summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/ldap_id_enum.c
Commit message (Collapse)AuthorAgeFilesLines
* Replace SDAP_ID_MAPPING checks with sdap_idmap_domain_has_algorithmic_mappingSumit Bose2013-06-281-2/+7
| | | | | | | | | | Currently the decision if external or algorithmic mapping should be used in the LDAP or AD provider was based on the value of the ldap_id_mapping config option. Since now all information about ID mapping is handled by libsss_idmap the check for this options can be replace with a call which checks the state via libss_idmap. https://fedorahosted.org/sssd/ticket/1961
* LDAP: new SDAP domain structureJakub Hrozek2013-06-071-15/+23
| | | | | | | | | | | Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain.
* LDAP: sdap_id_ctx might contain several connectionsJakub Hrozek2013-06-071-1/+1
| | | | | | | | | | | | | | | | | | | With some LDAP server implementations, one server might provide different "views" of the identites on different ports. One example is the Active Directory Global catalog. The provider would contact different view depending on which operation it is performing and against which SSSD domain. At the same time, these views run on the same server, which means the same server options, enumeration, cleanup or Kerberos service should be used. So instead of using several different failover ports or several instances of sdap_id_ctx, this patch introduces a new "struct sdap_id_conn_ctx" that contains the connection cache to the particular view and an instance of "struct sdap_options" that contains the URI. No functional changes are present in this patch, currently all providers use a single connection. Multiple connections will be used later in the upcoming patches.
* Remove sysdb as a be context structure memberSimo Sorce2013-01-211-3/+3
| | | | The sysdb context is already available through the 'domain' structure.
* Add domain argument to sysdb_has/set_enumerated()Simo Sorce2013-01-151-1/+1
|
* Clean up cache on server reinitializationPavel Březina2012-08-231-4/+2
| | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/734 We successfully detect when the server is reinitialized by testing the new lastUSN value. The maximum USN values are set to zero, but the current cache content remains. This patch removes records that were deleted from the server. It uses the following approach: 1. remove entryUSN attribute from all entries 2. run enumeration 3. remove records that doesn't have entryUSN attribute updated We don't need to do this for sudo rules, they will be refreshed automatically during next smart/full refresh, or when an expired rule is deleted.
* Add support for filtering atributesJan Zeleny2012-05-311-4/+4
| | | | | This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
* LDAP: Add attr_count return value to build_attrs_from_map()Stephen Gallagher2012-05-101-2/+2
| | | | | | | This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL.
* LDAP: Add support for enumeration of ID-mapped users and groupsStephen Gallagher2012-05-031-31/+102
|
* LDAP: Add enumeration support for servicesStephen Gallagher2012-01-311-3/+57
|
* LDAP: Add support for multiple search bases for group enumerationStephen Gallagher2011-11-021-1/+2
|
* LDAP: Add support for multiple search bases for user enumerationStephen Gallagher2011-11-021-1/+2
|
* LDAP: Convert ldap_*_search_filterStephen Gallagher2011-11-021-26/+6
| | | | | | Instead of making this a global option for all user lookups, make it only used if the search base is passed without an explicit filter.
* LDAP: Support multiple group search bases (non-enumeration, RFC2307)Stephen Gallagher2011-11-021-1/+7
|
* LDAP: Support multiple user search bases (non-enumeration)Stephen Gallagher2011-11-021-0/+5
|
* sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny2011-08-151-3/+1
| | | | | The patch also updates code using modified functions. Tests have also been adjusted.
* Fix returning groups when gidNumber attribute is not orderedJakub Hrozek2011-08-041-2/+4
| | | | https://fedorahosted.org/sssd/ticket/951
* Fixed lastUSN checking improvementsJan Zeleny2011-05-041-0/+15
| | | | | | | | This patch fixes some issues with setting lastUSN attribute and it adds check against the highest user/group USN after enumeration to keep better track of the real highest USN. Optimal solution here would be to schedule a check of rootDSE entry right after the enumeration finishes, but for the moment this is good enough.
* Add user and group search LDAP filter optionsJakub Hrozek2011-04-191-6/+26
| | | | https://fedorahosted.org/sssd/ticket/647
* Require existence of username, uid and gid for user enumerationStephen Gallagher2011-03-141-12/+18
| | | | We will ignore users that do not have these three values.
* Require existence of GID number and name in group searchesStephen Gallagher2011-03-141-12/+16
| | | | https://fedorahosted.org/sssd/ticket/824
* Add ldap_search_enumeration_timeout config optionSumit Bose2011-01-171-2/+2
|
* Add timeout parameter to sdap_get_generic_send()Sumit Bose2011-01-171-2/+6
|
* Start first enumeration immediatelyStephen Gallagher2010-12-171-0/+14
| | | | | | | | | | | | | | Previously, we would wait for ten seconds before starting an enumeration. However, this meant that on the first startup (before we had run our first enumeration) there was a ten-second window where clients would immediately get back a response with no entries instead of blocking until the enumeration completed. With this patch, SSSD will now run an enumeration immediately upon startup. Further startups will retain the ten-second delay so as not to slow down system bootups. https://fedorahosted.org/sssd/ticket/616
* ldap: Use USN entries if available.Simo Sorce2010-12-071-26/+25
| | | | Otherwise fallback to the default modifyTimestamp indicator
* Dead assignments cleanup in providers codeJan Zeleny2010-09-081-3/+0
| | | | | | | Dead assignments were deleted. Also prototype of function sdap_access_decide_offline() has been changed, since its return code was never used. Ticket: #586
* Use new LDAP connection framework for LDAP user and group enumeration.eindenbom2010-07-091-236/+131
|
* Properly check that the timeout event was created for cleanup/enumStephen Gallagher2010-06-101-1/+23
| | | | | | | | | We need to make sure that if we didn't create the timeout, that we cancel the request so there's no chance of ending up with two enumerations/cleanups running simultaneously. We'll attempt to reschedule later, if possible. https://fedorahosted.org/sssd/ticket/524
* Fix segfault in GSSAPI reconnect codeStephen Gallagher2010-05-071-2/+6
| | | | | Also clean up some duplicated code into a single common routine sdap_account_info_common_done()
* Better handle sdap_handle memory from callers.Simo Sorce2010-05-031-16/+95
| | | | | | | | | | | | | Always just mark the sdap_handle as not connected and let later _send() functions to take care of freeing the handle before reconnecting. Introduce restart functions to avoid calling _send() functions in _done() functions error paths as this would have the same effect as directly freeing the sdap_handle and cause access to freed memory in sdap_handle_release() By freeing sdap_handle only in the connection _recv() function we guarantee it can never be done within sdap_handle_release() but only in a following event.
* Rename server/ directory to src/Stephen Gallagher2010-02-181-0/+608
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-05-17 07:08:56 +0000