summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa/ipa_common.c
Commit message (Collapse)AuthorAgeFilesLines
* Make LDAP extra attributes available to IPA and ADSumit Bose2014-06-031-5/+6
| | | | | | | https://fedorahosted.org/sssd/ticket/2073 Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* LDAP: Make it possible to extend an attribute mapJakub Hrozek2014-06-031-0/+9
| | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2073 This commit adds a new option ldap_user_extra_attrs that is unset by default. When set, the option contains a list of LDAP attributes the LDAP provider would download and store in addition to the usual set. The list can either contain LDAP attribute names only, or colon-separated tuples of LDAP attribute and SSSD cache attribute name. In case only LDAP attribute name is specified, the attribute is saved to the cache verbatim. Using a custom SSSD attribute name might be required by environments that configure several SSSD domains with different LDAP schemas. Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* Update DEBUG* invocations to use new levelsNikolai Kondrashov2014-05-021-29/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use a script (identical to commit 83bf46f4066e3d5e838a32357c201de9bd6ecdfd) to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done
* Make DEBUG macro invocations variadicNikolai Kondrashov2014-05-021-93/+93
| | | | | | | | | | | | | | | | | | | | | | | | | Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code (identical to commit a3c8390d19593b1e5277d95bfb4ab206d4785150): grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* IPA: default krb5_fast_principal to host/$client@$realmPavel Březina2014-02-171-3/+5
| | | | | | | | | If krb5_fast_principal is not set in sssd.conf it was set to host/$client, KRB5 default realm was used which doesn't have to be the same as realm used for IPA, thus authentication failed when using FAST. Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com> (cherry picked from commit e325cabe762fad7d696e014a7fdbb47a5cb8174a)
* IPA: Default to krb5_use_fast=tryJakub Hrozek2014-02-131-0/+27
| | | | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com> Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
* A new option krb5_use_kdcinfoJakub Hrozek2013-06-101-12/+23
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/1883 The patch introduces a new Kerberos provider option called krb5_use_kdcinfo. The option is true by default in all providers. When set to false, the SSSD will not create krb5 info files that the locator plugin consumes and the user would have to set up the Kerberos options manually in krb5.conf
* LDAP: new SDAP domain structureJakub Hrozek2013-06-071-7/+14
| | | | | | | | | | | Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain.
* Do not obfuscate calls with booleansJakub Hrozek2013-06-071-7/+21
| | | | | | Instead of using boolean variables to denote whether the call is adding a primary or a secondary server, use a function wrapper that tells what it's doing by its name.
* Fix dyndns timer initializationJakub Hrozek2013-05-271-2/+1
| | | | | | | The dyndns init function was starting the timer even if the updates were set to False. This patch splits the init of dynamic updates and the timer into two functions so that the back end can start the updates separately from reading the options.
* dyndns: new option dyndns_refresh_intervalJakub Hrozek2013-05-031-1/+3
| | | | | | | This new options adds the possibility of updating the DNS entries periodically regardless if they have changed or not. This feature will be useful mainly in AD environments where the Windows clients periodically update their DNS records.
* Convert IPA-specific options to be back-end agnosticJakub Hrozek2013-05-031-0/+96
| | | | | | This patch introduces new options for dynamic DNS updates that are not specific to any back end. The current ipa dyndns options are still usable, just with a deprecation warning.
* failover: Protect against empty host namesMichal Zidek2013-01-021-1/+1
| | | | | | | | | | Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484
* fix SIGSEGV in IPA provider when ldap_sasl_authid is not setPavel Březina2012-11-201-1/+1
| | | | | | | | https://fedorahosted.org/sssd/ticket/1657 IPA_HOSTNAME is not stored in ipa_opts->id options so it the option was always NULL here. This caused SIGSEGV when accessed by strchr() in subsequent function.
* LDAP: Provide a common sdap_set_sasl_options init functionJakub Hrozek2012-11-191-47/+8
| | | | | The AD and IPA initialization functions shared the same code. This patch moves the code into a common initialization function.
* Failover: use _srv_ when no primary server is definedPavel Březina2012-09-171-10/+3
| | | | https://fedorahosted.org/sssd/ticket/1521
* Fix: IPv6 address with square brackets doesn't work.Michal Zidek2012-08-231-0/+7
| | | | https://fedorahosted.org/sssd/ticket/1365
* Consolidation of functions that make realm upper-caseOndrej Kos2012-08-231-8/+2
|
* Duplicate detection in fail over did not work.Michal Zidek2012-08-151-1/+6
| | | | https://fedorahosted.org/sssd/ticket/1472
* SRV resolution for backup servers should not be permitted.Michal Zidek2012-08-091-1/+9
| | | | https://fedorahosted.org/sssd/ticket/1463
* Primary server support: IPA adaptationJan Zeleny2012-08-011-33/+74
| | | | | | This patch adds support for the primary server functionality into IPA provider. No backup servers are added at the moment, just the basic support is in place.
* Primary server support: basic support in failover codeJan Zeleny2012-08-011-1/+1
| | | | | | | | Now there are two list of servers for each service. If currently selected server is only backup, then an event will be scheduled which tries to get connection to one of primary servers and if it succeeds, it starts using this server instead of the one which is currently connected to.
* KRB5: Drop memctx parameter of krb5_try_kdcipStephen Gallagher2012-07-061-1/+1
| | | | | | | | | | | | | | | | This function is not supposed to return any newly-allocated memory directly. It was actually leaking the memory for krb5_servers if krb5_kdcip was being used, though it was undetectable because it was allocated on the provided memctx. This patch removes the memctx parameter and allocates krb5_servers temporarily on NULL and ensures that it is freed on all exit conditions. It is not necessary to retain this memory, as dp_opt_set_string() performs a talloc_strdup onto the appropriate context internally. It also updates the DEBUG messages for this function to the appropriate new macro levels.
* Add support for ID rangesSumit Bose2012-06-211-0/+26
|
* IPA subdomains - ask for information about master domainJan Zeleny2012-06-101-0/+26
| | | | | | | The query is performed only if there is missing information in the cache. That means this should be done only once after restart when cache doesn't exist. All subsequent requests for subdomains won't include the request for master domain.
* IPA: Check return valuesJakub Hrozek2012-05-031-2/+6
|
* IPA: Add get-domains targetSumit Bose2012-04-241-0/+26
|
* Remove old compatibility testsStephen Gallagher2012-03-281-16/+0
| | | | | | | These are now replaced by the more accurate tests. This patch also drops the runtime option-count check, since we are always performing the more complete check at build-time.
* Put dp_option maps in their own fileStephen Gallagher2012-03-281-215/+1
| | | | There is no functional change due to this patch.
* IPA: Check nsAccountLock during PAM_ACCT_MGMTStephen Gallagher2012-03-091-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1227
* IPA: Set the DNS discovery domain to match ipa_domainStephen Gallagher2012-03-011-1/+3
| | | | https://fedorahosted.org/sssd/ticket/1217
* IPA hosts refactoringJan Zeleny2012-02-241-16/+36
|
* IPA: Add ipa_parse_search_base()Stephen Gallagher2012-02-231-9/+44
| | | | | | | | | | Previously, we were using sdap_parse_search_base() for setting up the search_base objects for use in IPA. However, this was generating unfriendly log messages about unknown search base types. This patch creates a new common_parse_search_base() routine that can be used with either LDAP or IPA providers. https://fedorahosted.org/sssd/ticket/1151
* AUTOFS: IPA providerJakub Hrozek2012-02-071-25/+91
|
* IPA: Add host info handlerJan Cholasta2012-02-071-0/+1
|
* LDAP: Add support for SSH user public keysJan Cholasta2012-02-071-1/+2
|
* Update shadowLastChanged attribute during LDAP password changeJan Zeleny2012-02-061-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1019
* Session target in IPA providerJan Zeleny2012-02-061-0/+47
|
* Renamed some sysdb constants for their wider usageJan Zeleny2012-02-061-2/+2
|
* Implemented support for multiple search bases in HBAC rules and servicesJan Zeleny2012-02-061-1/+24
|
* AUTOFS: LDAP providerJakub Hrozek2012-02-051-0/+25
|
* NSS: Add individual timeouts for entry typesStephen Gallagher2012-02-041-1/+0
| | | | https://fedorahosted.org/sssd/ticket/1016
* Fixed wrong position of ldap_service_search_baseJan Zeleny2012-02-011-1/+1
| | | | | | The wrong position in configuration directive array caused problems in IPA provider, which tried to fetch another value instead of the services lookup base.
* IPA: Add support for services lookups (non-enum)Stephen Gallagher2012-01-311-0/+38
|
* LDAP: Add option to disable paging controlStephen Gallagher2012-01-181-1/+2
| | | | Fixes https://fedorahosted.org/sssd/ticket/967
* SUDO Integration - periodical update of rules in data providerPavel Březina2012-01-171-0/+2
| | | | | | | | https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
* SUDO Integration review issuesPavel Březina2012-01-171-2/+2
|
* SUDO Integration - LDAP configuration optionsPavel Březina2011-12-161-0/+39
|
* Add sdap_connection_expire_timeout optionStephen Gallagher2011-12-121-1/+2
| | | | https://fedorahosted.org/sssd/ticket/1036
* Fixed IPA netgroup processingJan Zeleny2011-12-091-0/+1
| | | | | | | | In case IPA netgroup had indirect member hosts, they wouldn't be detected. This patch also modifies debug messages for easier debugging in the future.
generated by cgit (git 2.34.1) at 2024-06-02 05:05:25 +0000