| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Add option to fallback to fetch local users if rfc2307is being used.
This is useful for cases where people added local users as LDAP members
and rely on these group memberships to be maintained on the local host.
Disabled by default as it violates identity domain separation.
Ticket:
https://fedorahosted.org/sssd/ticket/1020
|
|
|
|
|
|
|
| |
The code would call sysdb_attrs_add_uint32 which added another UID or GID
to the ID=0 we already downloaded from LDAP (0 is the default value) when
ID-mapping an entry. This led to funky behaviour later on when we wanted
to process the ID.
|
| |
|
|
|
|
|
|
| |
This patch adds support for new config options krb5_backup_server and
krb5_backup_kpasswd. The description of this option's functionality
is included in man page in one of previous patches.
|
|
|
|
|
|
| |
This patch adds support for new config option ldap_backup_uri. The
description of this option's functionality is included in man page in
previous patch.
|
|
|
|
|
|
|
|
|
|
| |
Adds some option that allows to manually configure a host filter.
ldap_sudo_use_host_filter - if false, we will download all rules regardless their sudoHost attribute
ldap_sudo_hostnames - list hostnames and/or fqdn that should be downloaded, separated with spaces
ldap_sudo_ip - list of IPv4/6 address and/or network that should be downloaded, separated with spaces
ldap_sudo_include_netgroups - include rules that contains netgroup in sudoHost
ldap_sudo_include_regexp - include rules that contains regular expression in sudoHost
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This patch extends the RootDSE lookup so that we will perform a
second request to test whether the match rule syntax can be used.
If both groups and initgroups are disabled in the configuration,
this lookup request can be skipped.
|
| |
|
|
|
|
|
| |
This patch adds support for filtering attributes when constructing
attribute list from a map for LDAP query.
|
|
|
|
|
|
|
| |
This is necessary because in several places in the code, we are
appending to the attrs returned from this value, and if we relied
on the map size macro, we would be appending after the NULL
terminator if one or more attributes were defined as NULL.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1019
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1016
|
| |
|
| |
|
|
|
|
| |
Fixes https://fedorahosted.org/sssd/ticket/967
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1110
Adds new configuration options:
- ldap_sudo_refresh_enabled - enable/disable periodical updates
- ldap_sudo_refresh_timeout - rules timeout (refresh period)
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1036
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1075
|
|
|
|
|
| |
These were renamed just ot make sure they are not mistook for IPA
netgroup functions.
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/957
|
| |
|
|
|
|
| |
These DNs were never assigned or referenced anywhere.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/985
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/978
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Instead of issuing N LDAP requests when processing a group with N users,
utilize the dereference functionality to pull down all the members in a
single LDAP request.
https://fedorahosted.org/sssd/ticket/799
|
|
|
|
|
|
|
|
| |
This dereference method is supported at least by OpenLDAP and
389DS/RHDS
For more details, see:
http://tools.ietf.org/html/draft-masarati-ldap-deref-00
|
|
|
|
| |
These will be shared by both dereference methods in a later patch.
|
|
|
|
| |
This function was not used anywhere
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we construct the principal as host/fqdn@REALM. The problem
with this is that this principal doesn't have to be in the keytab. In
that case the provider fails to start. It is better to scan the keytab
and find the most suitable principal to use. Only in case no suitable
principal is found the backend should fail to start.
The second issue solved by this patch is that the realm we are
authenticating the machine to can be in general different from the realm
our users are part of (in case of cross Kerberos trust).
The patch adds new configuration option SDAP_SASL_REALM.
https://fedorahosted.org/sssd/ticket/781
|