| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Remove the "legacy" option from examples and man pages.
Legacy is is finally R.I.P
Add docs for ldapSchema in sssd-ldap man page.
|
| |
|
|
|
|
|
|
|
| |
The code was still dependent on it for the ldap driver.
Changed the driver code to depend on the schema type.
Fix defaults for user and groups trees.
ATM if you use the rfc2307bis schema you have to put users and groups
in 2 separate trees (what people does by default anyway.
If this limitation will turn to be too hard, we will change this later.
|
| |
|
|
|
| |
The patch that added check_cache() broke them, no results returned for any group
with actual members ...
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The request was being freed, instead of marking it done and let the callback
free it when done. This was causing us to access freed memory, when trying to
set the next run.
Let the callback add new runs and free the request instead as normally we would
do with any other tevent_req async call.
Courtesy of valgrind again.
|
| |
|
|
|
|
|
|
| |
By attaching the reply to a subreq, we ended up freeing the operations list
element before we used it to skip to the next one.
Do not steal the context and let the unlocking code free the old reply, when it
moves onto processing the next one.
Got this one with valgrind.
|
| |
|
|
| |
We were talloc_free()-ing the cdb_file string too early.
|
| |
|
|
| |
Fixes: #138
|
| |
|
|
|
|
|
|
|
| |
Remove magicPrivateGroups since it's set automatically, use bool values
for enumerate.
Also add a notice about krb5 auth-module with a link to specialized
manpage to sssd.conf(5) similar to what we have for ldap auth-module.
Move both outside proxy domain description.
|
| |
|
|
|
|
|
| |
We will now parse the config file and validate the confdb contents
before processing the rest of the monitor startup. This will allow
us to return an appropriate error code to the shell if the
configuration is invalid.
|
| |
|
|
|
|
| |
Because the confdb always operates synchronously, it maintains its
own private event context internally. The event context argument
passed to it is never used, so we'll remove it to avoid confusion.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
After the recent changes we lost the capability to actually go offline.
Put back code that would mark the backend as offline when timeouts happen.
Make sure the enumeration code also obbeys the offline timeout, and
contributes in determining if we are offline or not.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This timeout specifies the lifetime of a cache entry before it is
updated out-of-band. When this timeout is hit, the request will
still complete from cache, but the SSSD will also go and update
the cached entry in the background to extend the life of the
cache entry and reduce the wait time of a future request.
|
| |
|
|
|
|
| |
getpwnam, getpwuid, getgrnam and getgrgid will now use a common
function, check_cache, for determining whether to return a cached
value or to go to the provider.
|
| |
|
|
|
| |
- remove unused PAM_LIBS from LDAP and Kerberos provider
- add OPENLDAP_LIBS to LDAP provider
|
| |
|
|
|
| |
- older version of libpcre only support the Python syntax (?P<name>)
for named subpatterns
|
| |
|
|
|
| |
Removes the ability to proxy to shadow-utils. Also remove all the
supporting functions for getting domain type, domain by id etc.
|
| | |
|
| |
|
|
|
| |
The special persistent local database retains the original name.
All other backends now have their own cache-NAME.ldb file.
|
| |
|
|
| |
Make counter for used messages explicit.
|
| | |
|
| |
|
|
|
| |
- remove unneeded CFLAGS component
- do not leak LDFLAGS used by configure check to final Makefile
|
| |
|
|
|
| |
- replaced mailing list address
- let sssd base components read version from VERSION
|
| |
|
|
|
| |
Check if the timestamp argument of sdap_save_group_recv is NULL before
using it.
|
| |
|
|
|
| |
sdap_get_initgr_process() was using the wrong sdap_id_map struct
when creating the searchfilter for the initgroups() call.
|
| |
|
|
| |
New tevent library finally outlawed nested loops.
|
| |
|
|
|
| |
If enumerations are disabled for this domain, then do not start the
enumeration task.
|
| |
|
|
|
|
|
|
|
|
|
| |
The data provider backends stored a name value besides the domain
name to identify themselves to the data provider. This was the name
of the id provider. Currently the backends can have different
providers for id, authentication etc. So the name may be missleading.
Also when there are more domains with the same id provider the name
is not enough to identify the backend but the domain name is. As a
consequence the backend name is removed completely and only the
domain name is used for identification.
|
| |
|
|
|
| |
PCRE_DUPNAMES is a new feature of libpcre 7. It is used in sssd to
make the splitting of fully qualified user names more flexible.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
It seems like DBUS always adds 2 watches for the same fd.
One is for reading and the other is for writing.
DBUS then keeps disabling one and enabling the other, depending on whether
it is interested in reading or writing from/to the file descriptor.
|
| | |
|
| |
|
|
|
|
| |
Currently the kerberos locator plugin needs these two variables to
be set to find a KDC which is configured in sssd but not in
/etc/krb5.conf.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This patch reduces the time needed to enumerate groups of a midsized
domain from 12 seconds to 4.4
Optimizes enumerations by doing only 2 ldb searches and some ordering
instead of a number of searches proportional to the number of groups
|
| |
|
|
|
|
| |
Always immediately return to DP, and update users/groups in the background.
Also implements an optimization to retrieve only changed/new users/groups
by filtering using the modifyTimestamp after the first query.
|
| | |
|
| |
|
|
| |
Provides also an upgrade function.
|
| |
|
|
| |
Also remove legacy memberuid support
|
