summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/ldap_common.c
Commit message (Collapse)AuthorAgeFilesLines
...
* IPA: Add ipa_parse_search_base()Stephen Gallagher2012-02-231-10/+23
| | | | | | | | | | Previously, we were using sdap_parse_search_base() for setting up the search_base objects for use in IPA. However, this was generating unfriendly log messages about unknown search base types. This patch creates a new common_parse_search_base() routine that can be used with either LDAP or IPA providers. https://fedorahosted.org/sssd/ticket/1151
* Don't give memory context in confdb where not neededJan Zeleny2012-02-211-1/+1
|
* Add missing breaks to switch statementsStephen Gallagher2012-02-131-0/+1
| | | | Coverity #12525 and #12524
* LDAP: Add support for SSH user public keysJan Cholasta2012-02-071-2/+4
|
* Update shadowLastChanged attribute during LDAP password changeJan Zeleny2012-02-061-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1019
* AUTOFS: LDAP providerJakub Hrozek2012-02-051-0/+106
|
* Move BUILD_SUDO outside the generic LDAP source filesJakub Hrozek2012-02-041-60/+0
| | | | Avoid #ifdefs in the general part of the code
* NSS: Add individual timeouts for entry typesStephen Gallagher2012-02-041-1/+0
| | | | https://fedorahosted.org/sssd/ticket/1016
* LDAP: Do not fail if RootDSE check cannot determine search basesStephen Gallagher2012-02-041-3/+2
| | | | https://fedorahosted.org/sssd/ticket/1152
* LDAP: Add support for service lookups (non-enum)Stephen Gallagher2012-01-311-0/+33
|
* LDAP: Add option to disable paging controlStephen Gallagher2012-01-181-1/+2
| | | | Fixes https://fedorahosted.org/sssd/ticket/967
* Do not use sudo symbols in LDAP provider unconditionallyJakub Hrozek2012-01-181-0/+2
|
* SUDO Integration - periodical update of rules in data providerPavel Březina2012-01-171-0/+60
| | | | | | | | https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
* SUDO Integration review issuesPavel Březina2012-01-171-1/+1
|
* SUDO Integration - LDAP configuration optionsPavel Březina2011-12-161-1/+72
|
* Export the function to convert ldb_result to sysdb_attrsJakub Hrozek2011-12-161-29/+0
| | | | It will be reused later in the sudo responder
* Add sdap_connection_expire_timeout optionStephen Gallagher2011-12-121-1/+2
| | | | https://fedorahosted.org/sssd/ticket/1036
* Add ldap_sasl_minssf optionJan Zeleny2011-12-081-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1075
* Modified sdap_parse_search_base()Jan Zeleny2011-11-231-9/+8
|
* Support to request canonicalization in LDAP/IPA providerJan Zeleny2011-11-021-0/+1
| | | | https://fedorahosted.org/sssd/ticket/957
* LDAP: Convert ldap_*_search_filterStephen Gallagher2011-11-021-1/+5
| | | | | | Instead of making this a global option for all user lookups, make it only used if the search base is passed without an explicit filter.
* LDAP: Add parser for multiple search basesStephen Gallagher2011-11-021-0/+261
|
* Make sdap_get_id_specific_filter() more strictStephen Gallagher2011-11-021-2/+2
|
* Fix uninitialized pointer read in sdap_gssapi_get_default_realm()Jakub Hrozek2011-09-201-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1003
* Use the default Kerberos realm for LDAP with GSSAPI authJakub Hrozek2011-08-261-3/+55
| | | | https://fedorahosted.org/sssd/ticket/970
* Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek2011-08-261-1/+2
| | | | https://fedorahosted.org/sssd/ticket/978
* sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny2011-08-151-3/+1
| | | | | The patch also updates code using modified functions. Tests have also been adjusted.
* fo_get_server_name() getter for a server nameJakub Hrozek2011-07-211-1/+10
| | | | | Allows to be more concise in tests and more defensive in resolve callbacks
* Rename fo_get_server_name to fo_get_server_str_nameJakub Hrozek2011-07-211-2/+2
|
* Do not add a NULL host parsed from LDAP URIJakub Hrozek2011-07-211-1/+8
| | | | https://fedorahosted.org/sssd/ticket/911
* Add LDAP access control based on NDS attributesSumit Bose2011-07-081-2/+8
|
* Add helper function msgs2attrs_arrayStephen Gallagher2011-07-081-0/+29
| | | | | This function converts a list of ldb_messages into a list of sysdb_attrs.
* Use name based URI instead of IP address based URIsSumit Bose2011-06-301-37/+2
|
* Add sockaddr_storage to sdap_serviceSumit Bose2011-06-301-0/+11
|
* Switch resolver to using resolv_hostent and honor TTLJakub Hrozek2011-06-151-2/+2
|
* Use escaped IP addresses in LDAP providerJakub Hrozek2011-06-021-6/+56
|
* Make "password" the default for ldap_default_authtok_typeStephen Gallagher2011-05-241-1/+1
|
* Use dereference when processing RFC2307bis nested groupsJakub Hrozek2011-05-201-1/+2
| | | | | | | | Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799
* Add ldap_page_size configuration optionStephen Gallagher2011-04-271-1/+2
|
* Modify principal selection for keytab authenticationJan Zeleny2011-04-251-0/+1
| | | | | | | | | | | | | | | | Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
* Add user and group search LDAP filter optionsJakub Hrozek2011-04-191-0/+20
| | | | https://fedorahosted.org/sssd/ticket/647
* Never remove gecos from the sysdb cacheStephen Gallagher2011-04-121-0/+9
| | | | | Now that gecos can come from either the 'gecos' or 'cn' attributes, we need to ensure that we never remove it from the cache.
* Add host access control supportPierre Ossman2011-03-241-2/+4
| | | | https://fedorahosted.org/sssd/ticket/746
* Do not attempt to use START_TLS on SSL connectionsStephen Gallagher2011-02-161-0/+9
| | | | | | | Not all LDAP servers are capable of handling dual-encryption with both TLS and SSL. https://fedorahosted.org/sssd/ticket/795
* Add option to disable TLS for LDAP authsssd-1_5_1Stephen Gallagher2011-01-271-1/+5
| | | | | Option is named to discourage use in production environments and is intentionally not listed in the SSSDConfig API.
* Delete attributes that are removed from LDAPStephen Gallagher2011-01-211-0/+117
| | | | | | | | Sometimes, a value in LDAP will cease to exist (the classic example being shadowExpire). We need to make sure we purge that value from SSSD's sysdb as well. https://fedorahosted.org/sssd/ticket/750
* Add ldap_tls_{cert,key,cipher_suite} config optionsTyson Whitehead2011-01-201-0/+3
| | | | Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* Add LDAP expire policy base RHDS/IPA attributeSumit Bose2011-01-191-2/+4
| | | | | The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
* Add LDAP expire policy based on AD attributesSumit Bose2011-01-191-2/+6
| | | | | | The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
* Add ldap_search_enumeration_timeout config optionSumit Bose2011-01-171-2/+3
|
generated by cgit (git 2.34.1) at 2024-05-23 15:56:52 +0000