sssd.git/src/providers/ldap, branch nonroot

KRB5: Pass the sssd_be uid and gid to krb5_child

2014-11-28T17:48:23+00:00

krb5/ldap: use MEMORY ccache and keytab in *_child processes

2014-11-28T16:59:38+00:00

LDAP: always store UUID if available

2014-11-20T09:52:48+00:00

Related to https://fedorahosted.org/sssd/ticket/2481

Reviewed-by: Jakub Hrozek

LDAP: add support for lookups by UUID

2014-11-20T09:52:45+00:00

Related to https://fedorahosted.org/sssd/ticket/2481

Reviewed-by: Jakub Hrozek

SYSDB: sysdb_idmap_get_mappings returns ENOENT

2014-11-19T22:44:52+00:00

sysdb_idmap_get_mappings returns ENOENT if no results were found.

Part od solution for:
https://fedorahosted.org/sssd/ticket/1991

Reviewed-by: Lukáš Slebodník

LDAP: Disable token groups by default

2014-11-12T16:48:14+00:00

We tried to speed up processing of initgroup lookups with tokenGroups even for
the LDAP provider (if remote server is Active Directory), but it turns out that
there are too many corner cases that we didn't catch during development that
break. For instance, groups from other trusted domains might appear in TG and
the LDAP provider isn't equipped to handle them.

Overall, users who wish to use the added speed benefits of tokenGroups are
advised to use the AD provider.

Resolves:
https://fedorahosted.org/sssd/ticket/2483

Reviewed-by: Michal Židek

Revert "LDAP: Change defaults for ldap_user/group_objectsid"

2014-11-10T09:38:53+00:00

This reverts commit f834f712548db811695ea0fd6d6b31d3bd03e2a3.

OpenLDAP server cannot dereference unknown attributes. The attribute objectSID
isn't in any standard objectclass on OpenLDAP server. This is a reason why
objectSID cannot be set by default in rfc2307 map and rfc2307bis map.
It is the same problem as using non standard attribute "nsUniqueId"
in ticket https://fedorahosted.org/sssd/ticket/2383

Reviewed-by: Michal Židek

Fix uuid defaults

2014-11-06T18:25:18+00:00

Recently the uuid attributes for user and groups were removed because
it was found that there are not used at all and that some of them where
causing issues (https://fedorahosted.org/sssd/ticket/2383).

The new views/overrides feature of FreeIPA uses the ipaUniqueID attribute
to relate overrides with the original IPA objects. The previous two
patches revert the removal of the uuid attributes from users and groups
with this patch set the default value of these attributes to
ipaUniqueID from the IPA provider, to objectGUID for the AD provider and
leaves them unset for the general LDAP case to avoid issues like the one
from ticket #2383.

Related to https://fedorahosted.org/sssd/ticket/2481

Reviewed-by: Lukáš Slebodník

Revert "LDAP: Remove unused option ldap_group_uuid"

2014-11-06T18:25:16+00:00

This reverts commit b5242c146cc0ca96e2b898a74fb060efda15bc77.

Reviewed-by: Lukáš Slebodník

Revert "LDAP: Remove unused option ldap_user_uuid"

2014-11-06T18:25:09+00:00

This reverts commit dfb2960ab251f609466fa660449703835c97f99a.

Reviewed-by: Lukáš Slebodník