summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Add some missing "#ifdef HAVE_SSS_NSS_IDMAP"sNalin Dahyabhai2013-08-071-4/+12
|
* Update the FSF's address, escape a macro in .specNalin Dahyabhai2013-08-072-3/+7
| | | | | | Update the FSF's address in COPYING to match what's currently listed on their web site (rcritten). Escape what might be interpreted as a macro in the changelog (rcritten).
* Changelog the .spec file version bumpNalin Dahyabhai2013-08-071-0/+9
|
* WIP: bump versionAlexander Bokovoy2013-08-072-2/+2
|
* Add inlined version of what format_strdupbv()Nalin Dahyabhai2013-08-071-1/+6
| | | | | Originally we added a dedicated function to do this, but this was the only place it was called from.
* sch-ipa.txt: add documentation about trusted domains support for FreeIPAAlexander Bokovoy2013-08-071-0/+48
|
* slapi-nis.spec: add dependencies to SSSD and PAM componentsAlexander Bokovoy2013-08-071-0/+1
|
* back-sch.c: authenticate users through PAM system-auth serviceAlexander Bokovoy2013-08-071-18/+126
| | | | | | | | | | | | | | | | Since trusted domain users do not exist in the LDAP tree, their authentication is handed over to PAM stack with the hope that PAM is set up properly to authenticate them. Additionally, this patch completely refactors authentication for the original DNs that *are* located in the LDAP tree. Previous way to handle it was through referrals being sent back. However, this method does not work at all. Instead, we set SLAPI_BIND_TARGET_DN to the entry's original DN and hand over pre-bind processing to other directory server's plugins. If slapi-nis set up with a higher precedence to them, authentication will be handled by others.
* back-sch.c: search users and groups through NSSWITCHAlexander Bokovoy2013-08-071-6/+124
| | | | | | | | | | | Schema-compat plugin can be configured to serve users and groups through the plugin configuration entry in directory server: schema-compat-lookup-nsswitch: <user|group> schema-compat-nsswitch-min-id: <value> Separate trees should be configured to look up users and groups. If minimal id value is missing, it will default to 1000.
* src/Makefile.am: add back-sch-nss.c and back-sch-pam.c to buildAlexander Bokovoy2013-08-071-0/+10
|
* schema-compat: add support for authenticating users through PAMAlexander Bokovoy2013-08-071-0/+290
| | | | | | src/back-sch-pam.c implements PAM authentication for users not found in the LDAP tree using system-auth system service when running on FreeIPA master server.
* schema-compat: add support for querying users and groups through NSSWITCHAlexander Bokovoy2013-08-071-0/+574
| | | | | src/back-sch-nss.c implements interface to query users and groups on FreeIPA master server via getpwnam_r(), getgrnam_r(), and libsss_idmap.
* back-sch: use plugin configuration to decide whether NSSWITCH should be ↵Alexander Bokovoy2013-08-071-1/+44
| | | | | | | | | consulted When one instance of schema compat plugin is configured to consult NSSWITCH, promote its configuration to the backend. Default to not looking into NSSWITCH.
* configure: add configure checks for sss_idmap and define attribute to lookup ↵Alexander Bokovoy2013-08-071-0/+73
| | | | | | | | | | | | | | | | | | nsswitch If schema compat plugin configuration has 'schema-compat-lookup-nsswitch: user|group' then schema compat plugin will perform lookups of users/groups that were not found in the main store using getpwnam_r()/getgrnam_r() and libsss_nss_idmap library. This is special case to support legacy clients. Schema compat plugin in the case is assumed to be running on FreeIPA master configured with trusts against Active Directory and SSSD 1.11+ configured as ipa_server_mode = True. Additionally, such entries are added to schema compat plugin's map cache and can be used for authentication purposes. They will use PAM authentication pass-through to 'system-auth' service.
* back-sch: move structure definitions to back-sch.h to share with other codeAlexander Bokovoy2013-08-073-33/+97
| | | | NSSWITCH supporting code needs access to the schema-compat structures
* schema-compat: introduce a lock to protect PAM authenticationAlexander Bokovoy2013-08-072-0/+5
| | | | | | | | PAM stack requires exclusive access, therefore we need to use a write lock. Required for authenticating synthetically created records coming outside of LDAP store.
* tag 0.47Nalin Dahyabhai2013-05-243-2/+8
|
* Factor out the sleepingNalin Dahyabhai2013-05-241-2/+7
|
* Add %sort() and %dribble_merge()Nalin Dahyabhai2013-05-2312-1/+1901
| | | | | | | Add %sort(), which binary-sorts a single list of values, and %dribble_merge(), which takes a quoted length, a separator, and some expressions and produces a list of lists of values using the separator, where no list is larger than the length.
* Clean up logging a little bitNalin Dahyabhai2013-05-231-8/+10
|
* Don't leak decoded XDR memoryNalin Dahyabhai2013-05-231-0/+8
| | | | | After we're done with decoded arguments from a client, use xdr_free() to free anything that was dynamically-allocated.
* Fix some uninitialized-jump warningsNalin Dahyabhai2013-05-232-1/+5
| | | | | | Clear buffers that we encode data into before encoding them, to avoid valgrind warnings that their contents are used before they're written to.
* Fix test syntax errors that newer ns-slapd noticesNalin Dahyabhai2013-05-231-5/+5
| | | | | The schema declarations which we use for self-tests contain some syntax errors that are flagged by newer versions of ns-slapd. Fix them.
* bump to 0.46Nalin Dahyabhai2013-04-043-2/+13
|
* check SLAPI_PLUGIN_OPRETURN valuesNalin Dahyabhai2013-04-041-0/+21
| | | | | | Check for SLAPI_PLUGIN_OPRETURN values before we do anything, in case there's an error from the backend operation, where the server calls the postop plugins anyway.
* don't skip changes that only affect map membershipNalin Dahyabhai2013-04-0421-11/+278
| | | | | | When checking if we can skip processing for a given change, pay attention to whether or not the changes cause the entry to need to be added or removed from a map (#912673).
* correct typo (-m rather than -s)Nalin Dahyabhai2013-03-201-1/+1
| | | | | Correct a typo, suggesting the suffix option was -m rather than -s in one place. Reported by Filip Holec.
* tag 0.45Nalin Dahyabhai2013-03-193-3/+10
|
* Fix multiplexing of multiple clientsNalin Dahyabhai2013-03-191-5/+11
| | | | | Don't expect every connected client to be ready for I/O every time we poll for the group of them. Fixes #923336.
* Add a changelog entry for that last changeNalin Dahyabhai2013-02-051-0/+4
|
* Work around multilib in example .ldifs, fix datesNalin Dahyabhai2013-02-051-6/+7
| | | | | | | | * Work around multilib warnings in our example .ldif files by taking advantage of the server's ability to turn a bare name into a full module path. * Fix the day-of-week in some of the packaging changelog, going by the SCM changelog for the right values.
* default to not using betxns on older releasesNalin Dahyabhai2012-11-201-2/+11
|
* fixup log messages and a signed booleanNalin Dahyabhai2012-11-143-5/+5
| | | | | - add missing newlines at the end of a couple of messages - make that one bit that we compare to zero unsigned instead of signed
* tag 0.44Nalin Dahyabhai2012-11-142-2/+9
|
* just go human-readable on version detailsNalin Dahyabhai2012-11-141-3/+3
|
* include header to avoid implicit declarationNalin Dahyabhai2012-11-141-0/+1
|
* log message fixupsNalin Dahyabhai2012-11-142-11/+13
| | | | | - put a newline at the end of these two messages - register callbacks in a consistent order
* explicitly check for "no" valuesNalin Dahyabhai2012-11-141-1/+9
|
* warning cleanup: remove unused variablesNalin Dahyabhai2012-11-131-3/+2
|
* show betxn settings in the plugin versionNalin Dahyabhai2012-11-133-2/+15
|
* re-sync with fedora package changelogNalin Dahyabhai2012-11-131-0/+3
|
* tag 0.43Nalin Dahyabhai2012-11-132-3/+3
|
* - reintroduce support for directory server transactions (nhosoi, IPA#3046)Nalin Dahyabhai2012-11-131-0/+6
| | | | | | - control transaction support at run-time, deciding when to do things based on the value of the nsslapd-pluginbetxn attribute in the plugin's entry - NIS: add default settings for shadow.byname and passwd.adjunct.byname maps
* add test use of betxnsNalin Dahyabhai2012-11-127-0/+40
|
* Overhaul betxn supportNalin Dahyabhai2012-11-019-213/+499
| | | | | | | | | * Check for BETXN support at build-time, provide options for disabling or requiring that it be available for build to succeed. * Track whether or not BETXN support is enabled in the plugin-local state. * Skip processing in post/internalpost callbacks if BETXN support is enabled. * Skip work in betxnpost callbacks if BETXN support is disabled.
* compare LDIF without case sensitivityNalin Dahyabhai2012-10-251-5/+16
| | | | | Case sensitive comparisons keep getting tripped up by DN canonicalization and the like.
* notes on what changes when we switch to betxnsNalin Dahyabhai2012-10-161-0/+18
|
* make NIS Plugin and Schema Compatibility Plugin betxn awareNoriko Hosoi2012-10-165-65/+226
| | | | | | | | | | When NIS Plugin and Schema Compatibility Plugin config entries include nsslapd-pluginbetxn: on (the value could be yes, true or 1, too), the plugins' update callbacks (add, delete, modify, and modrdn) are called at the betxn pre/postop timing. By default, the value of nsslapd-pluginbetxn is off. (See also https://fedorahosted.org/389/ticket/351)
* add a pointer to the project siteNalin Dahyabhai2012-10-021-0/+2
|
* add shadow, passwd.adjuct, base64-encode nis-disallowed-charsNalin Dahyabhai2012-08-232-4/+69
| | | | | | | * add a definition for shadow.byname * add a definition for passwd.adjunct.byname * make passwd.byname/passwd.byuid hide userPassword if objectClass==shadowAccount * base64-encode nis-disallowed-chars when we are printing defaults
generated by cgit (git 2.34.1) at 2024-06-09 04:16:59 +0000