path: root/src/providers/ad/ad_common.c
Commit message (Collapse)AuthorAgeFilesLines
* AD: initialize failover with custom realm, domain and failover serviceJakub Hrozek2013-06-281-26/+32
| | | | | | | | | | This is needed so we can initialize failover using IPA realm and on-the-fly discovered DNS domain. The subdomains discovered on-thefly will use the subdomain name for realm, domain and failover service to avoid conflicts. Subtaks of:
* AD: decouple ad_id_ctx initializationJakub Hrozek2013-06-281-81/+269
| | | | | | | | | The IPA subdomain code will perform lookups on its own in the server mode. For this, the AD provider must offer a way to initialize the ad_id_ctx for external consumers. Subtask of:
* AD: kinit with the local DC even when talking to a GCJakub Hrozek2013-06-261-3/+19
| | | | | | | | We tried to use the GC address even for kinit which gave us errors like: "Realm not local to KDC while getting initial credentials". This patch adds a new AD_GC service that is only used for ID lookups, any sort of Kerberos operations are done against the local servers.
* AD: Fix segfault in DEBUG messageJakub Hrozek2013-06-141-1/+1
* A new option krb5_use_kdcinfoJakub Hrozek2013-06-101-14/+25
| | | | | | | | | | The patch introduces a new Kerberos provider option called krb5_use_kdcinfo. The option is true by default in all providers. When set to false, the SSSD will not create krb5 info files that the locator plugin consumes and the user would have to set up the Kerberos options manually in krb5.conf
* AD: Add additional service to support Global Catalog lookupsJakub Hrozek2013-06-071-28/+162
| | | | | | | | | | | | When fixed host names of AD servers are configured in the config file, we can't know (unlike when service discovery is at play) if the servers are Global Catalogs or not. This patch adds a private data to servers read from the config file that denote whether the server can be tried for contacting the Global Catalog port or just LDAP. The GC or LDAP URIs are generated based on contents of this private data structure. Because SSSD sticks to a working server, we don't have to disable or remove the faulty GC servers from the list.
* LDAP: new SDAP domain structureJakub Hrozek2013-06-071-5/+12
| | | | | | | | | | | Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain.
* Do not obfuscate calls with booleansJakub Hrozek2013-06-071-7/+21
| | | | | | Instead of using boolean variables to denote whether the call is adding a primary or a secondary server, use a function wrapper that tells what it's doing by its name.
* Fix dyndns timer initializationJakub Hrozek2013-05-271-2/+2
| | | | | | | The dyndns init function was starting the timer even if the updates were set to False. This patch splits the init of dynamic updates and the timer into two functions so that the back end can start the updates separately from reading the options.
* Active Directory dynamic DNS updatesJakub Hrozek2013-05-031-0/+18
| | | | | | | | Implements dynamic DNS updates for the AD provider. By default, the updates also update the reverse zone and run periodically every 24 hours.
* failover: Protect against empty host namesMichal Zidek2013-01-021-1/+1
| | | | | | | | | | Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation.
* LDAP: Provide a common sdap_set_sasl_options init functionJakub Hrozek2012-11-191-44/+8
| | | | | The AD and IPA initialization functions shared the same code. This patch moves the code into a common initialization function.
* Failover: use _srv_ when no primary server is definedPavel Březina2012-09-171-12/+3
| | | |
* Fix: IPv6 address with square brackets doesn't work.Michal Zidek2012-08-231-0/+7
| | | |
* Typo in debug message (SSSd -> SSSD).Michal Zidek2012-08-231-1/+1
| | | |
* Consolidation of functions that make realm upper-caseOndrej Kos2012-08-231-6/+1
* Duplicate detection in fail over did not work.Michal Zidek2012-08-151-1/+6
| | | |
* SRV resolution for backup servers should not be permitted.Michal Zidek2012-08-091-1/+9
| | | |
* Primary server support: AD adaptationJan Zeleny2012-08-011-33/+74
| | | | | | This patch adds support for the primary server functionality into AD provider. No backup servers are added at the moment, just the basic support is in place.
* AD: Force case-insensitive operation in AD providerStephen Gallagher2012-07-061-0/+18
* AD: use krb5_keytab for validation and GSSAPIStephen Gallagher2012-07-061-3/+10
| | | | | | This simplifies configuration by eliminating the need to specifiy both krb5_keytab and ldap_krb5_keytab if the keytab is not located at /etc/krb5.keytab
* AD: Add AD auth and chpass providersStephen Gallagher2012-07-061-0/+64
| | | | | | These new providers take advantage of existing code for the KRB5 provider, providing sensible defaults for operating against an Active Directory 2008 R2 or later server.
* AD: Add AD identity providerStephen Gallagher2012-07-061-0/+600
This new identity provider takes advantage of existing code for the LDAP provider, but provides sensible defaults for operating against an Active Directory 2008 R2 or later server.