summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/sdap_async.c
Commit message (Collapse)AuthorAgeFilesLines
* Special-case LDAP_SIZELIMIT_EXCEEDEDJakub Hrozek2012-05-101-4/+9
| | | | | | | | | | | | Previous version of the SSSD did not abort the async LDAP search operation on errors. In cases where the request ended in progress, such as when the paging was very strictly limited, the old versions at least returned partial data. This patch special-cases the LDAP_SIZELIMIT_EXCEEDED error to avoid a user-visible regression. https://fedorahosted.org/sssd/ticket/1322
* Read sysdb attribute name, not LDAP attribute map nameJakub Hrozek2012-05-101-2/+2
| | | | https://fedorahosted.org/sssd/ticket/1320
* sdap_check_aliases must not error when detects the same userJakub Hrozek2012-04-201-13/+31
| | | | https://fedorahosted.org/sssd/ticket/1307
* LDAP: Only use paging control on requests for multiple entriesStephen Gallagher2012-02-241-5/+40
| | | | | | | | | | The paging control can cause issues on servers that put limits on how many paging controls can be active at one time (on some servers, it is limited to one per connection). We need to reduce our usage so that we only activate the paging control when making a request that may return an arbitrary number of results. https://fedorahosted.org/sssd/ticket/1202 phase one
* End request if ldap_parse_result failsJakub Hrozek2012-02-211-0/+3
|
* Update shadowLastChanged attribute during LDAP password changeJan Zeleny2012-02-061-0/+132
| | | | https://fedorahosted.org/sssd/ticket/1019
* LDAP: Add option to disable paging controlStephen Gallagher2012-01-181-2/+6
| | | | Fixes https://fedorahosted.org/sssd/ticket/967
* Use the case sensitivity flag in the LDAP providerJakub Hrozek2011-12-161-4/+5
|
* Refactor saving sdap entitiesJakub Hrozek2011-12-161-0/+80
| | | | | There was too much code duplication between sdap_save_{user,group,netgroup}. This patch removes the most egregious ones.
* Cleanup: Remove unused parametersJakub Hrozek2011-11-221-1/+2
|
* Prevent printing NULL in several places of LDAP providerJakub Hrozek2011-11-181-2/+4
|
* Remove confusing do-while loopJakub Hrozek2011-11-021-35/+36
| | | | | The deref processing would return a single control back. The do-while loop was harmless but confusing.
* Use LDAPDerefSpec properlyJakub Hrozek2011-11-021-4/+6
| | | | | | | | ldap_create_deref_control_value expects an array of LDAPDerefSpec structures with LDAPDerefSpec.derefAttr == NULL as a sentinel. We were passing a single instance of a LDAPDerefSpec structure. https://fedorahosted.org/sssd/ticket/1050
* Store name aliases for users, groupsJakub Hrozek2011-09-281-0/+90
| | | | | | Also checks fake users for aliases when storing a real users so that getgrnam for a RFC2307 group that references a user by his secondary name followed by getpwnam for this user by his primary name works
* Keep deref controls until the whole request is finishedJakub Hrozek2011-09-061-8/+45
| | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/989 John Hodrien found out that when paging is used while dereferencing an entry, sssd_be may segfault on the second page. This was because paging returned the control to sdap_generic_search multiple times but sssd was freeing dereference control after the first search invocation. The subsequend sdap searched accessed memory that was already freed.
* Improve error message for LDAP password constraint violationJakub Hrozek2011-09-061-5/+12
| | | | https://fedorahosted.org/sssd/ticket/985
* Allow turning dereference off by setting the threshold to 0Jakub Hrozek2011-09-061-1/+7
|
* sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string()Pavel Březina2011-09-061-5/+5
| | | | https://fedorahosted.org/sssd/ticket/986
* New DEBUG facility - conversionPavel Březina2011-08-251-1/+1
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
* Fix uninitialized pointer read in sdap_x_deref_parse_entryJakub Hrozek2011-05-241-1/+1
| | | | https://fedorahosted.org/sssd/ticket/877
* Fix bad comparison in sdap_has_deref_supportJakub Hrozek2011-05-241-1/+1
| | | | https://fedorahosted.org/sssd/ticket/876
* Generic dereference searchJakub Hrozek2011-05-201-0/+139
| | | | | | A generic wrapper around ASQ and OpenLDAP dereference searches. https://fedorahosted.org/sssd/ticket/635
* OpenLDAP dereference searchesJakub Hrozek2011-05-201-0/+210
| | | | | | | | This dereference method is supported at least by OpenLDAP and 389DS/RHDS For more details, see: http://tools.ietf.org/html/draft-masarati-ldap-deref-00
* Add support for Attribute Scoped QueriesJakub Hrozek2011-05-201-0/+203
| | | | | | For more details on ASQ, see: http://msdn.microsoft.com/en-us/library/aa366976%28VS.85%29.aspx http://msdn.microsoft.com/en-us/library/aa746418%28v=VS.85%29.aspx
* Generic dereference data structures and utilitiesJakub Hrozek2011-05-201-0/+35
| | | | These will be shared by both dereference methods in a later patch.
* sdap_get_generic_extJakub Hrozek2011-05-201-73/+202
| | | | | | | | | | | Add a private sdap_get_generic_ext_send()/_recv() request that exposes more of ldap_search_ext options, in particular the server contols. The existing sdap_generic_search_send()/_recv() request is now a thin wrapper around the new _ext request. The other important change is that an entry parsing is a callback now. That was done in order to allow custom parsing for results such as OpenLDAP deref or Attribute Scoped Queries.
* Do not leak LDAP paging controlsJakub Hrozek2011-04-281-0/+5
|
* Add ldap_page_size configuration optionStephen Gallagher2011-04-271-2/+1
|
* Enable paging support for LDAPStephen Gallagher2011-04-271-23/+117
|
* Log the LDAP message type we're processingStephen Gallagher2011-04-271-0/+57
|
* Don't pass NULL to printf for TLS errorsJakub Hrozek2011-04-081-4/+2
| | | | https://fedorahosted.org/sssd/ticket/643
* Release handle if not connectedSumit Bose2011-03-091-0/+1
|
* Add timeout parameter to sdap_get_generic_send()Sumit Bose2011-01-171-5/+6
|
* ldap: add checks to determine if USN features are available.Simo Sorce2010-12-071-0/+1
|
* Review comments for namingContexts patchesSumit Bose2010-11-051-9/+9
|
* Use (default)namingContext to set empty search basesSumit Bose2010-11-041-1/+1
|
* Add defaultNamingContext to RootDSE attributesSumit Bose2010-11-041-0/+1
|
* Add some missing ldap_memfree()Sumit Bose2010-10-221-1/+2
|
* Check if control is supported before using it.Simo Sorce2010-09-151-7/+9
|
* Revert "Make ldap bind asynchronous"Jakub Hrozek2010-09-151-201/+70
| | | | This reverts 56d8d19ac9d857580a233d8264e851883b883c67
* Make ldap bind asynchronousMartin Nagy2010-09-021-70/+201
| | | | | | Every ldap function that could possibly create a new connection is now wrapped in a tevent_req. If the connection is created, we will call the function again after the socket is ready for writing.
* Properly handle errors from a password change operationStephen Gallagher2010-09-021-8/+14
|
* Log TLS errors to syslogStephen Gallagher2010-07-091-1/+17
| | | | | Also adds support for detecting LDAPS errors by adding a check for SDAP_DIAGNOSTIC_MESSAGE after ldap_search_ext()
* Remove remainder of now unused global LDAP connection handle.eindenbom2010-07-091-1/+1
|
* Make RootDSE optionalStephen Gallagher2010-06-281-1/+3
| | | | | | | | | | | In violation of the standard, some LDAP servers control access to the RootDSE, thus preventing us from being able to read it before performing a bind. This patch will allow us to continue on if the RootDSE was inaccessible. All of the places that we use the return value of the RootDSE after this are already checked for NULL and use sane defaults if the RootDSE is unavailable
* Add explicit requests for several operational attrsAlexander Gordeev2010-06-281-1/+12
| | | | | | | | | | | | | | | | Operational attributes are not returned in searched requests unless explicitly requested according to RFC 4512 section 5.1. Therefore to get several standard attributes of root DSE we have to request for them. The requested attrs are: - altServer - namingContexts - supportedControl - supportedExtension - supportedFeatures - supportedLDAPVersion - supportedSASLMechanisms Signed-off-by: Alexander Gordeev <lasaine@lvk.cs.msu.su>
* Use all available servers in LDAP providerJakub Hrozek2010-05-071-1/+5
|
* Avoid freeing sdap_handle too earlySimo Sorce2010-05-031-18/+40
| | | | | Prevent freeing the sdap_handle by failing in the destructor if we are trying to recurse.
* Make the handling of fd events opaqueSumit Bose2010-04-261-124/+3
| | | | | | | Depending on the version of the OpenLDAP libraries we use two different schemes to find the file descriptor of the connection to the LDAP server. This patch removes the related ifdefs from the main code and introduces helper functions which can handle the specific cases.
* Lower debug level of unexpected LDAP result codesSumit Bose2010-03-221-0/+5
|
generated by cgit (git 2.34.1) at 2024-05-05 23:03:31 +0000