summaryrefslogtreecommitdiffstats
path: root/server/providers/ldap/ldap_common.c
Commit message (Collapse)AuthorAgeFilesLines
* Consolidate code for splitting strings by separatorJakub Hrozek2009-12-101-3/+2
| | | | | | | | There were two functions for parsing strings by a separator. This patch consolidates on the one previously used in confdb. This also allows stripping the tokens of whitespace. Fixes: #319
* Try to renew Kerberos credentialsSumit Bose2009-12-071-0/+139
| | | | | | | | When using GSSAPI we need a valid service ticket to talk to the LDAP server. If the ticket is expired the LDAP client returns with 'Can't contact LDAP server'. Currently we set the backend offline if this error occurs although the server is still available. This patch checks if the TGT is expired and tries to renew the credentials before going offline.
* Get TGT in a child process.Jakub Hrozek2009-11-251-0/+3
| | | | | | | To avoid blocking in a synchronous call, the TGT is saved in a separate process Fixes: #277
* Add ldap_pwd_policy optionSumit Bose2009-11-231-1/+17
|
* Add initial failover support for ldap and ipaSimo Sorce2009-11-201-0/+108
| | | | | | | The retun values are still not directly used with ldap libraries that still do their own name resolution, but this patch introduces a very basic framework to have a multiple providers in one domain use and share a single failover service if they want to.
* Raise some timeoutsSimo Sorce2009-11-201-2/+2
| | | | | When using high debug levels or valgrind the code maybe slow enough that these timeouts were too strict.
* Add cleanup taskSimo Sorce2009-11-101-8/+12
|
* Reorganize ldap id provider filesSimo Sorce2009-11-061-0/+41
| | | | Split enum task in a separate file.
* Rename sdap_id_map to sdap_attr_mapSimo Sorce2009-11-031-6/+34
| | | | | | Also start adding some infrastructure to use the USN counter when available. In particular add a place to add generic attrs mapping, ie attributes that are neither user nor group specific.
* Tidy up ipa optionsSimo Sorce2009-10-291-2/+28
| | | | | | | | | | | | | | Do not replicate every and each option we may want to set in ipa. Just read out ldap and krb provider options (added reference in the manual too, and removed mention of ipa specific timeout values, use ldap options for that) Avoid calling auth module initialization twice, just pass the auth context to the chpass module too. Add a new ldap option SDAP_SEARCH_BASE, so that a single searching base can be used for both users and groups. the user and group search bases can still be set separately if necessary but they are now optional and set to be identical to SDAP_SEARCH_BASE if not explicitly specified in the configuration.
* Move responsibility for entry expiration timeoutSimo Sorce2009-10-271-1/+1
| | | | | The providers are now responsible for determining how long a cached entry is considered valid. The default is the same as before (600s)
* Add proper support for IPA/AD schemasSimo Sorce2009-10-271-0/+10
| | | | | | Nested groups weren't properly handled. Add 2 pass strategy to update groups memberships Stuff work as expected when enumeration is enabled now.
* Move all ldap provider init functionsSimo Sorce2009-10-161-0/+6
| | | | | Put all init functions in their own file so that the other files can be reused in other providers w/o having them in the way.
* Check for expired passwords in LDAP providerSumit Bose2009-10-151-2/+22
|
* Move ldap provider configuration into its own fileSimo Sorce2009-10-141-0/+176
generated by cgit (git 2.34.1) at 2024-06-28 08:16:18 +0000