summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/sdap_async_connection.c
Commit message (Collapse)AuthorAgeFilesLines
* Try all KDCs when getting TGT for LDAPsssd-1.5.1-52.el5Jakub Hrozek2012-06-041-15/+16
| | | | | | | | When the ldap child process is killed after a timeout, try the next KDC. When none of the ldap child processes succeed, just abort the connection because we wouldn't be able to authenticate to the LDAP server anyway. https://fedorahosted.org/sssd/ticket/1324
* Only do one cycle when resolving a serverJakub Hrozek2012-06-041-9/+10
| | | | | | | | | | | | | | | Rename fo_get_server_name to fo_get_server_str_name fo_get_server_name() getter for a server name Allows to be more concise in tests and more defensive in resolve callbacks Only do one cycle when resolving a server https://fedorahosted.org/sssd/ticket/1214 Detect cycle in the fail over on subsequent resolve requests only
* Handle timeout during sss_ldap_init_sendJakub Hrozek2011-12-131-1/+5
| | | | | | | | | In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds.
* LDAP: Try next failover server on any errorStephen Gallagher2011-12-051-9/+5
|
* Use sss_ldap_err2string() instead of ldap_err2string()Pavel Březina2011-10-261-18/+16
| | | | | | | | | | sss_ldap_err2string() - function created https://fedorahosted.org/sssd/ticket/986 sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string() https://fedorahosted.org/sssd/ticket/986
* Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek2011-10-261-0/+11
| | | | https://fedorahosted.org/sssd/ticket/978
* Request password control unconditionally during bindJakub Hrozek2011-10-261-6/+6
| | | | https://fedorahosted.org/sssd/ticket/940
* Fix TLS/SSL validation after switch to ldap_init_fdSumit Bose2011-10-261-36/+83
| | | | | | | | | | | | | | Add sockaddr_storage to sdap_service Add sdap_call_conn_cb() to call add connection callback directly Use name based URI instead of IP address based URIs Use ldap_init_fd() instead of ldap_initialize() if available Do not access state after tevent_req_done() is called. Call ldap_install_tls() on ldaps connections
* Enable paging support for LDAPStephen Gallagher2011-10-261-0/+4
|
* Initialise rootdse to NULL if not availablesssd-1.5.1-27.el5Sumit Bose2011-04-121-0/+1
|
* Initialise srv_opts even if rootDSE is missingsssd-1.5.1-26.el5Sumit Bose2011-04-111-8/+9
|
* Read only rootDSE data if rootDSE is availableSumit Bose2011-04-081-20/+22
|
* Do not attempt to use START_TLS on SSL connectionsStephen Gallagher2011-02-151-2/+10
| | | | | | | Not all LDAP servers are capable of handling dual-encryption with both TLS and SSL. https://fedorahosted.org/sssd/ticket/795
* Convert obfuscated password once at startupSumit Bose2011-01-061-14/+0
|
* Mark unavailable Kerberos server as PORT_NOT_WORKINGSumit Bose2010-12-071-0/+1
|
* ldap: add checks to determine if USN features are available.Simo Sorce2010-12-071-9/+19
|
* Fix offline detection in sdap_cli_connect requestSumit Bose2010-12-011-0/+1
| | | | | | | sdap_cli_connect_recv_ext() checks if the failover server is not set to determine if the backend is offline. To make this work properly if multiple servers are defined the failover server must be set to NULL if all servers are checked.
* Use (default)namingContext to set empty search basesSumit Bose2010-11-041-0/+8
|
* Allow authentication for referralsSumit Bose2010-10-271-0/+193
|
* Add some missing ldap_memfree()Sumit Bose2010-10-221-2/+4
|
* Add ldap_deref optionSumit Bose2010-10-221-0/+37
|
* Initialize kerberos service for GSSAPIJakub Hrozek2010-10-131-4/+88
|
* Make ldap_child report kerberos return code to parentJakub Hrozek2010-10-131-1/+3
|
* Check if control is supported before using it.Simo Sorce2010-09-151-7/+9
|
* Revert "Make ldap bind asynchronous"Jakub Hrozek2010-09-151-127/+91
| | | | This reverts 56d8d19ac9d857580a233d8264e851883b883c67
* Store rootdse supported features in sdap_handlerSumit Bose2010-09-151-34/+17
|
* Deobfuscate password in back endsJakub Hrozek2010-09-081-7/+52
| | | | | | When obfuscated password is used in config file, the LDAP backend converts it back to clear text and uses it to authenticate to the server.
* Make ldap bind asynchronousMartin Nagy2010-09-021-91/+127
| | | | | | Every ldap function that could possibly create a new connection is now wrapped in a tevent_req. If the connection is created, we will call the function again after the socket is ready for writing.
* Log TLS errors to syslogStephen Gallagher2010-07-091-0/+6
| | | | | Also adds support for detecting LDAPS errors by adding a check for SDAP_DIAGNOSTIC_MESSAGE after ldap_search_ext()
* Eliminate delayed sdap_handle destruction after fail-over retry.eindenbom2010-07-091-9/+6
|
* Use new LDAP connection framework in IPA dynamic DNS forwarder.eindenbom2010-07-091-7/+0
|
* LDAP connection usage tracking, sharing and failover retry framework.eindenbom2010-07-091-0/+16
|
* GSSAPI ticket expiry time is returned from ldap_child and stored in ↵eindenbom2010-07-091-3/+11
| | | | sdap_handle for future reference.
* Make RootDSE optionalStephen Gallagher2010-06-281-2/+14
| | | | | | | | | | | In violation of the standard, some LDAP servers control access to the RootDSE, thus preventing us from being able to read it before performing a bind. This patch will allow us to continue on if the RootDSE was inaccessible. All of the places that we use the return value of the RootDSE after this are already checked for NULL and use sane defaults if the RootDSE is unavailable
* Fix SASL authenticationSumit Bose2010-06-281-2/+2
|
* Fix broken build against older versions of OpenLDAPStephen Gallagher2010-06-061-2/+2
| | | | | | OpenLDAP < 2.4 used LDAP_OPT_ERROR_STRING. It was changed to LDAP_OPT_DIAGNOSTIC_MESSAGE in 2.4. This patch will allow the TLS error messages to be displayed on either version.
* Add a better error message for TLS failuresStephen Gallagher2010-05-201-3/+32
|
* Add ldap_krb5_ticket_lifetime optionSumit Bose2010-05-161-4/+14
|
* Add callback when the ID provider switches from offline to onlineStephen Gallagher2010-05-071-0/+9
| | | | | | | | Allow backends to set a callback in the be_ctx that should be invoked when the ID provider goes online. This can be used to perform regular maintenance tasks that are valid only when going online.
* Use all available servers in LDAP providerJakub Hrozek2010-05-071-7/+53
|
* Better handle sdap_handle memory from callers.Simo Sorce2010-05-031-0/+3
| | | | | | | | | | | | | Always just mark the sdap_handle as not connected and let later _send() functions to take care of freeing the handle before reconnecting. Introduce restart functions to avoid calling _send() functions in _done() functions error paths as this would have the same effect as directly freeing the sdap_handle and cause access to freed memory in sdap_handle_release() By freeing sdap_handle only in the connection _recv() function we guarantee it can never be done within sdap_handle_release() but only in a following event.
* Make the handling of fd events opaqueSumit Bose2010-04-261-46/+8
| | | | | | | Depending on the version of the OpenLDAP libraries we use two different schemes to find the file descriptor of the connection to the LDAP server. This patch removes the related ifdefs from the main code and introduces helper functions which can handle the specific cases.
* Set LDAP_OPT_RESTART for all LDAP connectionsSumit Bose2010-04-261-7/+7
|
* Set LDAP_OPT_RESTART for ldap_sasl_interactive_bind_s()Sumit Bose2010-03-251-0/+7
| | | | | | | This option is needed for the rare case where a poll() call during ldap_sasl_interactive_bind_s() is interrupted by a signal. LDAP_OPT_RESTART enables the handling of the EINTR error instead of returning an error.
* Improvements for LDAP Password Policy supportRalf Haferkamp2010-03-221-10/+43
| | | | | | | | Display warnings about remaining grace logins and password expiration to the user, when LDAP Password Policies are used. Improved detection if LDAP Password policies are supported by LDAP Server.
* Fix error message for ldap_start_tlsStephen Gallagher2010-03-181-1/+1
|
* Fixed check for expired passwordsRalf Haferkamp2010-03-151-2/+4
| | | | | | When the user's password is expired it might also be indicated by the bind operation returning "INVALID_CREDENTIALS" with the ppolicy control's errorcode set to "PP_passwordExpired".
* Rename server/ directory to src/Stephen Gallagher2010-02-181-0/+1141
Also update BUILD.txt