| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/back-sch-sssd.c implements interface to query trusted domain users
and groups on FreeIPA master server via getpwnam_r(), getgrnam_r(),
and libsss_idmap.
src/back-sch-pam.c implements PAM authentication for trusted domain users
using system-auth system service when running on FreeIPA master server.
Schema-compat plugin can be configured to serve trusted domain users
and groups through the plugin configuration entry in directory server:
schema-compat-lookup-sssd: <user|group>
schema-compat-sssd-min-id: <value>
Separate trees should be configured to look up users and groups.
If minimal id value is missing, it will be by default set to 1000.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lookup sssd
If schema compat plugin configuration has 'schema-compat-lookup-sssd: user|group'
then schema compat plugin will perform lookups of users/groups that were not found
in the main store using getpwnam_r()/getgrnam_r() and libsss_idmap library.
This is special case to support legacy clients. Schema compat plugin in the
case is assumed to be running on FreeIPA master configured with trusts against
Active Directory and SSSD configure as ipa_server_mode = True.
Additionally, such entries are added to schema compat plugin's map cache and can
be used for authentication purposes. They will use PAM authentication pass-through
to system-auth service.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Add %sort(), which binary-sorts a single list of values, and
%dribble_merge(), which takes a quoted length, a separator,
and some expressions and produces a list of lists of values
using the separator, where no list is larger than the length.
|
| | |
|
| |
|
|
|
| |
After we're done with decoded arguments from a client, use xdr_free() to
free anything that was dynamically-allocated.
|
| |
|
|
|
|
| |
Clear buffers that we encode data into before encoding them, to avoid
valgrind warnings that their contents are used before they're written
to.
|
| |
|
|
|
| |
The schema declarations which we use for self-tests contain some syntax
errors that are flagged by newer versions of ns-slapd. Fix them.
|
| | |
|
| |
|
|
|
|
| |
Check for SLAPI_PLUGIN_OPRETURN values before we do anything, in case
there's an error from the backend operation, where the server calls the
postop plugins anyway.
|
| |
|
|
|
|
| |
When checking if we can skip processing for a given change, pay
attention to whether or not the changes cause the entry to need to be
added or removed from a map (#912673).
|
| |
|
|
|
| |
Correct a typo, suggesting the suffix option was -m rather than -s in
one place. Reported by Filip Holec.
|
| | |
|
| |
|
|
|
| |
Don't expect every connected client to be ready for I/O every time we
poll for the group of them. Fixes #923336.
|
| | |
|
| |
|
|
|
|
|
|
| |
* Work around multilib warnings in our example .ldif files by taking
advantage of the server's ability to turn a bare name into a full
module path.
* Fix the day-of-week in some of the packaging changelog, going by the
SCM changelog for the right values.
|
| | |
|
| |
|
|
|
| |
- add missing newlines at the end of a couple of messages
- make that one bit that we compare to zero unsigned instead of signed
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
- put a newline at the end of these two messages
- register callbacks in a consistent order
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
- control transaction support at run-time, deciding when to do things based
on the value of the nsslapd-pluginbetxn attribute in the plugin's entry
- NIS: add default settings for shadow.byname and passwd.adjunct.byname maps
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* Check for BETXN support at build-time, provide options for disabling
or requiring that it be available for build to succeed.
* Track whether or not BETXN support is enabled in the plugin-local
state.
* Skip processing in post/internalpost callbacks if BETXN support is enabled.
* Skip work in betxnpost callbacks if BETXN support is disabled.
|
| |
|
|
|
| |
Case sensitive comparisons keep getting tripped up by DN
canonicalization and the like.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
When NIS Plugin and Schema Compatibility Plugin config entries include
nsslapd-pluginbetxn: on
(the value could be yes, true or 1, too),
the plugins' update callbacks (add, delete, modify, and modrdn) are
called at the betxn pre/postop timing. By default, the value of
nsslapd-pluginbetxn is off.
(See also https://fedorahosted.org/389/ticket/351)
|
| | |
|
| |
|
|
|
|
|
| |
* add a definition for shadow.byname
* add a definition for passwd.adjunct.byname
* make passwd.byname/passwd.byuid hide userPassword if objectClass==shadowAccount
* base64-encode nis-disallowed-chars when we are printing defaults
|
| | |
|
| |
|
|
|
|
|
| |
Transaction support the way we added it is an all-or-nothing proposition
for a server installation, which turned out to be problematic, so 389 is
going to pursue another strategy for that. The new way requires that we
not register as a betxn plugin, ever.
|
| | |
|
| | |
|
| |
|
|
|
| |
We assumed that slapi_mods_add_smod() took ownership of the smod that we
pass in, when it really just keeps the contents.
|
| | |
|
| |
|
|
| |
until we hit an arithmetic exception (#810258)
|
| |\ |
|
| | | |
|
| | |
| |
| |
| | |
as literals
|
| |\| |
|
| | | |
|
| | | |
|
