| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1976
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1713
|
|
|
|
|
|
|
|
|
|
|
|
| |
When fixed host names of AD servers are configured in the config file,
we can't know (unlike when service discovery is at play) if the servers
are Global Catalogs or not. This patch adds a private data to servers
read from the config file that denote whether the server can be tried
for contacting the Global Catalog port or just LDAP. The GC or LDAP URIs
are generated based on contents of this private data structure.
Because SSSD sticks to a working server, we don't have to disable or
remove the faulty GC servers from the list.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With some LDAP server implementations, one server might provide
different "views" of the identites on different ports. One example is
the Active Directory Global catalog. The provider would contact
different view depending on which operation it is performing and against
which SSSD domain.
At the same time, these views run on the same server, which means the same
server options, enumeration, cleanup or Kerberos service should be used.
So instead of using several different failover ports or several
instances of sdap_id_ctx, this patch introduces a new "struct
sdap_id_conn_ctx" that contains the connection cache to the particular
view and an instance of "struct sdap_options" that contains the URI.
No functional changes are present in this patch, currently all providers
use a single connection. Multiple connections will be used later in the
upcoming patches.
|
|
|
|
|
| |
setup_child() was accepting a parameter it didn't use. Also the function
name was too generic, so I added a sdap prefix.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For various features either the flat/short/NetBIOS domain name or the
domain SID is needed. Since the responders already try to do a subdomain
lookup when and known domain name is encountered I added a subdomain
lookup to the AD provider which currently only reads the SID from the
base DN and the NetBIOS name from a reply of a LDAP ping. The results
are written to the cache to have them available even if SSSD is started
in offline mode. Looking up trusted domains can be added later.
Since all the needed responder code is already available from the
corresponding work for the IPA provider this patch fixes
https://fedorahosted.org/sssd/ticket/1468
|
|
|
|
|
|
| |
Because we now always store SIDs in the LDAP provider, we also need to
always initialize the ID mapping context even if ID mapping itself is
off.
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1504
Implements dynamic DNS updates for the AD provider. By default, the
updates also update the reverse zone and run periodically every 24
hours.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1032
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1032
We set a plugin during an initialization of ID provider, which
is an authoritative provider for a plugin choice. The plugin is
set only once. When other provider is initalized (e.g. id = IPA,
sudo = LDAP), we do not overwrite the plugin.
Since sssm_*_id_init() is called from all module constructors,
this patch relies on the fact, that ID provider is initialized
before all other providers.
|
| |
|
|
|
|
|
|
| |
This patch adds support for new config option ad_backup_server. The
description of this option's functionality is included in man page in
one of previous patches.
|
|
|
|
|
|
| |
This patch adds support for the primary server functionality into AD
provider. No backup servers are added at the moment, just the basic
support is in place.
|
|
|
|
|
| |
This patch adds support for checking whether a user is expired or
disabled in AD.
|
|
|
|
|
|
| |
These new providers take advantage of existing code for the KRB5
provider, providing sensible defaults for operating against an
Active Directory 2008 R2 or later server.
|
|
This new identity provider takes advantage of existing code for
the LDAP provider, but provides sensible defaults for operating
against an Active Directory 2008 R2 or later server.
|