| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1713
Add new option refresh_expired_interval.
|
|
|
|
|
|
|
| |
Partially solves ticket: https://fedorahosted.org/sssd/ticket/1966
To avoid the problem mentioned in the ticket above, option
dns_discovery_domain must be set properly
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2005
Some users were confused by our description of min_id/max_id and thought
the limits only applied to returning entries from the NSS responder.
However, the limits are actually enforced on the back end side, so the
entries are not even saved to cache.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1376
|
|
|
|
|
|
|
|
|
| |
This commit adds new option ldap_disable_range_retrieval with default value
FALSE. If this option is enabled, large groups(>1500) will not be retrieved and
behaviour will be similar like was before commit ae8d047122c
"LDAP: Handle very large Active Directory groups"
https://fedorahosted.org/sssd/ticket/1823
|
|
|
|
|
|
| |
This patch added auto configuration SUDO with ipa provider and compat tree.
https://fedorahosted.org/sssd/ticket/1733
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1841
|
|
|
|
|
|
|
|
|
|
|
| |
Add option to fallback to fetch local users if rfc2307is being used.
This is useful for cases where people added local users as LDAP members
and rely on these group memberships to be maintained on the local host.
Disabled by default as it violates identity domain separation.
Ticket:
https://fedorahosted.org/sssd/ticket/1020
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1737
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1805
|
| |
|
|
|
|
|
|
| |
intensive
https://fedorahosted.org/sssd/ticket/1732
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1679
The problem is when we are about to reset the server status, we don't
get through the timeout (30 seconds) because the "switch to primary
server" task is scheduled 30 seconds after fall back to a backup
server. Thus the server status remains "not working" and is resetted
after another 30 seconds.
We need to make sure that the server status is tried after the
timeout period. retry_timeout is currently hardcoded to 30, thus
the change in man page.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1710
|
|
|
|
|
|
| |
expression
https://fedorahosted.org/sssd/ticket/1690
|
| |
|
| |
|
| |
|
|
|
|
| |
The option was completely undocumented.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To make configuration easier the IPA subdomain provider should be always
loaded if the IPA ID provider is configured and the subdomain provider
is not explicitly disabled. But to avoid the overhead of regular
subdomain requests in setups where no subdomains are used the IPA
subdomain provider should behave differently if configured explicit or
implicit.
If the IPA subdomain provider is configured explicitly, i.e.
'subdomains_provider = ipa' can be found in the domain section of
sssd.conf subdomain request are always send to the server if needed.
If it is configured implicitly and a request to the server fails
with an indication that the server currently does not support subdomains
at all, e.g. is not configured to handle trust relationships, a new
request will be only send to the server after a long timeout or after
a going-online event.
To be able to make this distinction this patch save the configuration
status to the subdomain context.
Fixes https://fedorahosted.org/sssd/ticket/1613
|
|
|
|
|
|
|
|
| |
Since the PAC responder is used during the authentication of users from
trusted realms it is started automatically if the IPA ID provider is
configured for a domain to simplify the configuration.
Fixes https://fedorahosted.org/sssd/ticket/1613
|
| |
|
|
|
|
|
| |
Admins should be aware of the behavior of simple access provider when
empty lists are configured (may be result of scripted filing)
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1583
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1499
Adds log message about not finding appropriate entry in keytab and using
the last keytab entry when validation is enabled.
Adds more information about validation into manpage.
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1563
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1540
|
| |
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1537
changes upper limit of slices to 2000200000 in providers code and
manpage.
|
|
|
|
|
|
| |
base.
https://fedorahosted.org/sssd/ticket/1471
|
|
|
|
|
|
|
|
| |
sss_seed fails if password file specified with -p or
--password-file option contains password longer than
PASS_MAX.
Man pages inform about PASS_MAX limitation.
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1535
|
|
|
|
| |
Fixes: https://fedorahosted.org/sssd/ticket/1525
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1541
|
|
|
|
|
|
|
| |
POPT_AUTOHELP generates -? and --help options and not -h to
display help message.
https://fedorahosted.org/sssd/ticket/1546
|
|
|
|
|
|
| |
Add the option to the manual page and the configAPI
https://fedorahosted.org/sssd/ticket/1494
|
| |
|
|
|
|
|
|
| |
fixes https://fedorahosted.org/sssd/ticket/1483
ldap schemes now displayed as bullet list
|
| |
|