| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't crash if we get a multivalued name without an origDN
Coverity 10740 and 10739
Don't crash on error if _name parameter unspecified
Coverity 10738
Check result of talloc_strdup() properly
Coverity 10737
|
|
|
|
|
|
| |
This routine will replace the use of sysdb_attrs_to_list() for any
case where we're trying to get the name of the entry. It's a
necessary precaution in case the name is multi-valued.
|
|
|
|
|
|
|
|
|
|
| |
Add originalDN to fake groups
Use fake groups during IPA schema initgroups
https://fedorahosted.org/sssd/ticket/822
Use sysdb_attrs_primary_name() in sdap_initgr_nested_store_group
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create sysdb_get_rdn() function
This function takes a DN formatted string and returns the RDN
value from it.
Add sysdb_attrs_primary_name()
This function will check a sysdb_attrs struct for the primary name
of the entity it represents. If there are multiple entries, it
will pick the one that matches the RDN. If none match, it will
throw an error.
Ignore aliases for users
Users in ldap with multiple values for their username attribute
will now be compared against the RDN of the entry to determine the
"primary" username. We will save only this primary name to the ldb
cache.
RFC2307: Ignore aliases for groups
Groups in ldap with multiple values for their groupname attribute
will now be compared against the RDN of the entry to determine the
"primary" group name. We will save only this primary group name
to the ldb cache.
RFC2307bis: Ignore aliases for groups
Groups in ldap with multiple values for their groupname attribute
will now be compared against the RDN of the entry to determine the
"primary" group name. We will save only this primary group name to
the ldb cache.
|
| |
|
|
|
|
|
|
|
|
| |
Sometimes, a value in LDAP will cease to exist (the classic
example being shadowExpire). We need to make sure we purge that
value from SSSD's sysdb as well.
https://fedorahosted.org/sssd/ticket/750
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/775
|
|
|
|
|
| |
Libldb performs non-indexed searches for ONELEVEL requests. We'll
use SUBTREE instead to reduce the performance hit substantially
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/670
|
|
|
|
| |
Includes a unit test
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Previously, it assumed that all members were users. This changes
the interface so that either a user or a group can be specified.
Also, it eliminates the need for a memory context to be passed,
since the internal memory should be self-contained.
|
| |
|
|
|
|
| |
Useful for optimizing the initgroups operation.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
We were accidentally returning an error when sysdb_getpwnam()
returned zero results internally in sysdb_initgroups(). The
correct behavior here is to return EOK and a result object with
zero entries.
|
| |
|
|
|
|
| |
Use a #define instead of hardcoded string
|
|
|
|
|
|
| |
Three assignments deleted, two return code inspection added.
Also found and fixed one critical bug caused by dead assignment.
Ticket: #590
|
|
|
|
|
|
| |
A refactoring patch that creates a common util/crypto subdir with
per-implementation subdirectories for each underlying crypto library
supported by SSSD.
|
|
|
|
|
|
|
|
| |
This function will take a user, a list of groups that this user
should be added to and a list of groups the user should be removed
from and will recursively call sysdb_[add|remove]_group_member
Includes a unit test
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This option (applicable to access_provider=ldap) allows the admin
to set an additional LDAP search filter that must match in order
for a user to be granted access to the system.
Common examples for this would be limiting access to users by in a
particular group, for example:
ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
|
|
|
|
|
|
|
| |
If the configuration option krb5_store_password_if_offline is set to
true and the backend is offline the plain text user password is stored
and used to request a TGT if the backend becomes online. If available
the Linux kernel key retention service is used.
|
|
|
|
| |
This commit completes the migration to a synchronous sysdb
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Only functions that do multiple operations need explicit transactions
as ldb_add/ldb_modify/ldb_delete already start transactions automatically
intenrally.
|