summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/sdap.c
Commit message (Collapse)AuthorAgeFilesLines
* Adding option to disable retrieving large AD groups.Lukas Slebodnik2013-05-231-8/+18
| | | | | | | | | This commit adds new option ldap_disable_range_retrieval with default value FALSE. If this option is enabled, large groups(>1500) will not be retrieved and behaviour will be similar like was before commit ae8d047122c "LDAP: Handle very large Active Directory groups" https://fedorahosted.org/sssd/ticket/1823
* Removing unused functions.Lukas Slebodnik2013-05-231-28/+0
| | | | This patch remove unused functions sdap_parse_user and sdap_parse_group
* sysdb: try dealing with binary-content attributesJan Engelhardt2013-02-261-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1818 I have here a LDAP user entry which has this attribute loginAllowedTimeMap:: AAAAAAAAAP///38AAP///38AAP///38AAP///38AAP///38AAAAAAAAA In the function sysdb_attrs_add_string(), called from sdap_attrs_add_ldap_attr(), strlen() is called on this blob, which is the wrong thing to do. The result of strlen is then used to populate the .v_length member of a struct ldb_val - and this will set it to zero in this case. (There is also the problem that there may not be a '\0' at all in the blob.) Subsequently, .v_length being 0 makes ldb_modify(), called from sysdb_set_entry_attr(), return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX. End result is that users do not get stored in the sysdb, and programs like `id` or `getent ...` show incomplete information. The bug was encountered with sssd-1.8.5. sssd-1.5.11 seemed to behave fine, but that may not mean that is the absolute lower boundary of introduction of the problem.
* AD: replace GID/UID, do not add another oneJakub Hrozek2013-01-091-0/+31
| | | | | | | The code would call sysdb_attrs_add_uint32 which added another UID or GID to the ID=0 we already downloaded from LDAP (0 is the default value) when ID-mapping an entry. This led to funky behaviour later on when we wanted to process the ID.
* LDAP: Check validity of naming_contextJakub Hrozek2012-10-151-1/+1
| | | | | | | https://fedorahosted.org/sssd/ticket/1581 If the namingContext attribute had no values or multiple values, then our code would dereference a NULL pointer.
* LDAP: Handle empty namingContexts values safelyStephen Gallagher2012-09-261-0/+8
| | | | | | | | Certain LDAP servers can return an empty string as the value of namingContexts. We need to treat these as NULL so that we can fail gracefully. https://fedorahosted.org/sssd/ticket/1542
* AD: Detect domain controller compatibility versionStephen Gallagher2012-09-241-0/+30
|
* SSSD fails to store users if any of the requested attribute is empty.Michal Zidek2012-09-201-0/+6
| | | | https://fedorahosted.org/sssd/ticket/1440
* Fix segfault when sudo is not configured.Simo Sorce2012-06-301-1/+2
| | | | | Sudo support is optional, when it is not configured sudorules_map is not initialized and dereferencing it will cause a segmentation fault.
* ldap provider: add sudo usn valuePavel Březina2012-06-291-0/+5
|
* LDAP: Auto-detect support for the ldap match ruleStephen Gallagher2012-06-131-2/+5
| | | | | | | | This patch extends the RootDSE lookup so that we will perform a second request to test whether the match rule syntax can be used. If both groups and initgroups are disabled in the configuration, this lookup request can be skipped.
* Add support for filtering atributesJan Zeleny2012-05-311-1/+19
| | | | | This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
* Fixed two minor memory leaksJan Zeleny2012-05-141-1/+4
|
* LDAP: Handle very large Active Directory groupsStephen Gallagher2012-05-101-26/+46
| | | | | | | | | | | | | Active Directory 2008R2 allows only 1500 group members to be retrieved in a single lookup. However, when we hit such a situation, we can take advantage of the ASQ lookups, which are not similarly limited. With this patch, we will add any members found by ASQ that were not found by the initial lookup so we will end with a complete group listing. https://fedorahosted.org/sssd/ticket/783
* LDAP: Add attr_count return value to build_attrs_from_map()Stephen Gallagher2012-05-101-5/+26
| | | | | | | This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL.
* Prevent printing NULL from DEBUG messagesJakub Hrozek2012-04-181-4/+9
|
* Add missing breaks to switch statementsStephen Gallagher2012-02-131-0/+1
| | | | Coverity #12525 and #12524
* LDAP: Add support for SSH user public keysJan Cholasta2012-02-071-2/+18
|
* AUTOFS: LDAP providerJakub Hrozek2012-02-051-1/+12
|
* LDAP: Do not fail if RootDSE check cannot determine search basesStephen Gallagher2012-02-041-1/+6
| | | | https://fedorahosted.org/sssd/ticket/1152
* LDAP: Add enumeration support for servicesStephen Gallagher2012-01-311-0/+5
|
* LDAP: Add support for service lookups (non-enum)Stephen Gallagher2012-01-311-0/+11
|
* LDAP: Improve debugging for sdap_parse_derefStephen Gallagher2012-01-231-4/+7
| | | | | | Move the debug statement identifying the DN to an earlier line, so if we get a reply with no attributes, we know which entry is at fault.
* SUDO Integration - LDAP configuration optionsPavel Březina2011-12-161-1/+13
|
* Modified sdap_parse_search_base()Jan Zeleny2011-11-231-1/+1
|
* Cleanup: Remove unused parametersJakub Hrozek2011-11-221-2/+0
|
* LDAP: Add parser for multiple search basesStephen Gallagher2011-11-021-26/+83
|
* sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string()Pavel Březina2011-09-061-14/+14
| | | | https://fedorahosted.org/sssd/ticket/986
* OpenLDAP dereference searchesJakub Hrozek2011-05-201-0/+159
| | | | | | | | This dereference method is supported at least by OpenLDAP and 389DS/RHDS For more details, see: http://tools.ietf.org/html/draft-masarati-ldap-deref-00
* Remove append_attrs_to_arrayJakub Hrozek2011-05-201-11/+0
| | | | This function was not used anywhere
* Add value of the last USN to server configurationStephen Gallagher2011-04-191-0/+15
| | | | | Related: https://fedorahosted.org/sssd/ticket/734
* Initialise srv_opts even if rootDSE is missingSumit Bose2011-04-111-38/+40
|
* Remove LDAP_DEPRECATEDSumit Bose2011-01-311-1/+0
|
* Do not fail if attributes are emptySumit Bose2011-01-271-16/+29
| | | | | | | Currently we fail if attributes are empty. But there are some use cases where requested attributes are empty. E.g Active Directory uses an empty member attribute to indicate that a subset of the members are in a range sub-attribute.
* Add ldap_tls_{cert,key,cipher_suite} config optionsTyson Whitehead2011-01-201-0/+27
| | | | Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* Fix unchecked return value in sdap_parse_entry()Sumit Bose2010-12-141-1/+5
| | | | https://fedorahosted.org/sssd/ticket/712
* Fix unchecked return value in sdap_get_msg_dn()Sumit Bose2010-12-141-1/+6
| | | | https://fedorahosted.org/sssd/ticket/712
* ldap: Use USN entries if available.Simo Sorce2010-12-071-3/+55
| | | | Otherwise fallback to the default modifyTimestamp indicator
* ldap: add checks to determine if USN features are available.Simo Sorce2010-12-071-1/+83
|
* Fix const cast warning in build_attrs_from_mapStephen Gallagher2010-11-151-3/+3
|
* Sanitize ldap attributes in the config fileStephen Gallagher2010-11-151-2/+21
| | | | https://fedorahosted.org/sssd/ticket/458
* Review comments for namingContexts patchesSumit Bose2010-11-051-5/+5
|
* Use (default)namingContext to set empty search basesSumit Bose2010-11-041-0/+103
|
* Check if control is supported before using it.Simo Sorce2010-09-151-0/+18
|
* Store rootdse supported features in sdap_handlerSumit Bose2010-09-151-18/+64
|
* Rename server/ directory to src/Stephen Gallagher2010-02-181-0/+388
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-05-08 16:03:02 +0000