summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa/ipa_common.h
Commit message (Collapse)AuthorAgeFilesLines
* Primary server support: new option in IPA providerJan Zeleny2012-08-011-0/+1
| | | | | | This patch adds support for new config option ipa_backup_server. The description of this option's functionality is included in man page in one of previous patches.
* Primary server support: IPA adaptationJan Zeleny2012-08-011-1/+2
| | | | | | This patch adds support for the primary server functionality into IPA provider. No backup servers are added at the moment, just the basic support is in place.
* Add support for ID rangesSumit Bose2012-06-211-0/+2
|
* IPA subdomains - ask for information about master domainJan Zeleny2012-06-101-0/+2
| | | | | | | The query is performed only if there is missing information in the cache. That means this should be done only once after restart when cache doesn't exist. All subsequent requests for subdomains won't include the request for master domain.
* IPA: Add get-domains targetSumit Bose2012-04-241-0/+2
|
* Remove old compatibility testsStephen Gallagher2012-03-281-15/+0
| | | | | | | These are now replaced by the more accurate tests. This patch also drops the runtime option-count check, since we are always performing the more complete check at build-time.
* IPA hosts refactoringJan Zeleny2012-02-241-0/+17
|
* AUTOFS: IPA providerJakub Hrozek2012-02-071-0/+14
|
* IPA: Add host info handlerJan Cholasta2012-02-071-0/+1
|
* Update shadowLastChanged attribute during LDAP password changeJan Zeleny2012-02-061-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1019
* Session target in IPA providerJan Zeleny2012-02-061-0/+17
|
* Implemented support for multiple search bases in HBAC rules and servicesJan Zeleny2012-02-061-0/+1
|
* AUTOFS: LDAP providerJakub Hrozek2012-02-051-1/+1
|
* NSS: Add individual timeouts for entry typesStephen Gallagher2012-02-041-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1016
* IPA: Add support for services lookups (non-enum)Stephen Gallagher2012-01-311-1/+3
|
* LDAP: Add option to disable paging controlStephen Gallagher2012-01-181-1/+1
| | | | Fixes https://fedorahosted.org/sssd/ticket/967
* SUDO Integration - periodical update of rules in data providerPavel Březina2012-01-171-1/+1
| | | | | | | | https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
* SUDO Integration - LDAP configuration optionsPavel Březina2011-12-161-1/+1
|
* Add sdap_connection_expire_timeout optionStephen Gallagher2011-12-121-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1036
* Fixed IPA netgroup processingJan Zeleny2011-12-091-0/+1
| | | | | | | | In case IPA netgroup had indirect member hosts, they wouldn't be detected. This patch also modifies debug messages for easier debugging in the future.
* Add ldap_sasl_minssf optionJan Zeleny2011-12-081-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1075
* Add ipa_hbac_support_srchost option to IPA providerJan Zeleny2011-11-291-0/+1
| | | | | don't fetch all host groups if this option is false https://fedorahosted.org/sssd/ticket/1078
* IPA migration fixesJakub Hrozek2011-11-291-0/+1
| | | | | | | * use the id connection for looking up the migration flag * force TLS on the password based authentication connection https://fedorahosted.org/sssd/ticket/924
* New IPA ID contextJan Zeleny2011-11-231-1/+6
|
* Added and modified options for IPA netgroupsJan Zeleny2011-11-231-0/+23
|
* Support to request canonicalization in LDAP/IPA providerJan Zeleny2011-11-021-1/+1
| | | | https://fedorahosted.org/sssd/ticket/957
* Add support to request canonicalization on krb AS requestsJan Zeleny2011-11-021-1/+1
| | | | https://fedorahosted.org/sssd/ticket/957
* Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek2011-08-261-1/+1
| | | | https://fedorahosted.org/sssd/ticket/978
* Check DNS records before updatingJakub Hrozek2011-07-111-0/+1
| | | | https://fedorahosted.org/sssd/ticket/802
* Add ipa_hbac_treat_deny_as optionStephen Gallagher2011-07-081-0/+1
| | | | | | By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
* Add ipa_hbac_refresh optionStephen Gallagher2011-07-081-0/+1
| | | | | This option describes the time between refreshes of the HBAC rules on the IPA server.
* Use dereference when processing RFC2307bis nested groupsJakub Hrozek2011-05-201-1/+1
| | | | | | | | Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799
* Add ldap_page_size configuration optionStephen Gallagher2011-04-271-1/+1
|
* Modify principal selection for keytab authenticationJan Zeleny2011-04-251-1/+1
| | | | | | | | | | | | | | | | Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
* Allow new option to specify principal for FASTJan Zeleny2011-04-251-1/+1
| | | | https://fedorahosted.org/sssd/ticket/700
* Add krb5_realm to the basic IPA optionsStephen Gallagher2011-02-221-0/+1
| | | | | | | Previously, this was only handled by the internal LDAP and Kerberos providers, but this wasn't available early enough to properly handle setting up the krb5_service for failover and creating the krb5info files.
* Allow krb5_realm to override ipa_domainStephen Gallagher2011-02-221-1/+2
| | | | | | It is possible to set up FreeIPA servers where the Kerberos realm differs from the IPA domain name. We need to allow setting the krb5_realm explicitly to handle this.
* Add option to disable TLS for LDAP authsssd-1_5_1Stephen Gallagher2011-01-271-1/+1
| | | | | Option is named to discourage use in production environments and is intentionally not listed in the SSSDConfig API.
* Add ldap_tls_{cert,key,cipher_suite} config optionsTyson Whitehead2011-01-201-1/+1
| | | | Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* Add ipa_hbac_search_base config optionSumit Bose2011-01-191-0/+1
|
* Add ldap_search_enumeration_timeout config optionSumit Bose2011-01-171-1/+1
|
* Add support for FAST in krb5 providerSumit Bose2010-12-071-1/+1
|
* Add ldap_chpass_uri config optionSumit Bose2010-12-061-1/+1
|
* Add new account expired rule to LDAP access providerSumit Bose2010-12-061-1/+1
| | | | | | | | | | | | | | Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
* Add support for automatic Kerberos ticket renewalSumit Bose2010-12-031-1/+1
|
* Add krb5_lifetime optionSumit Bose2010-12-031-1/+1
|
* Add krb5_renewable_lifetime optionSumit Bose2010-12-031-1/+1
|
* Add ldap_deref optionSumit Bose2010-10-221-1/+1
|
* Add option to limit nested groupsSimo Sorce2010-10-181-1/+1
|
* Add infrastructure to LDAP provider for netgroup supportSumit Bose2010-10-131-1/+1
|
generated by cgit (git 2.34.1) at 2024-05-21 21:31:45 +0000