sssd.git - sssd with jhrozek's patches

	Commit message (Collapse)	Author	Age	Files	Lines
*	Fix allocation check in the AD provider	Jakub Hrozek	2013-06-11	1	-1/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1976
*	providers: refresh expired netgroups	Pavel Březina	2013-06-10	1	-0/+10
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1713
*	AD: Add additional service to support Global Catalog lookups	Jakub Hrozek	2013-06-07	1	-5/+11
\| \| \| \| \| \| \| \| \| \| \| \|	When fixed host names of AD servers are configured in the config file, we can't know (unlike when service discovery is at play) if the servers are Global Catalogs or not. This patch adds a private data to servers read from the config file that denote whether the server can be tried for contacting the Global Catalog port or just LDAP. The GC or LDAP URIs are generated based on contents of this private data structure. Because SSSD sticks to a working server, we don't have to disable or remove the faulty GC servers from the list.
*	LDAP: sdap_id_ctx might contain several connections	Jakub Hrozek	2013-06-07	1	-26/+21
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	With some LDAP server implementations, one server might provide different "views" of the identites on different ports. One example is the Active Directory Global catalog. The provider would contact different view depending on which operation it is performing and against which SSSD domain. At the same time, these views run on the same server, which means the same server options, enumeration, cleanup or Kerberos service should be used. So instead of using several different failover ports or several instances of sdap_id_ctx, this patch introduces a new "struct sdap_id_conn_ctx" that contains the connection cache to the particular view and an instance of "struct sdap_options" that contains the URI. No functional changes are present in this patch, currently all providers use a single connection. Multiple connections will be used later in the upcoming patches.
*	Remove unneeded parameter of setup_child and namespace it	Jakub Hrozek	2013-05-20	1	-1/+1
\| \| \| \| \|	setup_child() was accepting a parameter it didn't use. Also the function name was too generic, so I added a sdap prefix.
*	AD: read flat name and SID of the AD domain	Sumit Bose	2013-05-07	1	-0/+31
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	For various features either the flat/short/NetBIOS domain name or the domain SID is needed. Since the responders already try to do a subdomain lookup when and known domain name is encountered I added a subdomain lookup to the AD provider which currently only reads the SID from the base DN and the NetBIOS name from a reply of a LDAP ping. The results are written to the cache to have them available even if SSSD is started in offline mode. Looking up trusted domains can be added later. Since all the needed responder code is already available from the corresponding work for the IPA provider this patch fixes https://fedorahosted.org/sssd/ticket/1468
*	AD: Always initialize ID mapping	Jakub Hrozek	2013-05-03	1	-5/+3
\| \| \| \| \| \|	Because we now always store SIDs in the LDAP provider, we also need to always initialize the ID mapping context even if ID mapping itself is off.
*	Active Directory dynamic DNS updates	Jakub Hrozek	2013-05-03	1	-0/+8
\| \| \| \| \| \| \| \|	https://fedorahosted.org/sssd/ticket/1504 Implements dynamic DNS updates for the AD provider. By default, the updates also update the reverse zone and run periodically every 24 hours.
*	DNS sites support - add AD SRV plugin	Pavel Březina	2013-05-02	1	-5/+25
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1032
*	DNS sites support - use SRV DNS lookup plugin in all providers	Pavel Březina	2013-04-10	1	-0/+10
\| \| \| \| \| \| \| \| \| \| \| \| \|	https://fedorahosted.org/sssd/ticket/1032 We set a plugin during an initialization of ID provider, which is an authoritative provider for a plugin choice. The plugin is set only once. When other provider is initalized (e.g. id = IPA, sudo = LDAP), we do not overwrite the plugin. Since sssm_*_id_init() is called from all module constructors, this patch relies on the fact, that ID provider is initialized before all other providers.
*	AD context was set to null due to type mismatch	Ondrej Kos	2012-08-23	1	-1/+1
\|
*	Primary server support: new option in AD provider	Jan Zeleny	2012-08-01	1	-1/+3
\| \| \| \| \| \|	This patch adds support for new config option ad_backup_server. The description of this option's functionality is included in man page in one of previous patches.
*	Primary server support: AD adaptation	Jan Zeleny	2012-08-01	1	-1/+1
\| \| \| \| \| \|	This patch adds support for the primary server functionality into AD provider. No backup servers are added at the moment, just the basic support is in place.
*	AD: Add AD access-control provider	Stephen Gallagher	2012-07-06	1	-0/+56
\| \| \| \| \|	This patch adds support for checking whether a user is expired or disabled in AD.
*	AD: Add AD auth and chpass providers	Stephen Gallagher	2012-07-06	1	-0/+85
\| \| \| \| \| \|	These new providers take advantage of existing code for the KRB5 provider, providing sensible defaults for operating against an Active Directory 2008 R2 or later server.
*	AD: Add AD identity provider	Stephen Gallagher	2012-07-06	1	-0/+184
	This new identity provider takes advantage of existing code for the LDAP provider, but provides sensible defaults for operating against an Active Directory 2008 R2 or later server.