summaryrefslogtreecommitdiffstats
path: root/ipa-server/ipa-slapi-plugins
Commit message (Collapse)AuthorAgeFilesLines
* Indent the plugin accordingly to our style guidelines.Simo Sorce2008-05-071-802/+758
| | | | Used indent -kr -nut dna.c for most of the changes
* This patch begins the process of replacing OpenLDAP with mozldap.W. Michael Petullo2008-05-013-3/+0
| | | | | | | | | FreeIPA relies on RedHat's Directory Server, which uses mozldap. A FreeIPA build using mozldap would reduce the project's dependencies and redundant code. In addition, mozldap uses NSS instead of OpenSSL. This is beneficial for the reasons listed in [1]. [1] http://fedoraproject.org/wiki/FedoraCryptoConsolidation
* Fixed various memory leaks in memberOf plug-in.Nathan Kinder2008-04-221-2/+9
| | | | 440474
* Password policy checks fixes.Simo Sorce2008-04-071-37/+94
| | | | | | - don't let a user set a password identical to the current one. - don't check more then the policy defined number of passwords in history - don't set an history longer than policy defined
* Some more function name errors due to merge from DS own memberof plugin thatSimo Sorce2008-03-311-6/+6
| | | | has different function names. This was a runtime linker crash bug :/
* Fix typoSimo Sorce2008-03-311-2/+2
|
* Avoid listing a group as a memberOf itself when a circular groupingNathan Kinder2008-03-281-10/+23
| | | | | | | | | | is created. We basically just need to add a check to see if we're to use a group DN as the memberOf value when performing an operation on itself for all operation types. 439450
* Fixed handling of modify operations that delete all present memberNathan Kinder2008-03-281-2/+13
| | | | | | | | | | | | | values without specifying the values to delete in the memberOf plug-in. Member entries were not being updated because the code used the values in the mod to find the member entries to update. The fix is to detect when a delete modify has no values specified and just use the replace code since it compares the pre-op and post-op copies of the group to figure out what member entries to update. 439097
* Handle MODRDN operations properly for indirect group members.Nathan Kinder2008-03-261-1/+11
| | | | | | | Without this, an entry's memberOf attribute is not updated with the new group DN when an indirect group is renamed. This is in bugzilla for FDS as bz 438891.
* Purely indentiation, trailing spaces, cosmetic fixesSimo Sorce2008-02-211-133/+173
|
* Fix bugs in handling of circular groupings in memberOf plug-in.Nathan Kinder2008-02-141-5/+18
| | | | Resolves 432140
* Support getting in a principal with out the REALM partSimo Sorce2007-12-211-2/+15
|
* Big changeset that includes the work around keytab management.Simo Sorce2007-12-211-499/+1167
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following the changelog history from my dev tree, some comments are useful imo ------------------------------------------------------ user: Simo Sorce <ssorce@redhat.com> date: Fri Dec 21 03:05:36 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Remove remnants of the initial test tool changeset: 563:4fe574b7bdf1 user: Simo Sorce <ssorce@redhat.com> date: Fri Dec 21 02:58:37 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c description: Maybe actually encrypting the keys will help :-) changeset: 562:488ded41242a user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:53:50 2007 -0500 files: ipa-server/ipa-install/share/Makefile.am ipa-server/ipa-install/share/default-aci.ldif description: Fixes changeset: 561:4518f6f5ecaf user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:53:32 2007 -0500 files: ipa-admintools/Makefile ipa-admintools/ipa-addservice description: transform the old ipa-getkeytab in a tool to add services as the new ipa-getkeytab won't do it (and IMO it makes more sense to keep the two functions separate anyway). changeset: 559:25a7f8ee973d user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:48:59 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c description: Bugfixes changeset: 558:28fcabe4aeba user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 23:48:29 2007 -0500 files: ipa-client/configure.ac ipa-client/ipa-client.spec ipa-client/ipa-client.spec.in ipa-client/ipa-getkeytab.c description: Configure fixes Add ipa-getkeytab to spec Client fixes changeset: 557:e92a4ffdcda4 user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 20:57:10 2007 -0500 files: ipa-client/Makefile.am ipa-client/configure.ac description: Try to make ipa-getkeytab build via autotools changeset: 556:224894175d6b user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 20:35:56 2007 -0500 files: ipa-admintools/ipa-getkeytab ipa-client/ipa-getkeytab.c description: Messed a bit with hg commands. To make it short: - Remove the python ipa-getkeytab program - Rename the keytab plugin test program to ipa-getkeytab - Put the program in ipa-client as it should be distributed with the client tools changeset: 555:5e1a068f2e90 user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 20:20:40 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Polish the client program changeset: 554:0a5b19a167cf user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 18:53:49 2007 -0500 files: ipa-server/ipa-install/share/default-aci.ldif ipa-server/ipa-install/share/default-keytypes.ldif ipa-server/ipa-install/share/kdc.conf.template ipa-server/ipa-install/share/kerberos.ldif ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c ipa-server/ipaserver/krbinstance.py description: Support retrieving enctypes from LDAP Filter enctypes Update test program changeset: 553:f75d7886cb91 user: Simo Sorce <ssorce@redhat.com> date: Thu Dec 20 00:17:40 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Fix ber generation and remove redundant keys changeset: 552:0769cafe6dcd user: Simo Sorce <ssorce@redhat.com> date: Wed Dec 19 19:31:37 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: Avoid stupid segfault changeset: 551:1acd5fdb5788 user: Simo Sorce <ssorce@redhat.com> date: Wed Dec 19 18:39:12 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c description: If ber_peek_tag() returns LBER_ERROR it may just be that we are at the end of the buffer. Unfortunately ber_scanf is broken in the sense that it doesn't actually really consider sequence endings (due probably to the fact they are just representation and do not reflect in the underlieing DER encoding.) changeset: 550:e974fb2726a4 user: Simo Sorce <ssorce@redhat.com> date: Wed Dec 19 18:35:07 2007 -0500 files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c description: First shot at the new method
* We need the OpenSSL Crypto lib for the DES and MD4 functions to generate NTSimo Sorce2007-12-071-0/+2
| | | | and LM hashes.
* Min Pwd Change Time Check after Password reset and other minor fixesSimo Sorce2007-11-302-26/+34
|
* Use groupOfNames and member, not groupOfUniqueNames and uniqueMemberSimo Sorce2007-11-201-1/+1
|
* Fix bad segfault when pwvals is nullSimo Sorce2007-11-191-34/+24
|
* Small fix from Rob to pwd-extop-pluginKarl MacMillan2007-11-171-1/+1
|
* - Store Master Key in Ldap (Makes it easier to set up replicas)Simo Sorce2007-11-162-178/+470
| | | | | | | | | | | | | | - Does not require dirsrv access to stash file - Finalize password history support - Fix strict password length default in pwd_extop (fix install sctript too) - fix plugin configuration - Introduce 3 kind of password change: normal, admin, and ds manager - normal require adherence to policies - admin does not but password is immediately expired - ds manager can just change the password any way he likes. Initial code to read the Kerberos Master Key from the Directory
* Initial implementation of policies support.Simo Sorce2007-11-131-103/+528
| | | | | | | | | | | | | | | | | | | This patch uses the kerberos schema policy, this is the same policy used by kadmin. While this patch allows for krbPwdPolicy objects anywhere the kldap module will make the kdc fail to provide tickets if the "krbPwdPolicyReference" points to any object that is not a child of cn=<REALM>,cn=kerberos,dc=.... To let us set policies anywhere in the tree I enabled the code to actually look at parent entries and the user entry itself and specify policies directly on these objects by adding the krbPwdPolicy objectclass to them (I know its structural but DS seem to allow multiple Structural classes on the same entry). The only side effect is that kadmin will not understand this, but we don't want to use kadmin anyway as it does not understand way too many things about the directory. I've tested a few scenarios and all seem working as expected, but further testing is welcome of course.
* Add posix auto gen for single master casePete Rowley2007-11-062-12/+13
|
* Properly increment kvno and keep recent key material aroundSimo Sorce2007-10-311-13/+162
| | | | | | This is necessary for services that need to be able to respond to requests from client that acquired a service ticket just before a password change.
* Fix build issues related to the autotools conversionRob Crittenden2007-10-181-0/+1
|
* Fix build from autoconf patch import.Karl MacMillan2007-10-183-0/+6
|
* Autotool ipa-server - patch from William Jon McCann <mccann@jhu.edu>.Karl MacMillan2007-10-1710-94/+144
|
* Enabled memberof pluginRob Crittenden2007-10-161-0/+1
|
* Karl MacMillan wrote:Karl MacMillan2007-10-093-36/+9
| | | | | | | | | | | | | > > This largish patch makes the build and installation work on 64bit > > machines. The only catch here is that to get a 64bit build you need to > > set LIBDIR on make: > > > > make install LIBDIR=/usr/lib64 > > > > The spec file does this correctly. I couldn't find any reliable way to > > guess this that works both on real systems and in the almost entirely > > empty rpm build root (you can't, for example, check for the existence > > of /usr/lib64).
* Correct installation path for dna plugin.Karl MacMillan2007-09-071-1/+1
|
* Initial commit of dna plugin - origin: FDS with fix upsPete Rowley2007-09-044-1/+1222
|
* Add password request for admin userSimo Sorce2007-08-311-1/+1
| | | | | | | | | Set password for admin user using the Directory Mangaer account and the mozldapldappaswd binary to get and SSL connection Fix some timeout problems with deploying keytabs Fix ipa_pwd_extop to actuallt correctly detect an SSL connection Do not ask for the user to use for the directory unless 'dirsrv' is an existing user which may clash, create it silently
* Add DS task to fix up memberof, turn debug build back onPete Rowley2007-08-212-3/+268
|
* Remove dependncy on libmhash and use openssl md4 functionsSimo Sorce2007-08-202-9/+20
| | | | | | | Remove all dependencies on mhash Remove code optimizatrion from Makefiles, right now these are developers targeted builds, so it is better to have debugging symbols around
* Fix -Wall for memberof plugin (from Pete Rowley).Karl MacMillan2007-08-171-10/+28
|
* Fix the relative name, Richm explained that the allowed values are either:Simo Sorce2007-08-162-2/+2
| | | | | | /full/path/plugin-name.so or just plugin-name (no .so as different arches have different extensions)
* General fixes.Simo Sorce2007-08-151-0/+1
| | | | Do not start ipa_kpasswd by default yet
* in F7 all directory names have changed from fedora-ds to dirsrvSimo Sorce2007-08-153-9/+11
| | | | which should also be the name used in DS 8.0, change all occurences
* Use relative .so names for plugin so that lib/lib64 does not get in the waySimo Sorce2007-08-152-1/+1
| | | | change the pwd-extop conf ldif to a more sensible name
* Merge from upstreamSimo Sorce2007-08-155-2/+1784
|\
| * Install server plugins in correct lib directory.Karl MacMillan2007-08-152-3/+13
| |
| * Integrate memberof plugin into build.Karl MacMillan2007-08-152-4/+27
| |
| * initial commit of memberof DS pluginPete Rowley2007-08-103-0/+1749
| |
* | Rely on the default pathSimo Sorce2007-08-151-2/+2
|/ | | | Fix description
* Clean-up code to avoid Wall warningsSimo Sorce2007-08-151-30/+19
|
* Updates to build kpaswd and the slapi plugins.Karl MacMillan2007-08-102-3/+43
|
* Add dependency and a commentSimo Sorce2007-08-081-0/+5
|
* Reorganized repo to reflect packaging.Karl MacMillan2007-07-275-0/+1378
generated by cgit (git 2.34.1) at 2024-06-20 12:47:55 +0000