summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/ldap_id.c
Commit message (Collapse)AuthorAgeFilesLines
* Intermittent fix for get_user_and_group_users_doneSumit Bose2013-06-061-3/+0
| | | | | | | | | | | users_get_recv() never returns ENOENT. In general it should return EOK in the case no matching user was found. But since I forget to handle a SID based filter properly in sdap_get_users_process() an error is returned in this case which makes get_user_and_group_users_done() work as expected with this patch. There is an upcoming enhancement to users_get_recv() which I'm planning to use for a full fix.
* Remove unneeded commentJakub Hrozek2013-05-281-1/+0
|
* Add SID related requests to the LDAP providerSumit Bose2013-05-271-5/+230
| | | | | | | | | | | The patch adds support for BE_REQ_BY_SECID and BE_REQ_USER_AND_GROUP to the LDAP provider. Since the AD and the IPA provider use the same code they support those request now as well. Besides allowing that users and groups can be searched by the SID as well the new request allows to search users and groups in one run, i.e. if there is not user matching the search criteria groups are searched as well.
* Add secid filter to responder-dp protocolSumit Bose2013-05-021-0/+6
| | | | | This patch add a new filter type to the data-provider interface which can be used for SID-based lookups.
* ldap: Fallback option for rfc2307 schemaSimo Sorce2013-03-201-0/+39
| | | | | | | | | | | Add option to fallback to fetch local users if rfc2307is being used. This is useful for cases where people added local users as LDAP members and rely on these group memberships to be maintained on the local host. Disabled by default as it violates identity domain separation. Ticket: https://fedorahosted.org/sssd/ticket/1020
* Add be_req_get_data() helper funciton.Simo Sorce2013-01-211-1/+1
| | | | In preparation for making struct be_req opaque.
* Add be_req_get_be_ctx() helper.Simo Sorce2013-01-211-10/+16
| | | | In preparation for making be_req opaque
* Remove sysdb as a be context structure memberSimo Sorce2013-01-211-3/+3
| | | | The sysdb context is already available through the 'domain' structure.
* Add domain argument to sysdb_delete_group()Simo Sorce2013-01-151-2/+4
| | | | Also remove sysdb_delete_domgroup()
* Add domain argument to sysdb_delete_user()Simo Sorce2013-01-151-3/+5
| | | | Also remove sysdb_delete_domuser()
* Fix comment on wrong lineSimo Sorce2012-12-051-1/+1
|
* Use an entry type mask macro to filter entry typesSimo Sorce2012-12-041-1/+1
| | | | | Avoids hardcoding magic numbers everywhere and self documents why a mask is being applied.
* LDAP: Remove double breakJakub Hrozek2012-11-191-1/+0
|
* Add ignore_group_members option.Paul B. Henson2012-11-151-1/+8
| | | | https://fedorahosted.org/sssd/ticket/1376
* Clean up cache on server reinitializationPavel Březina2012-08-231-0/+45
| | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/734 We successfully detect when the server is reinitialized by testing the new lastUSN value. The maximum USN values are set to zero, but the current cache content remains. This patch removes records that were deleted from the server. It uses the following approach: 1. remove entryUSN attribute from all entries 2. run enumeration 3. remove records that doesn't have entryUSN attribute updated We don't need to do this for sudo rules, they will be refreshed automatically during next smart/full refresh, or when an expired rule is deleted.
* ldap provider: add sudo usn valuePavel Březina2012-06-291-0/+2
|
* Add support for filtering atributesJan Zeleny2012-05-311-6/+6
| | | | | This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
* LDAP: Add attr_count return value to build_attrs_from_map()Stephen Gallagher2012-05-101-3/+3
| | | | | | | This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL.
* LDAP: Enable looking up id-mapped groups by GIDStephen Gallagher2012-05-031-2/+45
|
* LDAP: Allow looking up ID-mapped groups by nameStephen Gallagher2012-05-031-11/+20
|
* LDAP: Enable looking up id-mapped users by UIDStephen Gallagher2012-05-031-6/+43
|
* LDAP: Add enumeration support for servicesStephen Gallagher2012-01-311-0/+2
|
* LDAP: Add support for service lookups (non-enum)Stephen Gallagher2012-01-311-0/+30
|
* Pass sdap_id_ctx to online check from IPA providerJakub Hrozek2011-12-191-17/+40
|
* Provide means of forcing TLS and GSSAPI enabled/disabled for sdap connectionsJakub Hrozek2011-11-291-1/+2
|
* Fix sdap_id_ctx/ipa_id_ctx mismatch in IPA providerJakub Hrozek2011-11-251-2/+13
| | | | | This was causing a segfault during HBAC processing and any ID lookups except for netgroups
* Renamed some LDAP routinesJan Zeleny2011-11-231-2/+2
| | | | | These were renamed just ot make sure they are not mistook for IPA netgroup functions.
* LDAP: Add support for multiple search bases for group enumerationStephen Gallagher2011-11-021-1/+2
|
* LDAP: Add support for multiple search bases for user enumerationStephen Gallagher2011-11-021-1/+2
|
* LDAP: Convert ldap_*_search_filterStephen Gallagher2011-11-021-32/+12
| | | | | | Instead of making this a global option for all user lookups, make it only used if the search base is passed without an explicit filter.
* LDAP: Support multiple group search bases (non-enumeration, RFC2307)Stephen Gallagher2011-11-021-1/+3
|
* LDAP: Support multiple user search bases (non-enumeration)Stephen Gallagher2011-11-021-0/+1
|
* Use explicit base 10 for converting strings to integersJakub Hrozek2011-10-031-2/+2
| | | | https://fedorahosted.org/sssd/ticket/1013
* sysdb refactoring: memory context deletedJan Zeleny2011-08-151-7/+5
| | | | | | This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
* sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny2011-08-151-9/+4
| | | | | The patch also updates code using modified functions. Tests have also been adjusted.
* Fix returning groups when gidNumber attribute is not orderedJakub Hrozek2011-08-041-1/+3
| | | | https://fedorahosted.org/sssd/ticket/951
* Explicitly ignore groups with gidNumber=0Jakub Hrozek2011-07-271-1/+1
| | | | https://fedorahosted.org/sssd/ticket/916
* Fixed lastUSN checking improvementsJan Zeleny2011-05-041-3/+6
| | | | | | | | This patch fixes some issues with setting lastUSN attribute and it adds check against the highest user/group USN after enumeration to keep better track of the real highest USN. Optimal solution here would be to schedule a check of rootDSE entry right after the enumeration finishes, but for the moment this is good enough.
* Add last usn checking after reconnectionJan Zeleny2011-04-191-1/+16
| | | | | | | | | | | When reconnecting to the LDAP server supporting USNs (either because of new incomming id operation or invokation of callback responsible for checking status of the backend), detect whether the highest USN is lower than the one SSSD has recorded. If so, setup enumeration/cleanup to refresh potentionally changed account information in the SSSD cache. Related ticket: https://fedorahosted.org/sssd/ticket/734
* Add user and group search LDAP filter optionsJakub Hrozek2011-04-191-13/+32
| | | | https://fedorahosted.org/sssd/ticket/647
* Do not throw a DP error when failing to delete a nonexistent entityStephen Gallagher2011-04-151-4/+4
|
* Require existence of GID number and name in group searchesStephen Gallagher2011-03-141-3/+6
| | | | https://fedorahosted.org/sssd/ticket/824
* Remove cached user entry if initgroups returns ENOENTStephen Gallagher2011-02-181-0/+11
| | | | | This behavior was present for getpwnam() but was lacking for initgroups.
* Add the user's primary group to the initgroups lookupStephen Gallagher2011-01-211-5/+6
| | | | | The user may not be a direct member of their primary group, but we still want to make sure that group is cached on the system.
* Add timeout parameter to sdap_get_generic_send()Sumit Bose2011-01-171-2/+6
|
* ldap: add checks to determine if USN features are available.Simo Sorce2010-12-071-1/+1
|
* Add a special filter type to handle enumerationsSumit Bose2010-12-021-17/+6
|
* Add check_online method to LDAP ID providerSumit Bose2010-12-011-0/+41
|
* Sanitize search filters in LDAP providerStephen Gallagher2010-11-151-2/+16
|
* Always use uint32_t for UID/GID numbersJakub Hrozek2010-10-261-6/+5
|
generated by cgit (git 2.34.1) at 2024-06-17 20:30:55 +0000