| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Not all LDAP servers are capable of handling dual-encryption with
both TLS and SSL.
https://fedorahosted.org/sssd/ticket/795
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
sdap_cli_connect_recv_ext() checks if the failover server is not set to
determine if the backend is offline. To make this work properly if
multiple servers are defined the failover server must be set to NULL if
all servers are checked.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
This reverts 56d8d19ac9d857580a233d8264e851883b883c67
|
| | |
|
| |
|
|
|
|
| |
When obfuscated password is used in config file, the LDAP backend
converts it back to clear text and uses it to authenticate to the
server.
|
| |
|
|
|
|
| |
Every ldap function that could possibly create a new connection is now
wrapped in a tevent_req. If the connection is created, we will call the
function again after the socket is ready for writing.
|
| |
|
|
|
| |
Also adds support for detecting LDAPS errors by adding a check for
SDAP_DIAGNOSTIC_MESSAGE after ldap_search_ext()
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
sdap_handle for future reference.
|
| |
|
|
|
|
|
|
|
|
|
| |
In violation of the standard, some LDAP servers control access to
the RootDSE, thus preventing us from being able to read it before
performing a bind.
This patch will allow us to continue on if the RootDSE was
inaccessible. All of the places that we use the return value of
the RootDSE after this are already checked for NULL and use sane
defaults if the RootDSE is unavailable
|
| | |
|
| |
|
|
|
|
| |
OpenLDAP < 2.4 used LDAP_OPT_ERROR_STRING. It was changed to
LDAP_OPT_DIAGNOSTIC_MESSAGE in 2.4. This patch will allow the TLS
error messages to be displayed on either version.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Allow backends to set a callback in the be_ctx that should be
invoked when the ID provider goes online.
This can be used to perform regular maintenance tasks that are
valid only when going online.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Always just mark the sdap_handle as not connected and let later _send()
functions to take care of freeing the handle before reconnecting.
Introduce restart functions to avoid calling _send() functions in _done()
functions error paths as this would have the same effect as directly freeing
the sdap_handle and cause access to freed memory in sdap_handle_release()
By freeing sdap_handle only in the connection _recv() function we
guarantee it can never be done within sdap_handle_release() but only
in a following event.
|
| |
|
|
|
|
|
| |
Depending on the version of the OpenLDAP libraries we use two different
schemes to find the file descriptor of the connection to the LDAP
server. This patch removes the related ifdefs from the main code and
introduces helper functions which can handle the specific cases.
|
| | |
|
| |
|
|
|
|
|
| |
This option is needed for the rare case where a poll() call during
ldap_sasl_interactive_bind_s() is interrupted by a signal.
LDAP_OPT_RESTART enables the handling of the EINTR error instead of
returning an error.
|
| |
|
|
|
|
|
|
| |
Display warnings about remaining grace logins and password
expiration to the user, when LDAP Password Policies are used.
Improved detection if LDAP Password policies are supported by
LDAP Server.
|
| | |
|
| |
|
|
|
|
| |
When the user's password is expired it might also be indicated by
the bind operation returning "INVALID_CREDENTIALS" with the ppolicy
control's errorcode set to "PP_passwordExpired".
|
|
|
Also update BUILD.txt
|
