to integersJakub Hrozek1-2/+2
https://fedorahosted.org/sssd/ticket/1013
2011-09-28Store name aliases for users, groupsJakub Hrozek5-37/+216
Also checks fake users for aliases when storing a real users so that getgrnam for a RFC2307 group that references a user by his secondary name followed by getpwnam for this user by his primary name works
2011-09-28Add a sysdb_get_direct_parents functionJakub Hrozek1-57/+5
2011-09-28Fixed bad logic in processing netgroups in LDAP providerJan Zeleny1-1/+3
2011-09-28Multiline macro cleanupJakub Hrozek2-3/+3
This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again.
2011-09-20Fix uninitialized pointer read in sdap_gssapi_get_default_realm()Jakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/1003
2011-09-08DEBUG timestamps offer higher precisionPavel Březina1-0/+2
https://fedorahosted.org/sssd/ticket/956 Added: --debug-microseconds=0/1 Added: debug_microseconds to sssd.conf
2011-09-06Keep deref controls until the whole request is finishedJakub Hrozek1-8/+45
https://fedorahosted.org/sssd/ticket/989 John Hodrien found out that when paging is used while dereferencing an entry, sssd_be may segfault on the second page. This was because paging returned the control to sdap_generic_search multiple times but sssd was freeing dereference control after the first search invocation. The subsequend sdap searched accessed memory that was already freed.
2011-09-06Improve error message for LDAP password constraint violationJakub Hrozek3-16/+29
https://fedorahosted.org/sssd/ticket/985
2011-09-06Allow turning dereference off by setting the threshold to 0Jakub Hrozek3-3/+9
2011-09-06sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string()Pavel Březina3-35/+35
https://fedorahosted.org/sssd/ticket/986
2011-09-06sss_ldap_err2string() - function createdPavel Březina1-2/+0
https://fedorahosted.org/sssd/ticket/986
2011-08-29Fix moving to next entry in deref codeJakub Hrozek1-1/+6
https://fedorahosted.org/sssd/ticket/973
2011-08-26Use the default Kerberos realm for LDAP with GSSAPI authJakub Hrozek1-3/+55
https://fedorahosted.org/sssd/ticket/970
2011-08-26Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek3-1/+14
https://fedorahosted.org/sssd/ticket/978
2011-08-25New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0Pavel Březina1-1/+4
Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
2011-08-25New DEBUG facility - conversionPavel Březina3-2/+4
https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
2011-08-25Improve password policy error code and messageSumit Bose1-4/+9
Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the requested password policy cannot be found we return PAM_PERM_DENIED. Additionally the log message says that the access is denied.
2011-08-15Handle timeout during sss_ldap_init_sendJakub Hrozek1-1/+5
In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds.
2011-08-15Moved some functions in sdap_async_initgroupsJan Zeleny1-345/+349
2011-08-15Moved some functions in sdap_async_groupsJan Zeleny1-122/+112
2011-08-15Confusing part of code cleared outJan Zeleny1-34/+32