summaryrefslogtreecommitdiffstats
path: root/server/providers/ldap
Commit message (Collapse)AuthorAgeFilesLines
* Fix long timeout on ldap operationSimo Sorce2009-10-012-5/+14
| | | | | Always use the network timeout defined in the options. But raise defaults to 60 seconds or enumerations can easily fail.
* Initial implementation of sasl bind supportSimo Sorce2009-10-016-59/+488
| | | | | | Inits krb5 credentials, if sasl mech is GSSAPI. Tested with GSSAPI and host keytab as well as user credentials. Updates also manpages with the new options.
* Let backend respond while fetching large resultsSimo Sorce2009-09-251-2/+11
| | | | | | | Timers always come before fd events, wait 5 microseconds between processing operations so that tevent has a chance of cactching an fd event in between. This allows the backend to reply to pings even while processing very large ldap results (importanty especially during the first enumeration).
* add new config options ldap_tls_cacert and ldap_tls_cacertdirSumit Bose2009-09-254-67/+72
|
* Upgrade confdb to version 2Stephen Gallagher2009-09-251-58/+58
| | | | | This converts a great many configuration options to the new standard format.
* Fix copy&paste of wrong structureSimo Sorce2009-09-231-2/+2
|
* Revert "Use syslog for logging error conditions in SSSD"Stephen Gallagher2009-09-233-38/+38
| | | | | | | | This reverts commit 8c50bd085c0efe5fde354deee2c8118887aae29d. Amended: commit 1016af2b1b97ad4290ccce8fa462cc7e3c191b2e also made use of the SYSLOG_ERROR() macro, so those portions of that code also needed to be reverted.
* Use syslog for logging error conditions in SSSDJakub Hrozek2009-09-213-38/+38
| | | | | This is just a band-aid until ELAPI is fully functional and ready to use.
* Check if SSL/TLS handler is already in placeSumit Bose2009-09-161-1/+8
| | | | | | | | | Authentication against a LDAP server should always use an encrypted connection. To acchive this the LDAP provider calls ldap_start_tls which will fail if the connection is already encrypted, e.g. if an ldaps tunnel is already established. Because the error message from ldap_start_tls is not specific we check the status with ldap_tls_inplace before calling ldap_start_tls.
* Turn ldap driver options into multitypeSimo Sorce2009-09-146-194/+376
| | | | | | | | | | This patch makes basic options multiype, the init function assigns a type from the initialization array, and processes values fetched from confdb accordingly. 4 types are supported so far: string, number, blob and boolean Also convert defines into enums where appropriate. Add fetch functions that check the requested type.
* Make the offline status backend-globalSimo Sorce2009-09-142-55/+29
| | | | | Add helpers functions to query/set the offline status per backend. Now all providers share the same offline status.
* Complete the removal of "legacy" option.Simo Sorce2009-09-113-24/+192
| | | | | | | | | The code was still dependent on it for the ldap driver. Changed the driver code to depend on the schema type. Fix defaults for user and groups trees. ATM if you use the rfc2307bis schema you have to put users and groups in 2 separate trees (what people does by default anyway. If this limitation will turn to be too hard, we will change this later.
* Fix ldap enumeration async taskSimo Sorce2009-09-111-12/+16
| | | | | | | | | The request was being freed, instead of marking it done and let the callback free it when done. This was causing us to access freed memory, when trying to set the next run. Let the callback add new runs and free the request instead as normally we would do with any other tevent_req async call. Courtesy of valgrind again.
* Fix memory mishandling.Simo Sorce2009-09-111-10/+7
| | | | | | | | By attaching the reply to a subreq, we ended up freeing the operations list element before we used it to skip to the next one. Do not steal the context and let the unlocking code free the old reply, when it moves onto processing the next one. Got this one with valgrind.
* Fix Ldap id backend offline codeSimo Sorce2009-09-102-14/+83
| | | | | | | After the recent changes we lost the capability to actually go offline. Put back code that would mark the backend as offline when timeouts happen. Make sure the enumeration code also obbeys the offline timeout, and contributes in determining if we are offline or not.
* Fix two possible uninitialized valuesSimo Sorce2009-09-081-1/+1
| | | | Make counter for used messages explicit.
* Avoid crash when timestamp is NULLRalf Haferkamp2009-09-031-1/+3
| | | | | Check if the timestamp argument of sdap_save_group_recv is NULL before using it.
* Fix initgroups search filter when using rfc2307bisRalf Haferkamp2009-09-031-2/+2
| | | | | sdap_get_initgr_process() was using the wrong sdap_id_map struct when creating the searchfilter for the initgroups() call.
* Honor enumerate option in ldap_idSimo Sorce2009-09-021-6/+9
| | | | | If enumerations are disabled for this domain, then do not start the enumeration task.
* check if gid attribute is emptySumit Bose2009-08-281-0/+6
|
* fix internal order of ldap user mapping optionsSumit Bose2009-08-281-4/+4
|
* Make enumeration an independent taskSimo Sorce2009-08-275-68/+693
| | | | | | Always immediately return to DP, and update users/groups in the background. Also implements an optimization to retrieve only changed/new users/groups by filtering using the modifyTimestamp after the first query.
* Always save using member/memberOfSimo Sorce2009-08-271-0/+5
| | | | | First pass to remove the legacy option and make it just a property of the provider
* Initial support for multiple schema typesSimo Sorce2009-08-271-7/+39
|
* Use the correct structure.Simo Sorce2009-08-271-2/+2
|
* Do not fail enumerations if a single store failsSimo Sorce2009-08-241-40/+45
| | | | Try as hard as possible to store as much data as we can.
* some UPN handling fixesSumit Bose2009-08-243-5/+37
| | | | | | - making the realm part upper case is now optional and done in the LDAP backend - using a username@realm UPN is now optional
* store additional LDAP attributesSumit Bose2009-08-211-4/+45
| | | | | If available the original DN and the user principle will be stored in sysdb.
* enable usage of defaultBindDnSumit Bose2009-08-195-9/+48
|
* Do not fail enumerations because of range checksSimo Sorce2009-08-101-3/+15
|
* Consolidate tevent helpersJakub Hrozek2009-08-051-17/+0
|
* Fix race condition in sdap codeSimo Sorce2009-08-042-83/+172
| | | | | | | Retrieving ldap results and storing users could sometimes results in race conditions where the final ldap result was retrieved before the store operations where finished resulting in the operations to be aborted before termination. Implement a serialization mechanism per operation.
* Fix search replies getting ignoredSimo Sorce2009-08-031-14/+12
|
* Fix race condition that was causing segfaultsSimo Sorce2009-07-241-80/+136
| | | | | | | | The sdap_handle might be freed when processing a message. Rearrange data flow so that the sdap_handle is never used after a message is processed but a new event (dependent on the handle) is instead scheduled. If the sdap_handle is freed, the scheduled event is also removed and not fired
* added LDAP change password backend targetSumit Bose2009-07-213-2/+301
|
* Rework the engine that deals with openldap librariesSimo Sorce2009-07-203-497/+403
| | | | | | | The way openldap libraries work, require to have a single engine per connection as all replies are read at the same time. So we need to always read anything that comes in from the wire and then loop to dispatch results to the requests that are waiting.
* add infrastructure to handle new backend targetsSumit Bose2009-07-202-9/+10
|
* fixed the default value for tls_reqcertSumit Bose2009-07-101-1/+1
|
* Implement the ldap identity module.Simo Sorce2009-07-085-709/+1173
| | | | This uses and exapands the async helpers.
* Unify password caching ops in sysdbSimo Sorce2009-07-083-132/+22
|
* Use async helpers for ldap auth moduleSimo Sorce2009-07-081-722/+314
| | | | | | This changes the style quite a lot, but the tevent_req style is much more clear and much less error-prone than the giant loop we had previously.
* Add async helper functionsSimo Sorce2009-07-084-0/+2035
| | | | | | These functions use the tevent_req async model, where a pair of _send/_recv functions pilot requests, with additional helpers like _done functions, and where needed multiple stage helpers.
* Rework transaction code to use tevent_reqSimo Sorce2009-07-031-21/+65
| | | | | | This is part of a set of patches to rewrite sysdb to a hopefully better API, that will also let use use tevent_req async style calls to manipulate our cache.
* Rename sysdb_req to sysdb_handle.Simo Sorce2009-07-031-5/+5
| | | | | | | | | This sysdb_req has always really been a transaction handle and not a request. This is part of a set of patches to rewrite transaction support in sysdb to a hopefully better API, that will also let use use tevent_req async style to manipulate our cache.
* Remove extra implementation of password_destructorStephen Gallagher2009-06-111-11/+0
|
* added tls_reqcert option for native LDAP backendSumit Bose2009-06-021-0/+32
| | | | | | | In order to allow to access LDAP servers which do not provide SSL/TLS encryption the option tls_reqcert is added to the native LDAP backend. It accepts the same arguments as the corresponding OpenLDAP option documented in ldap.conf(5) and should preform accordingly.
* Silence warningsSimo Sorce2009-05-261-2/+3
|
* call tevent_add_fd only onceSumit Bose2009-05-191-27/+11
|
* Move actual password caching into sysdbSimo Sorce2009-05-181-6/+117
| | | | Convert auth modules to do the caching themselves
* Split ldap backend into auth and identity filesSimo Sorce2009-05-182-19/+798
|
generated by cgit (git 2.34.1) at 2024-06-02 23:36:49 +0000