| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1376
|
|
|
|
|
|
|
|
|
|
|
| |
Add option to fallback to fetch local users if rfc2307is being used.
This is useful for cases where people added local users as LDAP members
and rely on these group memberships to be maintained on the local host.
Disabled by default as it violates identity domain separation.
Ticket:
https://fedorahosted.org/sssd/ticket/1020
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/734
We successfully detect when the server is reinitialized by testing
the new lastUSN value. The maximum USN values are set to zero, but
the current cache content remains.
This patch removes records that were deleted from the server.
It uses the following approach:
1. remove entryUSN attribute from all entries
2. run enumeration
3. remove records that doesn't have entryUSN attribute updated
We don't need to do this for sudo rules, they will be refreshed
automatically during next smart/full refresh, or when an expired rule
is deleted.
|
| |
|
|
|
|
|
| |
This patch adds support for filtering attributes when constructing
attribute list from a map for LDAP query.
|
|
|
|
|
|
|
| |
This is necessary because in several places in the code, we are
appending to the attrs returned from this value, and if we relied
on the map size macro, we would be appending after the NULL
terminator if one or more attributes were defined as NULL.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This was causing a segfault during HBAC processing and any ID lookups
except for netgroups
|
|
|
|
|
| |
These were renamed just ot make sure they are not mistook for IPA
netgroup functions.
|
| |
|
| |
|
|
|
|
|
|
| |
Instead of making this a global option for all user lookups, make
it only used if the search base is passed without an explicit
filter.
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1013
|
|
|
|
|
|
| |
This patch deletes memory context parameter in those places in sysdb
where it is not necessary. The code using modified functions has been
updated. Tests updated as well.
|
|
|
|
|
| |
The patch also updates code using modified functions. Tests have also
been adjusted.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/951
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/916
|
|
|
|
|
|
|
|
| |
This patch fixes some issues with setting lastUSN attribute and it adds
check against the highest user/group USN after enumeration to keep
better track of the real highest USN. Optimal solution here would be to
schedule a check of rootDSE entry right after the enumeration finishes,
but for the moment this is good enough.
|
|
|
|
|
|
|
|
|
|
|
| |
When reconnecting to the LDAP server supporting USNs (either because of new incomming
id operation or invokation of callback responsible for checking status
of the backend), detect whether the highest USN is lower than the one
SSSD has recorded. If so, setup enumeration/cleanup to refresh
potentionally changed account information in the SSSD cache.
Related ticket:
https://fedorahosted.org/sssd/ticket/734
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/647
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/824
|
|
|
|
|
| |
This behavior was present for getpwnam() but was lacking for
initgroups.
|
|
|
|
|
| |
The user may not be a direct member of their primary group, but
we still want to make sure that group is cached on the system.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
We used strtol() on a number of places to convert into uid_t or gid_t
from a string representation such as LDAP attribute, but on some
platforms, unsigned long might be necessary to store big id_t values.
This patch converts to using strtoul() instead.
|
| |
|
|
|
|
|
|
|
| |
We tried to be too clever and only requested the name of the group,
but we require the objectClass to validate the results.
https://fedorahosted.org/sssd/ticket/622
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Also clean up some duplicated code into a single common routine
sdap_account_info_common_done()
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Always just mark the sdap_handle as not connected and let later _send()
functions to take care of freeing the handle before reconnecting.
Introduce restart functions to avoid calling _send() functions in _done()
functions error paths as this would have the same effect as directly freeing
the sdap_handle and cause access to freed memory in sdap_handle_release()
By freeing sdap_handle only in the connection _recv() function we
guarantee it can never be done within sdap_handle_release() but only
in a following event.
|
| |
|
| |
|
|
Also update BUILD.txt
|