summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/ldap_common.c
Commit message (Collapse)AuthorAgeFilesLines
* Set ldap_search_timeout default to 5 secondsStephen Gallagher2010-05-181-1/+1
| | | | | | | | | The manpages had five seconds listed, but the source disagreed (it was set to 60 seconds). This resulted in long wait times when unlocking the screen after network disconnection, for example. If enumerate=True, we will set this value to a minimum of 30s
* Remove unused ldap_offline_timeout optionStephen Gallagher2010-05-181-1/+0
|
* Add offline callback to disconnect global SDAP handleSumit Bose2010-05-181-1/+9
|
* Add ldap_krb5_ticket_lifetime optionSumit Bose2010-05-161-1/+2
|
* Add ldap_access_filter optionStephen Gallagher2010-05-161-1/+2
| | | | | | | | | | This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
* Use service discovery in backendsJakub Hrozek2010-05-071-8/+49
| | | | | | | | | Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
* Better handle sdap_handle memory from callers.Simo Sorce2010-05-031-1/+1
| | | | | | | | | | | | | Always just mark the sdap_handle as not connected and let later _send() functions to take care of freeing the handle before reconnecting. Introduce restart functions to avoid calling _send() functions in _done() functions error paths as this would have the same effect as directly freeing the sdap_handle and cause access to freed memory in sdap_handle_release() By freeing sdap_handle only in the connection _recv() function we guarantee it can never be done within sdap_handle_release() but only in a following event.
* Fix check for values of expiration limitsJakub Hrozek2010-02-251-1/+1
| | | | | There were inconsistencies between what sssd.conf manpage said and what the code enforces.
* Better cleanup task handlingJakub Hrozek2010-02-231-1/+46
| | | | | | | | | | | | | | | | Implements a different mechanism for cleanup task. Instead of just deleting expired entries, this patch adds a new option account_cache_expiration for domains. If an entry is expired and the last login was more days in the past that account_cache_expiration, the entry is deleted. Groups are deleted if they are expired and and no user references them (no user has memberof: attribute pointing at that group). The parameter account_cache_expiration is not LDAP-specific, so that other future backends might use the same timeout setting. Fixes: #391
* Do not check entries during cleanup taskJakub Hrozek2010-02-231-2/+2
| | | | | | | Do not attempt to validate expired entries in cache, just delete them. Also increase the cache timeouts. Fixes: #331
* Rename server/ directory to src/Stephen Gallagher2010-02-181-0/+589
Also update BUILD.txt