sssd.git - sssd with jhrozek's patches

	Commit message (Collapse)	Author	Age	Files	Lines
*	GSSAPI ticket expiry time is returned from ldap_child and stored in ↵	eindenbom	2010-07-09	1	-0/+2
\| \| \| \|	sdap_handle for future reference.
*	Fix broken build against older versions of OpenLDAP	Stephen Gallagher	2010-06-06	1	-0/+10
\| \| \| \| \| \|	OpenLDAP < 2.4 used LDAP_OPT_ERROR_STRING. It was changed to LDAP_OPT_DIAGNOSTIC_MESSAGE in 2.4. This patch will allow the TLS error messages to be displayed on either version.
*	Add ldap_access_filter option	Stephen Gallagher	2010-05-27	1	-0/+1
\| \| \| \| \| \| \| \| \| \|	This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
*	Add ldap_krb5_ticket_lifetime option	Sumit Bose	2010-05-16	1	-0/+1
\|
*	Use service discovery in backends	Jakub Hrozek	2010-05-07	1	-0/+1
\| \| \| \| \| \| \| \| \|	Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
*	Avoid freeing sdap_handle too early	Simo Sorce	2010-05-03	1	-0/+6
\| \| \| \| \|	Prevent freeing the sdap_handle by failing in the destructor if we are trying to recurse.
*	Make the handling of fd events opaque	Sumit Bose	2010-04-26	1	-5/+1
\| \| \| \| \| \| \|	Depending on the version of the OpenLDAP libraries we use two different schemes to find the file descriptor of the connection to the LDAP server. This patch removes the related ifdefs from the main code and introduces helper functions which can handle the specific cases.
*	Improvements for LDAP Password Policy support	Ralf Haferkamp	2010-03-22	1	-0/+5
\| \| \| \| \| \| \| \|	Display warnings about remaining grace logins and password expiration to the user, when LDAP Password Policies are used. Improved detection if LDAP Password policies are supported by LDAP Server.
*	Better cleanup task handling	Jakub Hrozek	2010-02-23	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Implements a different mechanism for cleanup task. Instead of just deleting expired entries, this patch adds a new option account_cache_expiration for domains. If an entry is expired and the last login was more days in the past that account_cache_expiration, the entry is deleted. Groups are deleted if they are expired and and no user references them (no user has memberof: attribute pointing at that group). The parameter account_cache_expiration is not LDAP-specific, so that other future backends might use the same timeout setting. Fixes: #391
*	Rename server/ directory to src/	Stephen Gallagher	2010-02-18	1	-0/+258
	Also update BUILD.txt