| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
ad_id.c and ad_access.c used the same block of code. With the upcoming
option to disable GC lookups, we should unify the code in a function to
avoid breaking one of the code paths.
The same applies for the LDAP connection to the trusted AD DC.
Includes a unit test.
|
| | |
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2082
Adds a new option that allows the admin to specify a LDAP access filter
that can be applied globally, per-domain or per-forest.
|
| |
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2082
In order to allow the ad_access_filter option to work for subdomain
users as well, the Global Catalog must be searched. This patch adds a
wrapper request atop sdap_access_send that selects the right connection
(GC or LDAP) and optionally falls back to LDAP.
|
| |
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2082
Also move the check for subdomain to the handler. I think it is the job
of the handler to decide which domain the request belongs to, not the
request itself.
|
| |
|
|
|
|
| |
new_subdomain() will create a new domain object and should not be used
anymore in the priovder code directly. Instead a reference to the domain
from the common domain object should be used.
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1953
|
| |
|
|
| |
Also simplify sdap_access_send to avoid completely fake _send() routines.
|
| | |
|
| |
|
|
| |
In preparation for making struct be_req opaque.
|
| |
|
|
| |
In preparation for making be_req opaque
|
| |
|
|
|
| |
Call it everywhere instead of directly dereferencing be_req->fn
This is in preparation of making be_req opaque.
|
| | |
|
| |
|
|
| |
The sysdb context is already available through the 'domain' context.
|
|
|
This patch adds support for checking whether a user is expired or
disabled in AD.
|
