summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/sdap_async.h
Commit message (Collapse)AuthorAgeFilesLines
* AD: cross-domain membership fixSumit Bose2013-12-191-0/+1
| | | | | | | | | | | | | | | | | | | A recent patch directed all call related to group membership lookups to the AD LDAP port to fix an issue related to missing group memberships in the Global Catalog. As a side-effect it broke cross-domain group-memberships because those cannot be resolved by the connection to the LDAP port. The patch tires to fix this by restoring the original behaviour in the top-level lookup calls in the AD provider and switching to the LDAP port only for the LDAP request which is expected to return the full group membership. Additionally this patch contains a related fix for the tokenGroups with Posix attributes patch. The original connection, typically a Global Catalog connection in the AD case is passed down the stack so that the group lookup after the tokenGroups request can run over the same connection.
* ad: use tokengroups even when id mapping is disabledPavel Březina2013-12-181-1/+3
| | | | https://fedorahosted.org/sssd/ticket/1568
* ad: refactor tokengroups initgroupsPavel Březina2013-12-181-10/+10
| | | | | sdap_get_ad_tokengroups_initgroups is split into more parts so it can be reused later.
* LDAP: Split out a request to search for a user w/o savingJakub Hrozek2013-11-201-0/+16
| | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2077 Certain situations require that a user entry is downloaded for further inpection, but not saved to the sysdb right away. This patch splits the previously monolithic request into one that just downloads the data and one that uses the new one to download and save the user.
* LDAP: store FQDNs for trusted users and groupsJakub Hrozek2013-06-071-4/+5
| | | | | | Because the NSS responder expects the name attribute to contain FQDN, we must save the name as FQDN in the LDAP provider if the domain we save to is a subdomain.
* LDAP: new SDAP domain structureJakub Hrozek2013-06-071-3/+2
| | | | | | | | | | | Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain.
* LDAP: Pass in a connection to ID functionsJakub Hrozek2013-06-071-0/+1
| | | | | | | Instead of using the default connection from the sdap_id_ctx, allow the caller to specify which connection shall be used for this particular request. Again, no functional change is present in this patch, just another parameter is added.
* sdap: add sdap_connect_host requestPavel Březina2013-05-021-0/+15
| | | | | Create connection to specified LDAP server without using any failover stuff.
* Use common error facility instead of sdap_resultSimo Sorce2013-03-191-23/+6
| | | | | | | | | Simplifies and consolidates error reporting for ldap authentication paths. Adds 3 new error codes: ERR_CHPASS_DENIED - Used when password constraints deny password changes ERR_ACCOUNT_EXPIRED - Account is expired ERR_PASSWORD_EXPIRED - Password is expired
* Add domain to sysdb_search_user_by_name()Simo Sorce2013-01-151-0/+2
| | | | Also remove unused sysdb_search_domuser_by_name()
* Change pam data auth tokens.Simo Sorce2013-01-101-4/+3
| | | | Use the new authtok abstraction and interfaces throught the code.
* AD: Optimize initgroups lookups with tokenGroupsStephen Gallagher2012-09-241-0/+16
| | | | https://fedorahosted.org/sssd/ticket/1355
* LDAP: Add support for AD chain matching extension in initgroupsStephen Gallagher2012-06-131-0/+13
|
* LDAP: Add support for AD chain matching extension in group lookupsStephen Gallagher2012-06-131-0/+14
|
* LDAP: Add ldap_*_use_matching_rule_in_chain optionsStephen Gallagher2012-06-131-0/+5
|
* Ghost members - removed sdap_check_aliases()Jan Zeleny2012-05-311-6/+0
| | | | | | | This function is no longer necessary because we don't have fake user entries any more. The original purpose of this function was to check if there are fake user entries for particular user and, if yes, to update its membership.
* LDAP: Only use paging control on requests for multiple entriesStephen Gallagher2012-02-241-1/+2
| | | | | | | | | | The paging control can cause issues on servers that put limits on how many paging controls can be active at one time (on some servers, it is limited to one per connection). We need to reduce our usage so that we only activate the paging control when making a request that may return an arbitrary number of results. https://fedorahosted.org/sssd/ticket/1202 phase one
* Update shadowLastChanged attribute during LDAP password changeJan Zeleny2012-02-061-0/+9
| | | | https://fedorahosted.org/sssd/ticket/1019
* LDAP: Add enumeration support for servicesStephen Gallagher2012-01-311-0/+11
|
* LDAP: Add support for service lookups (non-enum)Stephen Gallagher2012-01-311-0/+17
|
* Use the case sensitivity flag in the LDAP providerJakub Hrozek2011-12-161-0/+1
|
* Refactor saving sdap entitiesJakub Hrozek2011-12-161-0/+21
| | | | | There was too much code duplication between sdap_save_{user,group,netgroup}. This patch removes the most egregious ones.
* Provide means of forcing TLS and GSSAPI enabled/disabled for sdap connectionsJakub Hrozek2011-11-291-1/+9
|
* Support to request canonicalization in LDAP/IPA providerJan Zeleny2011-11-021-0/+1
| | | | https://fedorahosted.org/sssd/ticket/957
* LDAP: Add support for multiple search bases for group enumerationStephen Gallagher2011-11-021-1/+2
|
* LDAP: Add support for multiple search bases for user enumerationStephen Gallagher2011-11-021-1/+2
|
* LDAP: Support multiple group search bases (non-enumeration, RFC2307)Stephen Gallagher2011-11-021-1/+2
|
* LDAP: Support multiple netgroup search basesStephen Gallagher2011-11-021-1/+2
|
* LDAP: Support multiple user search bases (non-enumeration)Stephen Gallagher2011-11-021-1/+2
|
* Store name aliases for users, groupsJakub Hrozek2011-09-281-0/+6
| | | | | | Also checks fake users for aliases when storing a real users so that getgrnam for a RFC2307 group that references a user by his secondary name followed by getpwnam for this user by his primary name works
* Allow turning dereference off by setting the threshold to 0Jakub Hrozek2011-09-061-1/+1
|
* Use ldap_init_fd() instead of ldap_initialize() if availableSumit Bose2011-06-301-0/+3
|
* Generic dereference searchJakub Hrozek2011-05-201-0/+18
| | | | | | A generic wrapper around ASQ and OpenLDAP dereference searches. https://fedorahosted.org/sssd/ticket/635
* Add the user's primary group to the initgroups lookupStephen Gallagher2011-01-211-3/+1
| | | | | The user may not be a direct member of their primary group, but we still want to make sure that group is cached on the system.
* Add timeout parameter to sdap_get_generic_send()Sumit Bose2011-01-171-4/+8
|
* ldap: add checks to determine if USN features are available.Simo Sorce2010-12-071-4/+2
|
* Implement netgroup support for LDAP providerSumit Bose2010-10-131-1/+13
|
* Initialize kerberos service for GSSAPIJakub Hrozek2010-10-131-0/+3
|
* Store rootdse supported features in sdap_handlerSumit Bose2010-09-151-5/+3
|
* LDAP connection usage tracking, sharing and failover retry framework.eindenbom2010-07-091-0/+5
|
* GSSAPI ticket expiry time is returned from ldap_child and stored in ↵eindenbom2010-07-091-1/+3
| | | | sdap_handle for future reference.
* Add ldap_krb5_ticket_lifetime optionSumit Bose2010-05-161-1/+2
|
* Improvements for LDAP Password Policy supportRalf Haferkamp2010-03-221-1/+5
| | | | | | | | Display warnings about remaining grace logins and password expiration to the user, when LDAP Password Policies are used. Improved detection if LDAP Password policies are supported by LDAP Server.
* Rename server/ directory to src/Stephen Gallagher2010-02-181-0/+126
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-05-13 12:56:21 +0000