summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/ldap_common.c
Commit message (Collapse)AuthorAgeFilesLines
* A new option krb5_use_kdcinfoJakub Hrozek2013-06-101-2/+6
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/1883 The patch introduces a new Kerberos provider option called krb5_use_kdcinfo. The option is true by default in all providers. When set to false, the SSSD will not create krb5 info files that the locator plugin consumes and the user would have to set up the Kerberos options manually in krb5.conf
* LDAP: split a function to create search basesJakub Hrozek2013-06-071-29/+67
| | | | | This function will be used later to fill the sdap_domain structures with search bases.
* LDAP: new SDAP domain structureJakub Hrozek2013-06-071-7/+79
| | | | | | | | | | | Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain.
* LDAP: sdap_id_ctx might contain several connectionsJakub Hrozek2013-06-071-0/+47
| | | | | | | | | | | | | | | | | | | With some LDAP server implementations, one server might provide different "views" of the identites on different ports. One example is the Active Directory Global catalog. The provider would contact different view depending on which operation it is performing and against which SSSD domain. At the same time, these views run on the same server, which means the same server options, enumeration, cleanup or Kerberos service should be used. So instead of using several different failover ports or several instances of sdap_id_ctx, this patch introduces a new "struct sdap_id_conn_ctx" that contains the connection cache to the particular view and an instance of "struct sdap_options" that contains the URI. No functional changes are present in this patch, currently all providers use a single connection. Multiple connections will be used later in the upcoming patches.
* Do not obfuscate calls with booleansJakub Hrozek2013-06-071-10/+29
| | | | | | Instead of using boolean variables to denote whether the call is adding a primary or a secondary server, use a function wrapper that tells what it's doing by its name.
* Handle SID strings in sdap_attrs_get_sid_str() as wellSumit Bose2013-05-271-9/+20
| | | | | | | This patch add a basic check if the SID returned by the LDAP server is in a string representation. If not it is assumed that a binary SID was returned by the LDAP server which is converted into a string representation which is returned to the caller.
* Introduce be_req_terminate() helperSimo Sorce2013-01-211-1/+1
| | | | | Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque.
* Remove sysdb as a be context structure memberSimo Sorce2013-01-211-1/+1
| | | | The sysdb context is already available through the 'domain' structure.
* Add domain argument to sysdb_has/set_enumerated()Simo Sorce2013-01-151-1/+2
|
* failover: Protect against empty host namesMichal Zidek2013-01-021-2/+2
| | | | | | | | | | Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484
* LDAP: Make it possible to use full principal in ldap_sasl_authid againJakub Hrozek2012-11-191-4/+16
|
* LDAP: Checking the principal should not be considered fatalJakub Hrozek2012-11-191-6/+10
| | | | | | | | | | | | | | The check is too restrictive as the select_principal_from_keytab can return something else than user requested right now. Consider that user query for host/myserver@EXAMPLE.COM, then the select_principal_from_keytab function will return "myserver" in primary and "EXAMPLE.COM" in realm. So the caller needs to add logic to also break down the principal to get rid of the host/ part. The heuristics would simply get too complex. select_principal_from_keytab will error out anyway if there's no suitable principal at all.
* LDAP: Provide a common sdap_set_sasl_options init functionJakub Hrozek2012-11-191-0/+72
| | | | | The AD and IPA initialization functions shared the same code. This patch moves the code into a common initialization function.
* Fix segfault when ID-mapping an entry without a SIDJakub Hrozek2012-10-101-1/+1
| | | | | | | | | If there was no SID attribute, then we would have detected it by checking the number of values of an element. We would however happily return EOK in that case and save garbage into the sid_str. This was causing segfault when the entry was supposed to be ID-mapped by had no SID.
* AUTOFS: Do not fail if search base is not providedJakub Hrozek2012-09-241-2/+2
|
* Failover: use _srv_ when no primary server is definedPavel Březina2012-09-171-12/+3
| | | | https://fedorahosted.org/sssd/ticket/1521
* Fix: IPv6 address with square brackets doesn't work.Michal Zidek2012-08-231-0/+7
| | | | https://fedorahosted.org/sssd/ticket/1365
* Duplicate detection in fail over did not work.Michal Zidek2012-08-151-1/+6
| | | | https://fedorahosted.org/sssd/ticket/1472
* SRV resolution for backup servers should not be permitted.Michal Zidek2012-08-091-1/+9
| | | | https://fedorahosted.org/sssd/ticket/1463
* shadow attributes can contain -1Pavel Březina2012-08-061-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1393
* Primary server support: new options in krb5 providerJan Zeleny2012-08-011-4/+3
| | | | | | This patch adds support for new config options krb5_backup_server and krb5_backup_kpasswd. The description of this option's functionality is included in man page in one of previous patches.
* Primary server support: LDAP adaptationJan Zeleny2012-08-011-32/+79
| | | | | | This patch adds support for the primary server functionality into LDAP provider. No backup servers are added at the moment, just the basic support is in place.
* Primary server support: basic support in failover codeJan Zeleny2012-08-011-2/+2
| | | | | | | | Now there are two list of servers for each service. If currently selected server is only backup, then an event will be scheduled which tries to get connection to one of primary servers and if it succeeds, it starts using this server instead of the one which is currently connected to.
* LDAP: Rename user and group maps for ADStephen Gallagher2012-07-061-2/+2
| | | | This will eliminate ambiguity for the AD provider
* KRB5: Drop memctx parameter of krb5_try_kdcipStephen Gallagher2012-07-061-1/+1
| | | | | | | | | | | | | | | | This function is not supposed to return any newly-allocated memory directly. It was actually leaking the memory for krb5_servers if krb5_kdcip was being used, though it was undetectable because it was allocated on the provided memctx. This patch removes the memctx parameter and allocates krb5_servers temporarily on NULL and ensures that it is freed on all exit conditions. It is not necessary to retain this memory, as dp_opt_set_string() performs a talloc_strdup onto the appropriate context internally. It also updates the DEBUG messages for this function to the appropriate new macro levels.
* sudo ldap provider: load host filter configuration on initPavel Březina2012-06-291-1/+9
| | | | | | | We need to load host information during provider initialization. Currently it loads only values from configuration files, but it is implemented as an asynchrounous request as it will later try to autodetect these settings (which will need to contact DNS).
* Move some debug lines to new debug log levelsStef Walter2012-06-201-1/+1
| | | | | | | * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
* Add support for filtering atributesJan Zeleny2012-05-311-1/+2
| | | | | This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
* LDAP: Add attr_count return value to build_attrs_from_map()Stephen Gallagher2012-05-101-4/+1
| | | | | | | This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL.
* LDAP: Add helper routine to convert LDAP blob to SID stringStephen Gallagher2012-05-031-0/+37
|
* Put dp_option maps in their own fileStephen Gallagher2012-03-281-279/+2
| | | | There is no functional change due to this patch.
* Fix uninitialized variableJakub Hrozek2012-03-161-1/+1
|
* LDAP: Add AD 2008r2 schemaStephen Gallagher2012-03-141-2/+49
| | | | https://fedorahosted.org/sssd/ticket/1031
* IPA: Set the DNS discovery domain to match ipa_domainStephen Gallagher2012-03-011-1/+2
| | | | https://fedorahosted.org/sssd/ticket/1217
* Modifications to simplify list_missing_attrsJan Zeleny2012-02-241-6/+14
|
* IPA: Add ipa_parse_search_base()Stephen Gallagher2012-02-231-10/+23
| | | | | | | | | | Previously, we were using sdap_parse_search_base() for setting up the search_base objects for use in IPA. However, this was generating unfriendly log messages about unknown search base types. This patch creates a new common_parse_search_base() routine that can be used with either LDAP or IPA providers. https://fedorahosted.org/sssd/ticket/1151
* Don't give memory context in confdb where not neededJan Zeleny2012-02-211-1/+1
|
* Add missing breaks to switch statementsStephen Gallagher2012-02-131-0/+1
| | | | Coverity #12525 and #12524
* LDAP: Add support for SSH user public keysJan Cholasta2012-02-071-2/+4
|
* Update shadowLastChanged attribute during LDAP password changeJan Zeleny2012-02-061-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1019
* AUTOFS: LDAP providerJakub Hrozek2012-02-051-0/+106
|
* Move BUILD_SUDO outside the generic LDAP source filesJakub Hrozek2012-02-041-60/+0
| | | | Avoid #ifdefs in the general part of the code
* NSS: Add individual timeouts for entry typesStephen Gallagher2012-02-041-1/+0
| | | | https://fedorahosted.org/sssd/ticket/1016
* LDAP: Do not fail if RootDSE check cannot determine search basesStephen Gallagher2012-02-041-3/+2
| | | | https://fedorahosted.org/sssd/ticket/1152
* LDAP: Add support for service lookups (non-enum)Stephen Gallagher2012-01-311-0/+33
|
* LDAP: Add option to disable paging controlStephen Gallagher2012-01-181-1/+2
| | | | Fixes https://fedorahosted.org/sssd/ticket/967
* Do not use sudo symbols in LDAP provider unconditionallyJakub Hrozek2012-01-181-0/+2
|
* SUDO Integration - periodical update of rules in data providerPavel Březina2012-01-171-0/+60
| | | | | | | | https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
* SUDO Integration review issuesPavel Březina2012-01-171-1/+1
|
* SUDO Integration - LDAP configuration optionsPavel Březina2011-12-161-1/+72
|
generated by cgit (git 2.34.1) at 2024-05-13 19:51:25 +0000