sssd.git - sssd with jhrozek's patches

	Commit message (Collapse)	Author	Age	Files	Lines
*	AD/IPA: add krb5_confd_path configuration option	Sumit Bose	2014-11-25	1	-0/+1
\| \| \| \| \| \| \| \| \|	With this new parameter the directory where Kerberos configuration snippets are created can be specified. Fixes https://fedorahosted.org/sssd/ticket/2473 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
*	Views: apply user SSH public key override	Sumit Bose	2014-11-05	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \|	With this patch the SSH public key override attribute is read from the FreeIPA server and saved in the cache with the other override data. Since it is possible to have multiple public SSH keys this override value does not replace any other data but will be added to existing values. Fixes https://fedorahosted.org/sssd/ticket/2454 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
*	IPA: add view support and get view name	Sumit Bose	2014-10-16	1	-0/+29
\| \| \| \| \| \|	Related to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
*	IPA: refactor idmap code and add test	Sumit Bose	2014-02-26	1	-0/+10
\| \| \| \|	Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
*	IPA: Enable AD sites when in server mode	Jakub Hrozek	2013-08-28	1	-0/+1
\| \| \| \| \| \|	https://fedorahosted.org/sssd/ticket/1964 Currently the AD sites are enabled unconditionally
*	IPA: Look up AD users directly if IPA server mode is on	Jakub Hrozek	2013-06-28	1	-0/+1
\| \| \| \| \| \| \| \|	https://fedorahosted.org/sssd/ticket/1962 If the ipa_server_mode is selected IPA subdomain user and group lookups are not done with the help of the extdom plugin but directly against AD using the AD ID code.
*	IPA: Initialize server mode ctx if server mode is on	Jakub Hrozek	2013-06-28	1	-0/+5
\| \| \| \| \| \| \| \| \| \|	This patch introduces a new structure that holds information about a subdomain and its ad_id_ctx. This structure will be used only in server mode to make it possible to search subdomains with a particular ad_id_ctx. Subtask of: https://fedorahosted.org/sssd/ticket/1962
*	IPA: Add a server mode option	Jakub Hrozek	2013-06-28	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \|	https://fedorahosted.org/sssd/ticket/1993 SSSD needs to know that it is running on an IPA server and should not look up trusted users and groups with the help of the extdom plugin but do the lookups on its own. For this a new boolean configuration option, is introduced which defaults to false but is set to true during ipa-server-install or during updates of the FreeIPA server if it is not already set.
*	Add support for new ipaRangeType attribute	Sumit Bose	2013-06-28	1	-0/+4
\| \| \| \| \| \| \| \| \|	Recent versions of FreeIPA support a range type attribute to allow different type of ranges for sub/trusted-domains. If the attribute is available it will be used, if not the right value is determined with the help of the other idrange attributes. Fixes https://fedorahosted.org/sssd/ticket/1961
*	Add ipa_idmap_init()	Sumit Bose	2013-06-28	1	-0/+3
\| \| \| \| \| \|	Use the sdap_idmap context for the IPA provider as well. https://fedorahosted.org/sssd/ticket/1961
*	IPA: Do not download or store the member attribute of host groups	Jakub Hrozek	2013-06-24	1	-1/+0
\| \| \| \| \| \| \| \|	https://fedorahosted.org/sssd/ticket/1806 The IPA provider attempted to store the original value of member attribute to the cache. That caused the memberof plugin to process the values which was really CPU intensive.
*	Move domain_to_basedn outside IPA subtree	Jakub Hrozek	2013-06-07	1	-2/+0
\| \| \| \| \|	The utility function will be reused to guess search base from the base DN of AD trusted domains.
*	Convert IPA-specific options to be back-end agnostic	Jakub Hrozek	2013-05-03	1	-3/+4
\| \| \| \| \| \|	This patch introduces new options for dynamic DNS updates that are not specific to any back end. The current ipa dyndns options are still usable, just with a deprecation warning.
*	Refactor dynamic DNS updates	Jakub Hrozek	2013-05-03	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \|	Provides two new layers instead of the previous IPA specific layer: 1) dp_dyndns.c -- a very generic dyndns layer on the DP level. Its purpose it to make it possible for any back end to use dynamic DNS updates. 2) sdap_dyndns.c -- a wrapper around dp_dyndns.c that utilizes some LDAP-specific features like autodetecting the address from the LDAP connection. Also converts the dyndns code to new specific error codes.
*	SUDO: IPA provider	Lukas Slebodnik	2013-05-03	1	-0/+5
\| \| \| \| \| \|	This patch added auto configuration SUDO with ipa provider and compat tree. https://fedorahosted.org/sssd/ticket/1733
*	DNS sites support - add IPA SRV plugin	Pavel Březina	2013-04-10	1	-0/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1032
*	Make the SELinux refresh time configurable.	Michal Zidek	2013-03-19	1	-0/+1
\| \| \| \|	Option ipa_selinux_refresh is added to basic ipa options.
*	Make TTL configurable for dynamic dns updates	James Hogarth	2012-10-16	1	-0/+1
\|
*	Primary server support: new option in IPA provider	Jan Zeleny	2012-08-01	1	-0/+1
\| \| \| \| \| \|	This patch adds support for new config option ipa_backup_server. The description of this option's functionality is included in man page in one of previous patches.
*	Primary server support: IPA adaptation	Jan Zeleny	2012-08-01	1	-1/+2
\| \| \| \| \| \|	This patch adds support for the primary server functionality into IPA provider. No backup servers are added at the moment, just the basic support is in place.
*	Add support for ID ranges	Sumit Bose	2012-06-21	1	-0/+2
\|
*	IPA subdomains - ask for information about master domain	Jan Zeleny	2012-06-10	1	-0/+2
\| \| \| \| \| \| \|	The query is performed only if there is missing information in the cache. That means this should be done only once after restart when cache doesn't exist. All subsequent requests for subdomains won't include the request for master domain.
*	IPA: Add get-domains target	Sumit Bose	2012-04-24	1	-0/+2
\|
*	Remove old compatibility tests	Stephen Gallagher	2012-03-28	1	-15/+0
\| \| \| \| \| \| \|	These are now replaced by the more accurate tests. This patch also drops the runtime option-count check, since we are always performing the more complete check at build-time.
*	IPA hosts refactoring	Jan Zeleny	2012-02-24	1	-0/+17
\|
*	AUTOFS: IPA provider	Jakub Hrozek	2012-02-07	1	-0/+14
\|
*	IPA: Add host info handler	Jan Cholasta	2012-02-07	1	-0/+1
\|
*	Update shadowLastChanged attribute during LDAP password change	Jan Zeleny	2012-02-06	1	-1/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1019
*	Session target in IPA provider	Jan Zeleny	2012-02-06	1	-0/+17
\|
*	Implemented support for multiple search bases in HBAC rules and services	Jan Zeleny	2012-02-06	1	-0/+1
\|
*	AUTOFS: LDAP provider	Jakub Hrozek	2012-02-05	1	-1/+1
\|
*	NSS: Add individual timeouts for entry types	Stephen Gallagher	2012-02-04	1	-1/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1016
*	IPA: Add support for services lookups (non-enum)	Stephen Gallagher	2012-01-31	1	-1/+3
\|
*	LDAP: Add option to disable paging control	Stephen Gallagher	2012-01-18	1	-1/+1
\| \| \| \|	Fixes https://fedorahosted.org/sssd/ticket/967
*	SUDO Integration - periodical update of rules in data provider	Pavel Březina	2012-01-17	1	-1/+1
\| \| \| \| \| \| \| \|	https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
*	SUDO Integration - LDAP configuration options	Pavel Březina	2011-12-16	1	-1/+1
\|
*	Add sdap_connection_expire_timeout option	Stephen Gallagher	2011-12-12	1	-1/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1036
*	Fixed IPA netgroup processing	Jan Zeleny	2011-12-09	1	-0/+1
\| \| \| \| \| \| \| \|	In case IPA netgroup had indirect member hosts, they wouldn't be detected. This patch also modifies debug messages for easier debugging in the future.
*	Add ldap_sasl_minssf option	Jan Zeleny	2011-12-08	1	-1/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1075
*	Add ipa_hbac_support_srchost option to IPA provider	Jan Zeleny	2011-11-29	1	-0/+1
\| \| \| \| \|	don't fetch all host groups if this option is false https://fedorahosted.org/sssd/ticket/1078
*	IPA migration fixes	Jakub Hrozek	2011-11-29	1	-0/+1
\| \| \| \| \| \| \|	* use the id connection for looking up the migration flag * force TLS on the password based authentication connection https://fedorahosted.org/sssd/ticket/924
*	New IPA ID context	Jan Zeleny	2011-11-23	1	-1/+6
\|
*	Added and modified options for IPA netgroups	Jan Zeleny	2011-11-23	1	-0/+23
\|
*	Support to request canonicalization in LDAP/IPA provider	Jan Zeleny	2011-11-02	1	-1/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/957
*	Add support to request canonicalization on krb AS requests	Jan Zeleny	2011-11-02	1	-1/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/957
*	Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON	Jakub Hrozek	2011-08-26	1	-1/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/978
*	Check DNS records before updating	Jakub Hrozek	2011-07-11	1	-0/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/802
*	Add ipa_hbac_treat_deny_as option	Stephen Gallagher	2011-07-08	1	-0/+1
\| \| \| \| \| \|	By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
*	Add ipa_hbac_refresh option	Stephen Gallagher	2011-07-08	1	-0/+1
\| \| \| \| \|	This option describes the time between refreshes of the HBAC rules on the IPA server.
*	Use dereference when processing RFC2307bis nested groups	Jakub Hrozek	2011-05-20	1	-1/+1
\| \| \| \| \| \| \| \|	Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799