summaryrefslogtreecommitdiffstats
path: root/server
Commit message (Collapse)AuthorAgeFilesLines
...
* Try to renew Kerberos credentialsSumit Bose2009-12-075-2/+189
| | | | | | | | When using GSSAPI we need a valid service ticket to talk to the LDAP server. If the ticket is expired the LDAP client returns with 'Can't contact LDAP server'. Currently we set the backend offline if this error occurs although the server is still available. This patch checks if the TGT is expired and tries to renew the credentials before going offline.
* Add basic OS detectionSumit Bose2009-12-074-2/+40
| | | | | Detect if the OS is Fedora, RHEL or SUSE and install the SUSE start-script on SUSE systems.
* Fix nested group membershipsSimo Sorce2009-12-076-221/+299
| | | | | | | | | Search the local db to find the local DN using the original DN as search key. This way we do not have to rely on weak and faulty heuristicts based on DN names. Add a few helper functions in the process and change the way we pass members to sysdb_store_group_send(), instead of passing users and groups list, just add member DNs to the other sysdb attrs.
* Make strdn build functions more availableSimo Sorce2009-12-073-42/+58
|
* Resolve nested groups also when rfc2307bis is usedSimo Sorce2009-12-071-68/+2
|
* Do not treat missing proc files as errors.Sumit Bose2009-12-071-0/+10
|
* Add sysdb_search_custom requestSumit Bose2009-12-073-74/+206
|
* Raise debug log level for LDB_DEBUG_WARNINGStephen Gallagher2009-12-031-1/+1
| | | | Level 3 was far too low for mostly-useless messages
* Make debug log timestamps human-readableStephen Gallagher2009-12-032-4/+13
|
* Use the custom password field in groups too.Simo Sorce2009-12-031-3/+5
| | | | Groups also need to honor the settable password field and use * by default.
* Use memberuid and not member in group enumerationsSimo Sorce2009-12-032-54/+9
| | | | | | This allows for correctly reporting nested group members, while at the same time not paying a too high price for caluclating nested groups at runtime e very time a search is made.
* Compute and save memberuid in cache as wellSimo Sorce2009-12-031-108/+690
| | | | | | | | | This patch adds a new generated attribute to every group that has direct or indirect members. This attribute is called memberuid and contains the name of the users that are directo or indirect members of this group. This is done to greatly speed up group enumerations when NSS reads groups off the cache.
* Fix memberof pluginSimo Sorce2009-12-031-12/+15
| | | | | A loop was badly built and was skipping entries. This left some memberof attributes in place that should have been removed.
* Check LDAP structure before calling ldap_unbind_ext()Sumit Bose2009-12-031-1/+3
|
* Check the services started against a list of known servicesJakub Hrozek2009-12-031-0/+29
| | | | Fixes: #241
* Setup ldap child logging from IPA backendJakub Hrozek2009-12-034-45/+54
| | | | Fixes: #296
* Copy-edit sssd-ipa man pageDavid O'Brien2009-12-031-18/+17
| | | | | Mainly typo fixes and grammar updates. Application of RH doc styles where appropriate.
* Better error message when there is no local domain configuredJakub Hrozek2009-12-017-7/+31
| | | | Fixes: #235
* Warn visibly about permission problems with the config fileJakub Hrozek2009-12-011-1/+8
| | | | Fixes: #268
* Immediately return a krb5 change password request when offlineSumit Bose2009-12-011-0/+7
|
* Fix tabsSimo Sorce2009-12-011-21/+21
|
* Remove unneeded debugging codeSumit Bose2009-11-251-9/+0
|
* Fix an internal error when cache_credentials=FALSESumit Bose2009-11-251-1/+4
|
* Fix bug with bad ldb pkg-config filesStephen Gallagher2009-11-251-1/+1
|
* Update PL translationraven2009-11-251-7/+6
|
* Get TGT in a child process.Jakub Hrozek2009-11-2510-165/+1081
| | | | | | | To avoid blocking in a synchronous call, the TGT is saved in a separate process Fixes: #277
* Split helpers for child processesJakub Hrozek2009-11-258-174/+267
| | | | | Moves several functions out of providers/krb5 hierarchy into a separate module so it can be shared by the ldap child.
* In IPA, the realm is always the domain uppercased.Simo Sorce2009-11-251-2/+7
|
* Make ldb lib dir configurableSumit Bose2009-11-252-1/+19
|
* Use ldb modules from build root for testsSumit Bose2009-11-252-0/+5
|
* Fix internal options numbers testSimo Sorce2009-11-251-12/+24
| | | | | | Unfortunately since we changed the defines to an enum the preprocessor test stopped working. Turn tests into runtime tests that will abort the process.
* Really check return value from pam_set_itemSumit Bose2009-11-231-3/+3
|
* Fix ticket #289Simo Sorce2009-11-231-0/+18
| | | | | When I converted fill_grent to speed up enumerations I left out this check by mistake.
* Update translation strings for string freezeStephen Gallagher2009-11-235-382/+463
|
* Read KDC info from file instead from environmentSumit Bose2009-11-2312-74/+474
| | | | | | Then name or IP adress of the KDC is written into the pubconf directory into a file named kdcinfo.REALM. The locator plugin will then read this file and pass the data to the kerberos libraries.
* Speed up user requests while offlineStephen Gallagher2009-11-236-52/+102
| | | | | | | | | This adds a new boolean option to sss_dp_send_acct_req() called fast_reply. If we make a request to the backends and we are currently offline, this option will determine whether we should immediately return from the cache (acceptable for NSS requests) or potentially wait for an online check to complete (required for PAM requests).
* Make backend request type a bitfieldStephen Gallagher2009-11-233-5/+5
|
* Update PL translationStephen Gallagher2009-11-231-79/+80
|
* Add ldap_pwd_policy optionSumit Bose2009-11-237-45/+129
|
* Add initial failover support for ldap and ipaSimo Sorce2009-11-2022-69/+938
| | | | | | | The retun values are still not directly used with ldap libraries that still do their own name resolution, but this patch introduces a very basic framework to have a multiple providers in one domain use and share a single failover service if they want to.
* Raise some timeoutsSimo Sorce2009-11-202-3/+3
| | | | | When using high debug levels or valgrind the code maybe slow enough that these timeouts were too strict.
* Filter by id range before actually storing entries.Simo Sorce2009-11-204-31/+89
| | | | This way we do not need to check for id ranges on every search.
* Optimize sysdb_enumgrentSimo Sorce2009-11-203-504/+203
| | | | | This brings down the time needed to enumerate my group database from 2.4 seconds to 0.15 seconds.
* Only display errors in unit testsStephen Gallagher2009-11-2010-11/+21
| | | | | If you want to turn verbosity back on, just set the environment variable CK_VERBOSITY=verbose
* Enhance check for remote hostsSumit Bose2009-11-202-55/+97
|
* Add ipa_authSumit Bose2009-11-205-1/+352
| | | | | | | | To support IPA DS to Kerberos password migration a seperate authentication target is added. It calls the Kerberos authentication target and in the case of a 'Preauthentication Error' the LDAP authentication target. On success the Kerberos target is called again to request the TGT.
* Add reference to sssd-krb5 man page.Simo Sorce2009-11-201-0/+3
| | | | Thanks to Marko Myllynen for spotting this.
* Improve handling of ccache filesSumit Bose2009-11-208-206/+1081
| | | | | | | - save current ccache file to sysdb - use the saved ccache file if the user has running processes - create an empty ccache if offline - return enviroment variables if offline
* Correctly escape DN value.Simo Sorce2009-11-201-6/+42
| | | | | In building the DN string we weren't correctly escaping the value of the RDN component. This patches fixes that.
* Better behavior on cleanupSimo Sorce2009-11-204-20/+44
| | | | | | | | | | | | With the previous code in domains with many users and enumeration enable we would eventually end up making thousands of individual searches for entries in the clean-up process. Change the code to do a full enumeration before a cleanup so we do one single big search to update all entries and only then search for entries to purge. This also fixes the fact that the cleanup task was running at every enumeration instead of running every "ldap_purge_cache_timeout" seconds.
generated by cgit (git 2.34.1) at 2024-05-03 14:32:19 +0000