summaryrefslogtreecommitdiffstats
path: root/configure.ac
Commit message (Collapse)AuthorAgeFilesLines
* Tag release 0.54.2Alexander Bokovoy2015-03-261-1/+1
| | | | CVE-2015-0283 slapi-nis: infinite loop in getgrnam_r() and getgrgid_r()
* schema-compat: use libnss_sss.so.2 explicitly to resolve trusted domain ↵Alexander Bokovoy2015-03-261-0/+1
| | | | | | | | | | | | users via NSS When Schema Compatibility plugin is configured to enumerate users and groups from Active Directory domains trusted by FreeIPA, use nss_sss module directly instead of following nsswitch.conf configuration. The issue with nsswitch.conf configuration is in the fact that for each request all modules in NSS chain are processed while only one of them is responsible for users from trusted Active Directory domains, namely, nss_sss.
* Tag slapi-nis 0.54.1Alexander Bokovoy2014-11-061-1/+1
|
* tag 0.54Alexander Bokovoy2014-10-101-1/+1
|
* Add support for FreeIPA ID viewsAlexander Bokovoy2014-10-101-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | FreeIPA ID views allow to override POSIX attributes for certain users and groups. A support is added to allow using specific ID view when serving compatibility tree. Each user or group entry which has an override in the view is amended with the overridden values from the view before served out to the LDAP client. A view to use is specified as a part of base DN: cn=<view>,cn=views,cn=compat,$SUFFIX where cn=compat,$SUFFIX is the original compatibility tree base DN. Each entry, when served through the view, gets new DN rewritten to specify the view. Additionally, if override in the view changes uid (for users) or cn (for groups) attribute, the entry's RDN is changed accordingly. For groups memberUid attribute is modified as well in case there is an override in the view that changes uid value of that member. FreeIPA ID views support overrides for users of trusted Active Directory domains. In case of a trusted AD domain's user or group is returned via compatibility tree, view overrides are applied in two stages: 1. SSSD applies default view for AD users 2. slapi-nis applies explicitly specified (host-specific) view on top of the entry returned by SSSD Thus, slapi-nis does not need to apply default view for AD users and if there are no host-specific views in use, there is no need to specify a view in the base DN, making overhead of a default view for AD users lower.
* tag 0.53HEADmasterNalin Dahyabhai2014-04-221-1/+1
|
* Fixup nsswitch tests to allow the server to resolve its userNalin Dahyabhai2014-02-171-1/+8
|
* tag 0.52Nalin Dahyabhai2013-12-161-1/+1
|
* Actually allow TXN support to be enabled (ugh)Nalin Dahyabhai2013-12-131-1/+1
|
* tag 0.51Nalin Dahyabhai2013-12-091-1/+1
|
* tag 0.50Nalin Dahyabhai2013-10-011-1/+1
|
* tag 0.49Nalin Dahyabhai2013-09-191-1/+1
|
* Add ignore-subtree and restrict-subtree settingsNalin Dahyabhai2013-09-191-6/+7
| | | | | | | | | | | | | | Add {nis,schema-compat}-ignore-subtree (subtrees under which we ignore contents and updates )and {nis,schema-compat}-restrict-subtree (subtrees out of which we ignore contents and updates, if set) settings, and default the former to "cn=tasks,cn=config". This should avoid cases where we're looking through the ldbm backend for entries which have a dangling reference to a newly-added task (which, because it's in the DSE, means we acquire an ldbm lock after acquiring our internal lock) while also updating a compat entry after its source entry is modified (for example, by the memberOf plugin, which results in us attempting to acquire our lock while the ldbm lock is already held).
* Add nis-relevant-subtree and nis-ignore-subtreeNalin Dahyabhai2013-09-121-3/+9
|
* Add schema-compat-relevant-subtreeNalin Dahyabhai2013-09-121-2/+5
| | | | | | | | | | Add a schema-compat-relevant-subtree configuration option, listing the only parts of the DIT that we should ever look at, either as source entries or as other entries which contain data which might be pulled in as part of computing the contents of compat entries. This is more or less the whitelist to schema-compat-ignore-subtree's blacklist.
* Add schema-compat-ignore-subtreeNalin Dahyabhai2013-09-121-0/+3
| | | | | | | Add a schema-compat-ignore-subtree configuration option, listing parts of the DIT that we should never look at, neither as source entries nor as random other entries which contain data which might be pulled in as part of computing the contents of compat entries.
* tag 0.48Nalin Dahyabhai2013-08-121-1/+1
|
* Make --with-pam-service a build-time optionNalin Dahyabhai2013-08-071-0/+7
|
* Indentation tweakNalin Dahyabhai2013-08-071-3/+3
|
* Tag 0.47.7Nalin Dahyabhai2013-08-071-1/+1
|
* Doc updates, tag 0.47.6.Nalin Dahyabhai2013-08-071-1/+1
|
* WIP: bump versionAlexander Bokovoy2013-08-071-1/+1
|
* configure: add configure checks for sss_idmap and define attribute to lookup ↵Alexander Bokovoy2013-08-071-0/+73
| | | | | | | | | | | | | | | | | | nsswitch If schema compat plugin configuration has 'schema-compat-lookup-nsswitch: user|group' then schema compat plugin will perform lookups of users/groups that were not found in the main store using getpwnam_r()/getgrnam_r() and libsss_nss_idmap library. This is special case to support legacy clients. Schema compat plugin in the case is assumed to be running on FreeIPA master configured with trusts against Active Directory and SSSD 1.11+ configured as ipa_server_mode = True. Additionally, such entries are added to schema compat plugin's map cache and can be used for authentication purposes. They will use PAM authentication pass-through to 'system-auth' service.
* tag 0.47Nalin Dahyabhai2013-05-241-1/+1
|
* bump to 0.46Nalin Dahyabhai2013-04-041-1/+1
|
* tag 0.45Nalin Dahyabhai2013-03-191-1/+1
|
* tag 0.44Nalin Dahyabhai2012-11-141-1/+1
|
* just go human-readable on version detailsNalin Dahyabhai2012-11-141-3/+3
|
* show betxn settings in the plugin versionNalin Dahyabhai2012-11-131-0/+13
|
* tag 0.43Nalin Dahyabhai2012-11-131-1/+1
|
* add test use of betxnsNalin Dahyabhai2012-11-121-0/+18
|
* Overhaul betxn supportNalin Dahyabhai2012-11-011-0/+85
| | | | | | | | | * Check for BETXN support at build-time, provide options for disabling or requiring that it be available for build to succeed. * Track whether or not BETXN support is enabled in the plugin-local state. * Skip processing in post/internalpost callbacks if BETXN support is enabled. * Skip work in betxnpost callbacks if BETXN support is disabled.
* drop support for directory server transactionsNalin Dahyabhai2012-06-131-22/+0
| | | | | | | Transaction support the way we added it is an all-or-nothing proposition for a server installation, which turned out to be problematic, so 389 is going to pursue another strategy for that. The new way requires that we not register as a betxn plugin, ever.
* note at configure-time if we're doing txnsNalin Dahyabhai2012-06-061-32/+33
|
* - tag 0.42Nalin Dahyabhai2012-05-221-1/+1
|
* - tag 0.41Nalin Dahyabhai2012-04-101-1/+1
|
* - bump to 0.40Nalin Dahyabhai2012-03-301-1/+1
|
* - tag 0.39Nalin Dahyabhai2012-03-281-1/+1
|
* - add setting of a synthetic entry's entryUSN based on the source entry's ↵Nalin Dahyabhai2012-03-151-11/+24
| | | | entryUSN or the root DSE's lastUSN (if we have no source entry)
* - tag 0.38Nalin Dahyabhai2012-03-061-1/+1
|
* Merge branch 'master' of git.fedorahosted.org:/git/slapi-nisNalin Dahyabhai2012-02-141-1/+1
|\
| * - tag 0.37Nalin Dahyabhai2012-02-131-1/+1
| |
* | - skip checking if "" is declaredNalin Dahyabhai2012-01-241-1/+1
| |
* | - fix threading API detection in non-dirsrv buildsNalin Dahyabhai2012-01-241-1/+1
| |
* | - fix locking API detection in non-dirsrv buildsNalin Dahyabhai2012-01-241-1/+1
|/
* - 0.36Nalin Dahyabhai2012-01-241-1/+1
|
* - tag 0.35Nalin Dahyabhai2012-01-241-1/+1
|
* - tag 0.34Nalin Dahyabhai2012-01-191-1/+1
|
* - tag 0.33Nalin Dahyabhai2012-01-171-1/+1
|
* - tag 0.32Nalin Dahyabhai2012-01-161-1/+1
|
generated by cgit (git 2.34.1) at 2024-07-03 11:40:18 +0000