| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Add option to fallback to fetch local users if rfc2307is being used.
This is useful for cases where people added local users as LDAP members
and rely on these group memberships to be maintained on the local host.
Disabled by default as it violates identity domain separation.
Ticket:
https://fedorahosted.org/sssd/ticket/1020
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1611
|
|
|
|
|
|
| |
Add the option to the manual page and the configAPI
https://fedorahosted.org/sssd/ticket/1494
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1478
|
|
|
|
|
|
| |
This patch adds support for new config option ad_backup_server. The
description of this option's functionality is included in man page in
one of previous patches.
|
|
|
|
|
|
| |
This patch adds support for new config option ipa_backup_server. The
description of this option's functionality is included in man page in
one of previous patches.
|
|
|
|
|
|
| |
This patch adds support for new config options krb5_backup_server and
krb5_backup_kpasswd. The description of this option's functionality
is included in man page in one of previous patches.
|
|
|
|
|
|
| |
This patch adds support for new config option ldap_backup_uri. The
description of this option's functionality is included in man page in
previous patch.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1368
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Adds some option that allows to manually configure a host filter.
ldap_sudo_use_host_filter - if false, we will download all rules regardless their sudoHost attribute
ldap_sudo_hostnames - list hostnames and/or fqdn that should be downloaded, separated with spaces
ldap_sudo_ip - list of IPv4/6 address and/or network that should be downloaded, separated with spaces
ldap_sudo_include_netgroups - include rules that contains netgroup in sudoHost
ldap_sudo_include_regexp - include rules that contains regular expression in sudoHost
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
The query is performed only if there is missing information in the
cache. That means this should be done only once after restart when cache
doesn't exist. All subsequent requests for subdomains won't include the
request for master domain.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Adds the new service map options to the SSSDConfig API and the
manpages.
|
|
|
|
| |
Fixes https://fedorahosted.org/sssd/ticket/967
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1110
Adds new configuration options:
- ldap_sudo_refresh_enabled - enable/disable periodical updates
- ldap_sudo_refresh_timeout - rules timeout (refresh period)
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1036
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1075
|
|
|
|
|
| |
don't fetch all host groups if this option is false
https://fedorahosted.org/sssd/ticket/1078
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/957
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/957
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/978
|
| |
|
|
|
|
|
|
| |
By default, we will treat the presence of any DENY rule as denying
all users. This option will allow the admin to explicitly ignore
DENY rules during a transitional period.
|
|
|
|
|
| |
This option describes the time between refreshes of the HBAC rules
on the IPA server.
|
|
|
|
|
|
|
|
| |
Instead of issuing N LDAP requests when processing a group with N users,
utilize the dereference functionality to pull down all the members in a
single LDAP request.
https://fedorahosted.org/sssd/ticket/799
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
These changes are all related to following ticket:
https://fedorahosted.org/sssd/ticket/763
Changes in SSSDConfig.py merge old and new domain record instead of just
deleting the old and inserting the new one. The old approach let to loss
of some information like comments and blank lines in the config file.
Changes in API config were performed so our Python scripts (like
sss_obfuscate) don't add extra config options to the config file.
|