summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/ldap_id.c
Commit message (Collapse)AuthorAgeFilesLines
* Add ignore_group_members option.Paul B. Henson2013-05-311-1/+8
| | | | https://fedorahosted.org/sssd/ticket/1376
* ldap: Fallback option for rfc2307 schemaSimo Sorce2013-03-211-0/+39
| | | | | | | | | | | Add option to fallback to fetch local users if rfc2307is being used. This is useful for cases where people added local users as LDAP members and rely on these group memberships to be maintained on the local host. Disabled by default as it violates identity domain separation. Ticket: https://fedorahosted.org/sssd/ticket/1020
* Clean up cache on server reinitializationPavel Březina2012-08-231-0/+45
| | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/734 We successfully detect when the server is reinitialized by testing the new lastUSN value. The maximum USN values are set to zero, but the current cache content remains. This patch removes records that were deleted from the server. It uses the following approach: 1. remove entryUSN attribute from all entries 2. run enumeration 3. remove records that doesn't have entryUSN attribute updated We don't need to do this for sudo rules, they will be refreshed automatically during next smart/full refresh, or when an expired rule is deleted.
* ldap provider: add sudo usn valuePavel Březina2012-06-291-0/+2
|
* Add support for filtering atributesJan Zeleny2012-05-311-6/+6
| | | | | This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
* LDAP: Add attr_count return value to build_attrs_from_map()Stephen Gallagher2012-05-101-3/+3
| | | | | | | This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL.
* LDAP: Enable looking up id-mapped groups by GIDStephen Gallagher2012-05-031-2/+45
|
* LDAP: Allow looking up ID-mapped groups by nameStephen Gallagher2012-05-031-11/+20
|
* LDAP: Enable looking up id-mapped users by UIDStephen Gallagher2012-05-031-6/+43
|
* LDAP: Add enumeration support for servicesStephen Gallagher2012-01-311-0/+2
|
* LDAP: Add support for service lookups (non-enum)Stephen Gallagher2012-01-311-0/+30
|
* Pass sdap_id_ctx to online check from IPA providerJakub Hrozek2011-12-191-17/+40
|
* Provide means of forcing TLS and GSSAPI enabled/disabled for sdap connectionsJakub Hrozek2011-11-291-1/+2
|
* Fix sdap_id_ctx/ipa_id_ctx mismatch in IPA providerJakub Hrozek2011-11-251-2/+13
| | | | | This was causing a segfault during HBAC processing and any ID lookups except for netgroups
* Renamed some LDAP routinesJan Zeleny2011-11-231-2/+2
| | | | | These were renamed just ot make sure they are not mistook for IPA netgroup functions.
* LDAP: Add support for multiple search bases for group enumerationStephen Gallagher2011-11-021-1/+2
|
* LDAP: Add support for multiple search bases for user enumerationStephen Gallagher2011-11-021-1/+2
|
* LDAP: Convert ldap_*_search_filterStephen Gallagher2011-11-021-32/+12
| | | | | | Instead of making this a global option for all user lookups, make it only used if the search base is passed without an explicit filter.
* LDAP: Support multiple group search bases (non-enumeration, RFC2307)Stephen Gallagher2011-11-021-1/+3
|
* LDAP: Support multiple user search bases (non-enumeration)Stephen Gallagher2011-11-021-0/+1
|
* Use explicit base 10 for converting strings to integersJakub Hrozek2011-10-031-2/+2
| | | | https://fedorahosted.org/sssd/ticket/1013
* sysdb refactoring: memory context deletedJan Zeleny2011-08-151-7/+5
| | | | | | This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
* sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny2011-08-151-9/+4
| | | | | The patch also updates code using modified functions. Tests have also been adjusted.
* Fix returning groups when gidNumber attribute is not orderedJakub Hrozek2011-08-041-1/+3
| | | | https://fedorahosted.org/sssd/ticket/951
* Explicitly ignore groups with gidNumber=0Jakub Hrozek2011-07-271-1/+1
| | | | https://fedorahosted.org/sssd/ticket/916
* Fixed lastUSN checking improvementsJan Zeleny2011-05-041-3/+6
| | | | | | | | This patch fixes some issues with setting lastUSN attribute and it adds check against the highest user/group USN after enumeration to keep better track of the real highest USN. Optimal solution here would be to schedule a check of rootDSE entry right after the enumeration finishes, but for the moment this is good enough.
* Add last usn checking after reconnectionJan Zeleny2011-04-191-1/+16
| | | | | | | | | | | When reconnecting to the LDAP server supporting USNs (either because of new incomming id operation or invokation of callback responsible for checking status of the backend), detect whether the highest USN is lower than the one SSSD has recorded. If so, setup enumeration/cleanup to refresh potentionally changed account information in the SSSD cache. Related ticket: https://fedorahosted.org/sssd/ticket/734
* Add user and group search LDAP filter optionsJakub Hrozek2011-04-191-13/+32
| | | | https://fedorahosted.org/sssd/ticket/647
* Do not throw a DP error when failing to delete a nonexistent entityStephen Gallagher2011-04-151-4/+4
|
* Require existence of GID number and name in group searchesStephen Gallagher2011-03-141-3/+6
| | | | https://fedorahosted.org/sssd/ticket/824
* Remove cached user entry if initgroups returns ENOENTStephen Gallagher2011-02-181-0/+11
| | | | | This behavior was present for getpwnam() but was lacking for initgroups.
* Add the user's primary group to the initgroups lookupStephen Gallagher2011-01-211-5/+6
| | | | | The user may not be a direct member of their primary group, but we still want to make sure that group is cached on the system.
* Add timeout parameter to sdap_get_generic_send()Sumit Bose2011-01-171-2/+6
|
* ldap: add checks to determine if USN features are available.Simo Sorce2010-12-071-1/+1
|
* Add a special filter type to handle enumerationsSumit Bose2010-12-021-17/+6
|
* Add check_online method to LDAP ID providerSumit Bose2010-12-011-0/+41
|
* Sanitize search filters in LDAP providerStephen Gallagher2010-11-151-2/+16
|
* Always use uint32_t for UID/GID numbersJakub Hrozek2010-10-261-6/+5
|
* Use unsigned long for conversion to id_tJakub Hrozek2010-10-181-2/+2
| | | | | | | | We used strtol() on a number of places to convert into uid_t or gid_t from a string representation such as LDAP attribute, but on some platforms, unsigned long might be necessary to store big id_t values. This patch converts to using strtoul() instead.
* Implement netgroup support for LDAP providerSumit Bose2010-10-131-0/+26
|
* Request all group attributes during initgroups processingStephen Gallagher2010-09-221-0/+1
| | | | | | | We tried to be too clever and only requested the name of the group, but we require the objectClass to validate the results. https://fedorahosted.org/sssd/ticket/622
* Use new LDAP connection framework to get user account groups from LDAP.eindenbom2010-07-091-108/+67
|
* Use new LDAP connection framework to get group account info from LDAP.eindenbom2010-07-091-36/+65
|
* Use new LDAP connection framework to get user account info from LDAP.eindenbom2010-07-091-37/+90
|
* Fix segfault in GSSAPI reconnect codeStephen Gallagher2010-05-071-55/+35
| | | | | Also clean up some duplicated code into a single common routine sdap_account_info_common_done()
* Better handle sdap_handle memory from callers.Simo Sorce2010-05-031-16/+40
| | | | | | | | | | | | | Always just mark the sdap_handle as not connected and let later _send() functions to take care of freeing the handle before reconnecting. Introduce restart functions to avoid calling _send() functions in _done() functions error paths as this would have the same effect as directly freeing the sdap_handle and cause access to freed memory in sdap_handle_release() By freeing sdap_handle only in the connection _recv() function we guarantee it can never be done within sdap_handle_release() but only in a following event.
* sysdb: delete sysdb_delete_groupSimo Sorce2010-04-121-33/+10
|
* sysdb: convert sysdb_delete_userSimo Sorce2010-04-121-33/+10
|
* Rename server/ directory to src/Stephen Gallagher2010-02-181-0/+795
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-05-04 08:46:47 +0000