| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Validation of xml files failed with new version of libxml2 (CVE-2014-0191)
make[2]: Entering directory `/builddir/build/BUILD/sssd-1.9.2/src/man'
/usr/bin/xmllint --catalogs --postvalid --nonet --xinclude --noout sss_usermod.8.xml
sss_usermod.8.xml:4: element reference: validity error : No declaration for element reference
sss_usermod.8.xml:5: element title: validity error : No declaration for element title
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Introduces a new option called user_attributes that allows to specify
which user attributes are allowed to be queried from the IFP responder.
By default only the default POSIX set is allowed, this option allows to
either add other attributes (+attrname) or remove them from the default
set (-attrname).
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
Similar to the PAC responder, the InfoPipe uses a list of UIDs that are
allowed to communicate with the IFP responder.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2073
This commit adds a new option ldap_user_extra_attrs that is unset by
default. When set, the option contains a list of LDAP attributes the LDAP
provider would download and store in addition to the usual set.
The list can either contain LDAP attribute names only, or colon-separated
tuples of LDAP attribute and SSSD cache attribute name. In case only LDAP
attribute name is specified, the attribute is saved to the cache verbatim.
Using a custom SSSD attribute name might be required by environments that
configure several SSSD domains with different LDAP schemas.
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2072
This commit only adds the responder and the needed plumbing. No DBus
related code is in yet.
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1451
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
| |
From krb5ccache_dir to krb5_ccachedir
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2232
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Some options are relevant to multiple sections of sssd.conf. This patch adds
new sections for those.
Resolves:
https://fedorahosted.org/sssd/ticket/2218
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
| |
It should be noted that disabling GC does *not* disable lookups from
trusted domains. Disabling GC might be a a good way for admins who wish
to use POSIX attributes in trusted domains and the man page should hint
this option.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the sudo target to the AD provider. The main reason is
to cover different default settings in the LDAP and AD provider. E.g.
the default for ldap_id_mapping is True in the AD provider and False
in the LDAP provider. If ldap_id_mapping was not set explicitly in the
config file both components worked with different setting.
Fixes https://fedorahosted.org/sssd/ticket/2256
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2252
Currently SSSD chokes when IDs of users change, we don't support ID
changes yet. Because some users were confused about the failures, this
patch adds additional clarification.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2235
The memberof example was misleading and was making aministrators think
that the ldap_access_filter can resolve nested group memberships.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
|
|
|
|
|
| |
po/de.po -> src/man/po/de.po
Resolves:
https://fedorahosted.org/sssd/ticket/2225
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2169
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
SSSD now defaults to using GC by default. For some environments, for
instance those that don't or can't replicate the POSIX attributes to
Global Catalog, this might not be desirable.
This patch introduces a new option ad_enable_gc, that is enabled by
default. Setting this option to false makes the SSSD contact only the
LDAP port of AD DCs.
|
| |
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2154
|
| |
|
| |
|
|
|
|
|
|
|
| |
Added and documented option offline_timeout.
Resolves:
https://fedorahosted.org/sssd/ticket/1718
|
| |
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2082
Adds a new option that allows the admin to specify a LDAP access filter
that can be applied globally, per-domain or per-forest.
|
|
|
|
|
|
|
| |
This patch just adds the option, it doesn't do anything useful yet.
Related:
https://fedorahosted.org/sssd/ticket/2082
|
|
|
|
|
|
| |
The refsect id was copied from sssd.conf(5) and was wrong. Fixing the
refsect might help us if we ever generate other formats from XML and
certainly wouldn't hurt.
|
|
|
|
|
|
| |
Many lines in debug_levels.xml violated our line-length conventsions.
This patch provides no functional changes, it simply brings those lines
into compliance.
|
|
|
|
|
|
|
| |
Originally, we planned to deprecate the decimal values for the debug
levels, but that has proven to be too difficult for most users to
understand. Instead, we will document both the simple decimal and
complex bitmask values and recommend the use of the decimal values.
|
|
|
|
|
|
| |
Currently the AD provider relies on the presence of the POSIX attributes
in the Global Catalog. This patch mentiones the fact in the sssd-ad(5)
manual page.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2091
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2085
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
This option got already deprecated on the ipa server side.
Option is undocumented and warning is printed both to the sssd log files
and syslog.
Resolves:
https://fedorahosted.org/sssd/ticket/1918
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1187
|
|
|
|
|
| |
Replace incorrect reference to "sssd-krb5.conf" manpage with the correct
"sssd-krb5" in sssd_krb5_locator_plugin man page source.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to use the same defaults in all system daemons that needs to know how
to generate or search for ccaches we introduce ode here to take advantage of
the new option called default_ccache_name provided by libkrb5.
If set this variable we establish the same default for all programs that surce
it out of krb5.conf therefore providing a consistent experience across the
system.
Related:
https://fedorahosted.org/sssd/ticket/2036
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2036
|