| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
If openldap is not built with sasl support
libsss_ad.so will not be linked with libsasl2 although
sasl_client_init is called by function ad_sasl_initialize.
|
| |
|
|
|
|
|
| |
Automake computes build dependencies of a program automatically but not
if prog_DEPENDENCIES is set. In this case only the dependencies given by
prog_DEPENDENCIES are used. If the automatically calculated dependencies
should be augmented EXTRA_prog_DEPENDENCIES should be used.
|
| |
|
|
|
| |
If any function before failed, sss_idmap_free_sid() might have been
called with random data.
|
| | |
|
| |
|
|
|
|
|
| |
Added and documented option offline_timeout.
Resolves:
https://fedorahosted.org/sssd/ticket/1718
|
| |
|
|
|
| |
resolves:
https://fedorahosted.org/sssd/ticket/1359
|
| |
|
|
|
|
|
|
|
|
| |
Some groups could be skipped, but packet length was not trimmed.
This is a reason why valgrind reported access to uninitialised bytes.
Actually, it isn't a problem, because the first uint32 in body is number of
sended gids.
Resolves:
https://fedorahosted.org/sssd/ticket/2138
|
| |
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2133
|
| |
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2133
|
| |
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2133
|
| |
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2133
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Libraries MUST be specified in LDADD/LIBADD, not LDFLAGS, because
LDFLAGS appear earlier in the command line and library order is
significant.
|
| |
|
|
| |
Changing style of including header files from outside of sssd tree - from "header.h" to <header.h>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Groups may contain members from different domains. We need
to make sure that we always choose correct domain for subdomain
users when looking up in sysdb.
Resolves:
https://fedorahosted.org/sssd/ticket/2064
|
| |
|
|
|
|
|
|
|
| |
Groups may contain members from different domains. We need
to make sure that we always choose correct domain for subdomain
users when looking up in sysdb.
Resolves:
https://fedorahosted.org/sssd/ticket/2064
|
| |
|
|
|
|
|
|
|
| |
Groups may contain members from different domains. We need
to make sure that we store subdomain users with correct
domain name.
Resolves:
https://fedorahosted.org/sssd/ticket/2064
|
| |
|
|
|
|
|
|
| |
This function will find sdap domain by comparing object dn
with domain base dn.
Resolves:
https://fedorahosted.org/sssd/ticket/2064
|
| |
|
|
|
|
|
|
|
| |
Groups may contain members from different domains. Remembering
base dn in domain object gives us the ability to simply lookup
correct domain by comparing object dn with domain base dn.
Resolves:
https://fedorahosted.org/sssd/ticket/2064
|
| |
|
|
|
|
|
|
|
|
| |
When getByID or getBySID comes from responder, the request doesn't
necessarily have to contain correct domain, since responder iterates
over all domains until it finds a match.
Every domain has its own ID range, so we can simply shortcut if
domain does not match and avoid LDAP round trip. Responder will
continue with next domain until it finds the correct one.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
If talloc_array return NULL we should return right error code from function
sdap_domain_subdom_add. It might happen that we could return either wrong error
code or uninitialized variable ret.
|
| | |
|
| |
|
|
|
| |
If sssd is compiled with disabled link_all_deplibs (debian) some test could not
be properly linked. This patch add missing libraries
|
| |
|
|
|
|
| |
* Stop using --target (unneeded)
* Drop explicit use of --with-default-ccache* since we now pick it up
from libkrb5
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The code wrote into the middle of the packet to a space that was already
reserved and allocated but then still advanced the pointer to the buffer.
https://fedorahosted.org/sssd/ticket/2124
|
| | |
|
| |
|
|
|
|
|
| |
The Kerberos provider didn't handle ERR_CHPASS_FAILED at all, which
resulted in the default return code (System Error) to be returned if
password change failed for pretty much any reason, including password
too recent etc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is a workaround until
https://fedorahosted.org/sssd/ticket/2129 is fixed properly.
Consider a group entry such as:
cn: subgroup@subdom
ghost: someuser
ghost: anotheruser@subdom
Currently in order to print all group members as FQDN (which is the default
for AD provider), the code needs to iterate over the ghost attributes and
parse them into (name,domain) and optionally re-add the domain.
The proper fix would be to store always just the FQDN in the hardcoded
form of user@domain
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
GC contains objects from both parent domain and subdomain.
Lets say we have group with UID 5000 that belongs to a subdomain and
overlapping search bases dc=ad,dc=pb and dc=sub,dc=ad,dc=pb. Now
we call 'getent group 5000' and this request goes through data
provider, searching in parent domain first. Even though this
group does not belong to this domain it is found and stored as
ad.pb group.
With this patch we look at group's SID and put it into correct domain.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
GC contains objects from both parent domain and subdomain.
Lets say we have user with UID 5000 that belongs to a subdomain and
overlapping search bases dc=ad,dc=pb and dc=sub,dc=ad,dc=pb. Now
we call 'getent passwd 5000' and this request goes through data
provider, searching in parent domain first. Even though this
user does not belong to this domain it is found and stored as
ad.pb user.
With this patch we look at user's SID and put it into correct domain.
|
| |
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1968
|
| |
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1968
|
| |
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1968
|
| |
|
|
|
|
|
|
| |
This is a wrapper around be_ptask_create() that allows to create
synchronous periodic tasks.
Resolves:
https://fedorahosted.org/sssd/ticket/1968
|
| |
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1968
|
| |
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1968
|
| |
|
|
|
|
|
|
| |
Every request is attached to be_ctx->domain by default. We
will change the domain to a subdomain if it is relevant.
Resolves:
https://fedorahosted.org/sssd/ticket/1968
|
| |
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1968
|
| |
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1968
|
| |
|
|
|
|
|
|
|
|
| |
This patch makes the refresh of available subdomains configurable.
New option:
subdomain_refresh_interval (undocumented)
Resolves:
https://fedorahosted.org/sssd/ticket/1968
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2082
Adds a new option that allows the admin to specify a LDAP access filter
that can be applied globally, per-domain or per-forest.
|
