summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/sdap_access.c
Commit message (Collapse)AuthorAgeFilesLines
* Accept be_req instead if be_ctx in LDAP access providerJan Zeleny2012-04-241-13/+14
|
* LDAP: Make sdap_access_send/recv publicStephen Gallagher2012-03-091-12/+8
| | | | We want to consume this in the IPA provider.
* LDAP: Only use paging control on requests for multiple entriesStephen Gallagher2012-02-241-1/+2
| | | | | | | | | | The paging control can cause issues on servers that put limits on how many paging controls can be active at one time (on some servers, it is limited to one per connection). We need to reduce our usage so that we only activate the paging control when making a request that may return an arbitrary number of results. https://fedorahosted.org/sssd/ticket/1202 phase one
* Cleanup: Remove unused parametersJakub Hrozek2011-11-221-13/+2
|
* sysdb refactoring: memory context deletedJan Zeleny2011-08-151-2/+1
| | | | | | This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
* sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny2011-08-151-4/+1
| | | | | The patch also updates code using modified functions. Tests have also been adjusted.
* Add LDAP access control based on NDS attributesSumit Bose2011-07-081-0/+177
|
* Add host access control supportPierre Ossman2011-03-241-0/+146
| | | | https://fedorahosted.org/sssd/ticket/746
* Only print "no matching service rule" when appropriateStephen Gallagher2011-02-041-6/+6
|
* Add LDAP expire policy base RHDS/IPA attributeSumit Bose2011-01-191-0/+38
| | | | | The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
* Add LDAP expire policy based on AD attributesSumit Bose2011-01-191-0/+85
| | | | | | The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
* Add timeout parameter to sdap_get_generic_send()Sumit Bose2011-01-171-1/+3
|
* Add syslog messages to authorized service access checkSumit Bose2011-01-061-1/+31
|
* Add syslog message to shadow access checkSumit Bose2011-01-061-6/+14
|
* Add authorizedService supportStephen Gallagher2010-12-211-0/+135
| | | | https://fedorahosted.org/sssd/ticket/670
* Pass all PAM data to the LDAP access providerStephen Gallagher2010-12-211-9/+12
| | | | Previously we were only passing the username.
* Add new account expired rule to LDAP access providerSumit Bose2010-12-061-66/+377
| | | | | | | | | | | | | | Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
* Sanitize search filters in LDAP providerStephen Gallagher2010-11-151-1/+9
|
* Suppress some 'may be used uninitialized' warningsSumit Bose2010-09-281-1/+1
| | | | | Additionally the handling of errno and the errno_t return value of functions is fixed in krb5_common.c.
* Dead assignments cleanup in providers codeJan Zeleny2010-09-081-11/+7
| | | | | | | Dead assignments were deleted. Also prototype of function sdap_access_decide_offline() has been changed, since its return code was never used. Ticket: #586
* Use new LDAP connection framework in LDAP access backend.eindenbom2010-07-091-59/+73
|
* Allow ldap_access_filter values wrapped in parenthesesStephen Gallagher2010-06-091-1/+1
|
* Add ldap_access_filter optionStephen Gallagher2010-05-271-0/+457
This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
generated by cgit (git 2.34.1) at 2024-05-19 06:27:21 +0000