summaryrefslogtreecommitdiffstats
path: root/src/config/etc/sssd.api.d/sssd-ipa.conf
Commit message (Collapse)AuthorAgeFilesLines
* LDAP: Add option to disable paging controlStephen Gallagher2012-03-221-0/+1
| | | | | | | | | | | | | | | Fixes https://fedorahosted.org/sssd/ticket/967 Conflicts: src/config/SSSDConfig.py src/config/etc/sssd.api.d/sssd-ipa.conf src/config/etc/sssd.api.d/sssd-ldap.conf src/man/sssd-ldap.5.xml src/providers/ipa/ipa_common.c src/providers/ipa/ipa_common.h src/providers/ldap/ldap_common.c src/providers/ldap/sdap.h
* Rewrite HBAC rule evaluatorStephen Gallagher2011-10-261-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add helper function msgs2attrs_array This function converts a list of ldb_messages into a list of sysdb_attrs. Conflicts: src/providers/ldap/ldap_common.c src/providers/ldap/ldap_common.h Add HBAC evaluator and tests Add helper functions for looking up HBAC rule components Remove old HBAC implementation Add new HBAC lookup and evaluation routines Conflicts: Makefile.am Add ipa_hbac_refresh option This option describes the time between refreshes of the HBAC rules on the IPA server. Add ipa_hbac_treat_deny_as option By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period. Treat NULL or empty rhost as unknown Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts. libipa_hbac: Support case-insensitive comparisons with UTF8 UTF8 HBAC test Fix memory leak in ipa_hbac_evaluate_rules https://fedorahosted.org/sssd/ticket/933 Fix incorrect NULL check in ipa_hbac_common.c https://fedorahosted.org/sssd/ticket/936 Require matched version and release for libipa_hbac Add rule validator to libipa_hbac https://fedorahosted.org/sssd/ticket/943
* Add ldap_tls_{cert,key,cipher_suite} config optionsTyson Whitehead2011-01-201-0/+3
| | | | Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* Add ipa_hbac_search_base config optionSumit Bose2011-01-191-0/+1
|
* Update config API filesSumit Bose2010-12-211-1/+6
| | | | | | Over the time a couple of new config options didn't made it into the config API files. This patch updates the files and removes some duplications.
* ldap: Use USN entries if available.Simo Sorce2010-12-071-0/+2
| | | | Otherwise fallback to the default modifyTimestamp indicator
* Add ldap_deref optionSumit Bose2010-10-221-0/+1
|
* Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip.Jan Zeleny2010-10-191-0/+1
| | | | | | | | For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543
* Add option to limit nested groupsSimo Sorce2010-10-181-0/+1
|
* Add infrastructure to LDAP provider for netgroup supportSumit Bose2010-10-131-0/+7
|
* Remove krb5_changepw_principal optionJakub Hrozek2010-06-141-1/+1
| | | | Fixes: #531
* Add dynamic DNS updates to FreeIPAStephen Gallagher2010-05-161-0/+2
| | | | | | | | | | | | | | | | | | This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
* SSSDConfigAPI fixesJakub Hrozek2010-05-161-1/+5
| | | | | | | | * add forgotten ldap_dns_service option * sync IPA and LDAP options (ldap_pwd_policy and ldap_tls_cacertdir) * ldap_uri is no longer mandatory for LDAP provider - the default is to use service discovery with no address set now. Ditto for krb5_kdcip and ipa_server
* Revert "Add dynamic DNS updates to FreeIPA"Stephen Gallagher2010-05-071-2/+0
| | | | | | | This reverts commit 973b7c27c0b294b8b2f120296f64c6a3a36e44b7. While this patch applied cleanly, it was uncompilable. Reverting until it can be properly merged.
* Add dynamic DNS updates to FreeIPAStephen Gallagher2010-05-071-0/+2
| | | | | | | | | | | | | | | | | | This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
* Make krb5_kpasswd available for any krb5 providerStephen Gallagher2010-05-071-0/+1
| | | | | | | | | Previously, the option krb5_kpasswd was only available if 'chpass_provider = krb5' was specified explicitly. Now it will be available also if 'auth_provider = krb5'. This option was also missing from the IPA options, so I have added it there as well
* Rename server/ directory to src/Stephen Gallagher2010-02-181-0/+77
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-06-10 10:21:09 +0000