summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/ldap_common.c
Commit message (Collapse)AuthorAgeFilesLines
* LDAP: Pass a private context to enumeration ptask instead of hardcoded ↵Jakub Hrozek2014-01-291-6/+9
| | | | | | | | | | connection Previously, the sdap-domain enumeration request used a single connection context to download all the data. Now we'd like to use different connections to download different objects, so the ID context is passed in and the request itself decides which connection to use for the sdap-domain enumeration.
* LDAP: Fix error checkJakub Hrozek2014-01-201-2/+2
| | | | https://fedorahosted.org/sssd/ticket/2199
* SSSD: Improved domain detectionPavel Reichl2013-11-291-11/+28
| | | | | | | A bit more elegant way of detection of what domain the group member belongs to Resolves: https://fedorahosted.org/sssd/ticket/2132
* sdap: add sdap_domain_get_by_dn()Pavel Březina2013-10-301-0/+24
| | | | | | | | This function will find sdap domain by comparing object dn with domain base dn. Resolves: https://fedorahosted.org/sssd/ticket/2064
* sdap: store base dn in sdap_domainPavel Březina2013-10-301-15/+20
| | | | | | | | | Groups may contain members from different domains. Remembering base dn in domain object gives us the ability to simply lookup correct domain by comparing object dn with domain base dn. Resolves: https://fedorahosted.org/sssd/ticket/2064
* LDAP: Return correct error codeLukas Slebodnik2013-10-301-1/+1
| | | | | | If talloc_array return NULL we should return right error code from function sdap_domain_subdom_add. It might happen that we could return either wrong error code or uninitialized variable ret.
* dp: convert cleanup task to be_ptaskPavel Březina2013-10-251-16/+6
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/1968
* AD: Use the ad_access_filter if it's setJakub Hrozek2013-10-251-0/+19
| | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2082 Currently the AD access control only checks if an account has been expired. This patch amends the logic so that if ad_access_filter is set, it is used automatically.
* sdap_domain_add: remove too strict consistency checkSumit Bose2013-09-201-10/+0
| | | | | The check worked for simple setups but fails e.g. in environment with trusts.
* LDAP: sdap_id_setup_tasks accepts a custom enum requestJakub Hrozek2013-09-181-3/+7
| | | | AD provider will override the default with its own.
* Fix formating of variables with type: longLukas Slebodnik2013-09-111-2/+3
|
* LDAP: Make sdap_id_setup_tasks reusable for subdomainsJakub Hrozek2013-08-281-5/+12
| | | | | Instead of always performing the setup for the main domain, the setup can now be performed for subdomains as well.
* LDAP: Make the cleanup task reusable for subdomainsJakub Hrozek2013-08-281-1/+1
| | | | | | Instead of always performing the cleanup on the main domain, the task now accepts a sdap_domain structure to perform the cleanup on. This change will make the cleanup task reusable for subdomains.
* LDAP: Convert enumeration to the ptask APIJakub Hrozek2013-08-281-28/+2
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1942 Identity providers other than LDAP need to customize the enumeration in different ways while sharing the way the task is scheduled etc. The easiest way to accomplish it is to leverage the recently introduced ptask framework.
* AD: Move storing sdap_domain for subdomain to generic LDAP codeJakub Hrozek2013-06-281-0/+73
| | | | | | | | Makes creating the sdap_domain structure for a subdomain reusable outside AD subdomain code where it was created initially. Subtask of: https://fedorahosted.org/sssd/ticket/1962
* A new option krb5_use_kdcinfoJakub Hrozek2013-06-101-2/+6
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/1883 The patch introduces a new Kerberos provider option called krb5_use_kdcinfo. The option is true by default in all providers. When set to false, the SSSD will not create krb5 info files that the locator plugin consumes and the user would have to set up the Kerberos options manually in krb5.conf
* LDAP: split a function to create search basesJakub Hrozek2013-06-071-29/+67
| | | | | This function will be used later to fill the sdap_domain structures with search bases.
* LDAP: new SDAP domain structureJakub Hrozek2013-06-071-7/+79
| | | | | | | | | | | Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain.
* LDAP: sdap_id_ctx might contain several connectionsJakub Hrozek2013-06-071-0/+47
| | | | | | | | | | | | | | | | | | | With some LDAP server implementations, one server might provide different "views" of the identites on different ports. One example is the Active Directory Global catalog. The provider would contact different view depending on which operation it is performing and against which SSSD domain. At the same time, these views run on the same server, which means the same server options, enumeration, cleanup or Kerberos service should be used. So instead of using several different failover ports or several instances of sdap_id_ctx, this patch introduces a new "struct sdap_id_conn_ctx" that contains the connection cache to the particular view and an instance of "struct sdap_options" that contains the URI. No functional changes are present in this patch, currently all providers use a single connection. Multiple connections will be used later in the upcoming patches.
* Do not obfuscate calls with booleansJakub Hrozek2013-06-071-10/+29
| | | | | | Instead of using boolean variables to denote whether the call is adding a primary or a secondary server, use a function wrapper that tells what it's doing by its name.
* Handle SID strings in sdap_attrs_get_sid_str() as wellSumit Bose2013-05-271-9/+20
| | | | | | | This patch add a basic check if the SID returned by the LDAP server is in a string representation. If not it is assumed that a binary SID was returned by the LDAP server which is converted into a string representation which is returned to the caller.
* Introduce be_req_terminate() helperSimo Sorce2013-01-211-1/+1
| | | | | Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque.
* Remove sysdb as a be context structure memberSimo Sorce2013-01-211-1/+1
| | | | The sysdb context is already available through the 'domain' structure.
* Add domain argument to sysdb_has/set_enumerated()Simo Sorce2013-01-151-1/+2
|
* failover: Protect against empty host namesMichal Zidek2013-01-021-2/+2
| | | | | | | | | | Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484
* LDAP: Make it possible to use full principal in ldap_sasl_authid againJakub Hrozek2012-11-191-4/+16
|
* LDAP: Checking the principal should not be considered fatalJakub Hrozek2012-11-191-6/+10
| | | | | | | | | | | | | | The check is too restrictive as the select_principal_from_keytab can return something else than user requested right now. Consider that user query for host/myserver@EXAMPLE.COM, then the select_principal_from_keytab function will return "myserver" in primary and "EXAMPLE.COM" in realm. So the caller needs to add logic to also break down the principal to get rid of the host/ part. The heuristics would simply get too complex. select_principal_from_keytab will error out anyway if there's no suitable principal at all.
* LDAP: Provide a common sdap_set_sasl_options init functionJakub Hrozek2012-11-191-0/+72
| | | | | The AD and IPA initialization functions shared the same code. This patch moves the code into a common initialization function.
* Fix segfault when ID-mapping an entry without a SIDJakub Hrozek2012-10-101-1/+1
| | | | | | | | | If there was no SID attribute, then we would have detected it by checking the number of values of an element. We would however happily return EOK in that case and save garbage into the sid_str. This was causing segfault when the entry was supposed to be ID-mapped by had no SID.
* AUTOFS: Do not fail if search base is not providedJakub Hrozek2012-09-241-2/+2
|
* Failover: use _srv_ when no primary server is definedPavel Březina2012-09-171-12/+3
| | | | https://fedorahosted.org/sssd/ticket/1521
* Fix: IPv6 address with square brackets doesn't work.Michal Zidek2012-08-231-0/+7
| | | | https://fedorahosted.org/sssd/ticket/1365
* Duplicate detection in fail over did not work.Michal Zidek2012-08-151-1/+6
| | | | https://fedorahosted.org/sssd/ticket/1472
* SRV resolution for backup servers should not be permitted.Michal Zidek2012-08-091-1/+9
| | | | https://fedorahosted.org/sssd/ticket/1463
* shadow attributes can contain -1Pavel Březina2012-08-061-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1393
* Primary server support: new options in krb5 providerJan Zeleny2012-08-011-4/+3
| | | | | | This patch adds support for new config options krb5_backup_server and krb5_backup_kpasswd. The description of this option's functionality is included in man page in one of previous patches.
* Primary server support: LDAP adaptationJan Zeleny2012-08-011-32/+79
| | | | | | This patch adds support for the primary server functionality into LDAP provider. No backup servers are added at the moment, just the basic support is in place.
* Primary server support: basic support in failover codeJan Zeleny2012-08-011-2/+2
| | | | | | | | Now there are two list of servers for each service. If currently selected server is only backup, then an event will be scheduled which tries to get connection to one of primary servers and if it succeeds, it starts using this server instead of the one which is currently connected to.
* LDAP: Rename user and group maps for ADStephen Gallagher2012-07-061-2/+2
| | | | This will eliminate ambiguity for the AD provider
* KRB5: Drop memctx parameter of krb5_try_kdcipStephen Gallagher2012-07-061-1/+1
| | | | | | | | | | | | | | | | This function is not supposed to return any newly-allocated memory directly. It was actually leaking the memory for krb5_servers if krb5_kdcip was being used, though it was undetectable because it was allocated on the provided memctx. This patch removes the memctx parameter and allocates krb5_servers temporarily on NULL and ensures that it is freed on all exit conditions. It is not necessary to retain this memory, as dp_opt_set_string() performs a talloc_strdup onto the appropriate context internally. It also updates the DEBUG messages for this function to the appropriate new macro levels.
* sudo ldap provider: load host filter configuration on initPavel Březina2012-06-291-1/+9
| | | | | | | We need to load host information during provider initialization. Currently it loads only values from configuration files, but it is implemented as an asynchrounous request as it will later try to autodetect these settings (which will need to contact DNS).
* Move some debug lines to new debug log levelsStef Walter2012-06-201-1/+1
| | | | | | | * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
* Add support for filtering atributesJan Zeleny2012-05-311-1/+2
| | | | | This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
* LDAP: Add attr_count return value to build_attrs_from_map()Stephen Gallagher2012-05-101-4/+1
| | | | | | | This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL.
* LDAP: Add helper routine to convert LDAP blob to SID stringStephen Gallagher2012-05-031-0/+37
|
* Put dp_option maps in their own fileStephen Gallagher2012-03-281-279/+2
| | | | There is no functional change due to this patch.
* Fix uninitialized variableJakub Hrozek2012-03-161-1/+1
|
* LDAP: Add AD 2008r2 schemaStephen Gallagher2012-03-141-2/+49
| | | | https://fedorahosted.org/sssd/ticket/1031
* IPA: Set the DNS discovery domain to match ipa_domainStephen Gallagher2012-03-011-1/+2
| | | | https://fedorahosted.org/sssd/ticket/1217
* Modifications to simplify list_missing_attrsJan Zeleny2012-02-241-6/+14
|
generated by cgit (git 2.34.1) at 2024-06-05 03:45:26 +0000