summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/ldap_init.c
Commit message (Collapse)AuthorAgeFilesLines
* LDAP: Prevent from using uninitialized sdap_optionsLukas Slebodnik2013-11-141-1/+1
| | | | | | | | ldap_get_options can fail in time of ldap back end initialisation and then sssd try to release uninitialised sdap_options. Resolves: https://fedorahosted.org/sssd/ticket/2147
* AD: Use the ad_access_filter if it's setJakub Hrozek2013-10-251-17/+7
| | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2082 Currently the AD access control only checks if an account has been expired. This patch amends the logic so that if ad_access_filter is set, it is used automatically.
* LDAP: Make sdap_id_setup_tasks reusable for subdomainsJakub Hrozek2013-08-281-1/+1
| | | | | Instead of always performing the setup for the main domain, the setup can now be performed for subdomains as well.
* providers: refresh expired netgroupsPavel Březina2013-06-101-0/+11
| | | | https://fedorahosted.org/sssd/ticket/1713
* LDAP: new SDAP domain structureJakub Hrozek2013-06-071-1/+1
| | | | | | | | | | | Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain.
* LDAP: sdap_id_ctx might contain several connectionsJakub Hrozek2013-06-071-22/+23
| | | | | | | | | | | | | | | | | | | With some LDAP server implementations, one server might provide different "views" of the identites on different ports. One example is the Active Directory Global catalog. The provider would contact different view depending on which operation it is performing and against which SSSD domain. At the same time, these views run on the same server, which means the same server options, enumeration, cleanup or Kerberos service should be used. So instead of using several different failover ports or several instances of sdap_id_ctx, this patch introduces a new "struct sdap_id_conn_ctx" that contains the connection cache to the particular view and an instance of "struct sdap_options" that contains the URI. No functional changes are present in this patch, currently all providers use a single connection. Multiple connections will be used later in the upcoming patches.
* Remove unneeded parameter of setup_child and namespace itJakub Hrozek2013-05-201-1/+1
| | | | | setup_child() was accepting a parameter it didn't use. Also the function name was too generic, so I added a sdap prefix.
* Fixing critical format string issues.Lukas Slebodnik2013-05-201-1/+3
| | | | | | --missing arguments. --format '%s', but argument is integer. --wrong format string, examle: '%\n'
* LDAP: Always initialize idmap objectJakub Hrozek2013-05-131-5/+3
| | | | | | | | https://fedorahosted.org/sssd/ticket/1922 Since we always store the SID now, we need to always initialize the ID mapping object in LDAP provider as well. Some users might want to configure the LDAP provider with ID mapping, not the AD provider itself.
* DNS sites support - use SRV DNS lookup plugin in all providersPavel Březina2013-04-101-0/+9
| | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1032 We set a plugin during an initialization of ID provider, which is an authoritative provider for a plugin choice. The plugin is set only once. When other provider is initalized (e.g. id = IPA, sudo = LDAP), we do not overwrite the plugin. Since sssm_*_id_init() is called from all module constructors, this patch relies on the fact, that ID provider is initialized before all other providers.
* let ldap_backup_chpass_uri workPavel Březina2013-01-141-2/+4
| | | | https://fedorahosted.org/sssd/ticket/1760
* failover: Protect against empty host namesMichal Zidek2013-01-021-1/+1
| | | | | | | | | | Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484
* Primary server support: new option in ldap providerJan Zeleny2012-08-011-4/+3
| | | | | | This patch adds support for new config option ldap_backup_uri. The description of this option's functionality is included in man page in previous patch.
* Primary server support: LDAP adaptationJan Zeleny2012-08-011-2/+3
| | | | | | This patch adds support for the primary server functionality into LDAP provider. No backup servers are added at the moment, just the basic support is in place.
* Move some debug lines to new debug log levelsStef Walter2012-06-201-1/+1
| | | | | | | * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
* LDAP: Initialize ID mapping when configuredStephen Gallagher2012-05-031-0/+7
|
* Do not call sudo functions if built without-sudoJakub Hrozek2012-02-051-1/+7
|
* AUTOFS: LDAP providerJakub Hrozek2012-02-051-0/+31
|
* Move BUILD_SUDO outside the generic LDAP source filesJakub Hrozek2012-02-041-27/+8
| | | | Avoid #ifdefs in the general part of the code
* SUDO Integration - periodical update of rules in data providerPavel Březina2012-01-171-0/+5
| | | | | | | | https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
* Move child_common routines to utilStephen Gallagher2011-12-191-1/+1
|
* SUDO integration - LDAP providerPavel Březina2011-12-161-0/+39
|
* Fix size return for split_on_separator()Stephen Gallagher2011-11-021-5/+5
| | | | | | | It was returning the size of the array, rather than the number of elements. (The array was NULL-terminated). This argument was only used in one place that was actually working around this odd return value.
* Add LDAP access control based on NDS attributesSumit Bose2011-07-081-0/+1
|
* Add host access control supportPierre Ossman2011-03-241-0/+2
| | | | https://fedorahosted.org/sssd/ticket/746
* Add LDAP expire policy base RHDS/IPA attributeSumit Bose2011-01-191-1/+4
| | | | | The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
* Add LDAP expire policy based on AD attributesSumit Bose2011-01-191-1/+2
| | | | | | The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
* Add authorizedService supportStephen Gallagher2010-12-211-0/+2
| | | | https://fedorahosted.org/sssd/ticket/670
* Avoid multiple initializations in LDAP providerSumit Bose2010-12-201-39/+30
| | | | | | Currently in a domain where LDAP was used for id and auth the LDAP UIR was added multiple times to the failover code which may cause unwanted delays.
* Pass sdap_id_ctx in sdap_id_op functions.Simo Sorce2010-12-071-3/+1
|
* Add ldap_chpass_uri config optionSumit Bose2010-12-061-0/+21
|
* Add new account expired rule to LDAP access providerSumit Bose2010-12-061-22/+112
| | | | | | | | | | | | | | Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
* Add check_online method to LDAP ID providerSumit Bose2010-12-011-1/+2
|
* Check for GSSAPI before attempting to kinitJakub Hrozek2010-10-151-8/+12
|
* Initialize kerberos service for GSSAPIJakub Hrozek2010-10-131-0/+11
|
* Remove remainder of now unused global LDAP connection handle.eindenbom2010-07-091-7/+0
|
* LDAP connection usage tracking, sharing and failover retry framework.eindenbom2010-07-091-0/+7
|
* Don't segfault if ldap_access_filter is unspecifiedStephen Gallagher2010-06-141-12/+13
| | | | https://fedorahosted.org/sssd/ticket/539
* Allow ldap_access_filter values wrapped in parenthesesStephen Gallagher2010-06-091-2/+20
|
* Fix check if LDAP id provider is already initializedSumit Bose2010-05-271-1/+1
|
* Add ldap_access_filter optionStephen Gallagher2010-05-271-0/+56
| | | | | | | | | | This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
* Add offline callback to disconnect global SDAP handleSumit Bose2010-05-271-0/+7
|
* Use service discovery in backendsJakub Hrozek2010-05-071-8/+16
| | | | | | | | | Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
* Make ID provider init functions clearerStephen Gallagher2010-04-161-3/+3
| | | | | | | | | | | Using sssm_*_init() as the name of the initialization function for identity providers was a holdover from earlier development when we thought we would only have a single "provider" entry in the config file. As we have now separated out the initialization functions for auth, chpass and access, we should rename sssm_*_init() to sssm_*_id_init() for a cleaner interface.
* Rename server/ directory to src/Stephen Gallagher2010-02-181-0/+179
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-05-12 04:49:56 +0000