sssd.git - sssd with jhrozek's patches

	Commit message (Collapse)	Author	Age	Files	Lines
*	LDAP: Add utility function sdap_copy_map	Jakub Hrozek	2013-06-28	1	-0/+5
\| \| \| \| \| \| \| \| \|	The AD subdomains will only use default options values. This patch introduces a new utility function sdap_copy_map() that copies the default options map. Subtask of: https://fedorahosted.org/sssd/ticket/1962
*	Add now options ldap_min_id and ldap_max_id	Sumit Bose	2013-06-28	1	-0/+2
\| \| \| \| \| \| \|	Currently the range for Posix IDs stored in an LDAP server is unbound. This might lead to conflicts in a setup with AD and trusts when the configured domain uses IDs from LDAP. With the two noe options this conflict can be avoided.
*	A new option krb5_use_kdcinfo	Jakub Hrozek	2013-06-10	1	-0/+1
\| \| \| \| \| \| \| \| \| \|	https://fedorahosted.org/sssd/ticket/1883 The patch introduces a new Kerberos provider option called krb5_use_kdcinfo. The option is true by default in all providers. When set to false, the SSSD will not create krb5 info files that the locator plugin consumes and the user would have to set up the Kerberos options manually in krb5.conf
*	LDAP: new SDAP domain structure	Jakub Hrozek	2013-06-07	1	-8/+20
\| \| \| \| \| \| \| \| \| \| \|	Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain.
*	Adding option to disable retrieving large AD groups.	Lukas Slebodnik	2013-05-23	1	-1/+3
\| \| \| \| \| \| \| \| \|	This commit adds new option ldap_disable_range_retrieval with default value FALSE. If this option is enabled, large groups(>1500) will not be retrieved and behaviour will be similar like was before commit ae8d047122c "LDAP: Handle very large Active Directory groups" https://fedorahosted.org/sssd/ticket/1823
*	Removing unused functions.	Lukas Slebodnik	2013-05-23	1	-8/+0
\| \| \| \|	This patch remove unused functions sdap_parse_user and sdap_parse_group
*	LDAP: If deref search fails, try again without deref	Jan Cholasta	2013-03-21	1	-0/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1660
*	ldap: Fallback option for rfc2307 schema	Simo Sorce	2013-03-20	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \|	Add option to fallback to fetch local users if rfc2307is being used. This is useful for cases where people added local users as LDAP members and rely on these group memberships to be maintained on the local host. Disabled by default as it violates identity domain separation. Ticket: https://fedorahosted.org/sssd/ticket/1020
*	Use common error facility instead of sdap_result	Simo Sorce	2013-03-19	1	-13/+0
\| \| \| \| \| \| \| \| \|	Simplifies and consolidates error reporting for ldap authentication paths. Adds 3 new error codes: ERR_CHPASS_DENIED - Used when password constraints deny password changes ERR_ACCOUNT_EXPIRED - Account is expired ERR_PASSWORD_EXPIRED - Password is expired
*	AD: replace GID/UID, do not add another one	Jakub Hrozek	2013-01-09	1	-0/+2
\| \| \| \| \| \| \|	The code would call sysdb_attrs_add_uint32 which added another UID or GID to the ID=0 we already downloaded from LDAP (0 is the default value) when ID-mapping an entry. This led to funky behaviour later on when we wanted to process the ID.
*	AD: Detect domain controller compatibility version	Stephen Gallagher	2012-09-24	1	-0/+13
\|
*	Primary server support: new options in krb5 provider	Jan Zeleny	2012-08-01	1	-0/+1
\| \| \| \| \| \|	This patch adds support for new config options krb5_backup_server and krb5_backup_kpasswd. The description of this option's functionality is included in man page in one of previous patches.
*	Primary server support: new option in ldap provider	Jan Zeleny	2012-08-01	1	-0/+2
\| \| \| \| \| \|	This patch adds support for new config option ldap_backup_uri. The description of this option's functionality is included in man page in previous patch.
*	sudo: add host info options	Pavel Březina	2012-06-29	1	-0/+5
\| \| \| \| \| \| \| \| \| \|	Adds some option that allows to manually configure a host filter. ldap_sudo_use_host_filter - if false, we will download all rules regardless their sudoHost attribute ldap_sudo_hostnames - list hostnames and/or fqdn that should be downloaded, separated with spaces ldap_sudo_ip - list of IPv4/6 address and/or network that should be downloaded, separated with spaces ldap_sudo_include_netgroups - include rules that contains netgroup in sudoHost ldap_sudo_include_regexp - include rules that contains regular expression in sudoHost
*	sudo provider: add ldap_sudo_smart_refresh_interval	Pavel Březina	2012-06-29	1	-0/+1
\|
*	ldap provider: add sudo usn value	Pavel Březina	2012-06-29	1	-0/+2
\|
*	sudo provider: remove old timer	Pavel Březina	2012-06-29	1	-2/+0
\|
*	sudo provider: add ldap_sudo_full_refresh_interval	Pavel Březina	2012-06-29	1	-0/+1
\|
*	LDAP: Auto-detect support for the ldap match rule	Stephen Gallagher	2012-06-13	1	-0/+2
\| \| \| \| \| \| \| \|	This patch extends the RootDSE lookup so that we will perform a second request to test whether the match rule syntax can be used. If both groups and initgroups are disabled in the configuration, this lookup request can be skipped.
*	LDAP: Add ldap_*_use_matching_rule_in_chain options	Stephen Gallagher	2012-06-13	1	-0/+2
\|
*	Add support for filtering atributes	Jan Zeleny	2012-05-31	1	-0/+1
\| \| \| \| \|	This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
*	LDAP: Add attr_count return value to build_attrs_from_map()	Stephen Gallagher	2012-05-10	1	-1/+3
\| \| \| \| \| \| \|	This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL.
*	LDAP: Map the user's primaryGroupID	Stephen Gallagher	2012-05-03	1	-0/+1
\|
*	LDAP: Allow setting a default domain for id-mapping slice 0	Stephen Gallagher	2012-05-03	1	-0/+2
\|
*	LDAP: Add autorid compatibility mode	Stephen Gallagher	2012-05-03	1	-0/+1
\|
*	LDAP: Initialize ID mapping when configured	Stephen Gallagher	2012-05-03	1	-0/+3
\|
*	LDAP: Add ID mapping range settings	Stephen Gallagher	2012-05-03	1	-0/+3
\|
*	LDAP: Add id-mapping option	Stephen Gallagher	2012-05-03	1	-0/+1
\|
*	LDAP: Add objectSID config option	Stephen Gallagher	2012-05-03	1	-0/+2
\|
*	Add terminator for sdap_attr_map	Stephen Gallagher	2012-03-28	1	-0/+1
\|
*	IPA hosts refactoring	Jan Zeleny	2012-02-24	1	-2/+0
\|
*	LDAP: Add support for SSH user public keys	Jan Cholasta	2012-02-07	1	-0/+1
\|
*	Update shadowLastChanged attribute during LDAP password change	Jan Zeleny	2012-02-06	1	-0/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1019
*	Session target in IPA provider	Jan Zeleny	2012-02-06	1	-0/+1
\|
*	AUTOFS: LDAP provider	Jakub Hrozek	2012-02-05	1	-0/+19
\|
*	NSS: Add individual timeouts for entry types	Stephen Gallagher	2012-02-04	1	-1/+0
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1016
*	LDAP: Add enumeration support for services	Stephen Gallagher	2012-01-31	1	-0/+1
\|
*	LDAP: Add support for service lookups (non-enum)	Stephen Gallagher	2012-01-31	1	-0/+13
\|
*	LDAP: Add option to disable paging control	Stephen Gallagher	2012-01-18	1	-0/+1
\| \| \| \|	Fixes https://fedorahosted.org/sssd/ticket/967
*	SUDO Integration - periodical update of rules in data provider	Pavel Březina	2012-01-17	1	-0/+2
\| \| \| \| \| \| \| \|	https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
*	SUDO Integration - LDAP configuration options	Pavel Březina	2011-12-16	1	-0/+20
\|
*	Add sdap_connection_expire_timeout option	Stephen Gallagher	2011-12-12	1	-0/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1036
*	Add ldap_sasl_minssf option	Jan Zeleny	2011-12-08	1	-0/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1075
*	Renamed some LDAP routines	Jan Zeleny	2011-11-23	1	-0/+1
\| \| \| \| \|	These were renamed just ot make sure they are not mistook for IPA netgroup functions.
*	Cleanup: Remove unused parameters	Jakub Hrozek	2011-11-22	1	-2/+0
\|
*	Support to request canonicalization in LDAP/IPA provider	Jan Zeleny	2011-11-02	1	-0/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/957
*	LDAP: Add parser for multiple search bases	Stephen Gallagher	2011-11-02	1	-0/+11
\|
*	Remove unused sdap_options attributes	Stephen Gallagher	2011-11-02	1	-3/+0
\| \| \| \|	These DNs were never assigned or referenced anywhere.
*	Improve error message for LDAP password constraint violation	Jakub Hrozek	2011-09-06	1	-0/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/985
*	Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON	Jakub Hrozek	2011-08-26	1	-0/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/978