sssd.git - sssd with jhrozek's patches

	Commit message (Collapse)	Author	Age	Files	Lines
*	Unbreak SASL	Pavel Březina	2012-07-31	1	-9/+12
\| \| \| \| \| \| \|	Patch bc76428246c4ce532abd0eadcd539069fc1d94a8 changed the data type of sasl_minssf from int to ber_len_t. Unfortunately, default value of ldap_sasl_minssf is -1 but ber_len_t is defined as unsigned long. This made SASL mechanism inoperative.
*	Fix uninitialized values	Nick Guay	2012-07-18	1	-1/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1379
*	LDAP: Properly cast type for MINSSF value	Jan Vcelak	2012-07-18	1	-11/+9
\|
*	LDAP: Print extended failure message for SASL bind	Stephen Gallagher	2012-07-02	1	-2/+14
\|
*	Simple implementation of Netscape password warning expiration control	Joshua Roys	2012-05-22	1	-22/+74
\|
*	Try all KDCs when getting TGT for LDAP	Jakub Hrozek	2012-05-09	1	-15/+18
\| \| \| \| \| \| \| \|	When the ldap child process is killed after a timeout, try the next KDC. When none of the ldap child processes succeed, just abort the connection because we wouldn't be able to authenticate to the LDAP server anyway. https://fedorahosted.org/sssd/ticket/1324
*	Get the RootDSE after binding if not successfull before	Jakub Hrozek	2012-04-20	1	-26/+104
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1258
*	Free controls in sdap_rebind_proc	Jakub Hrozek	2012-04-20	1	-4/+6
\|
*	Do not call sdap_auth if not needed	Jakub Hrozek	2012-04-18	1	-7/+11
\|
*	LDAP: Fix memory leaks in synchronous_tls_setup	Stephen Gallagher	2012-03-26	1	-8/+10
\| \| \| \| \| \| \| \| \| \|	We were never freeing "result" if it was allocated by ldap_result(). We were also not freeing "errmsg" if it was allocated but ldap_parse_result() returned an error. Also disambiguate error messages from ldap_parse_result() and error messages from sss_ldap_get_diagnostic_msg() since they use differing memory-management functions.
*	LDAP: Errors retrieving the RootDSE should not be fatal	Stephen Gallagher	2012-03-16	1	-15/+8
\| \| \| \| \| \| \| \|	If we can't reach the RootDSE, let's just proceed as if it's unavailable with reasonable defaults. If we fail later on, that's fine. Fixes https://fedorahosted.org/sssd/ticket/1257
*	Detect cycle in the fail over on subsequent resolve requests only	Jakub Hrozek	2012-03-08	1	-2/+4
\|
*	Only do one cycle when resolving a server	Jakub Hrozek	2012-03-06	1	-7/+6
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1214
*	LDAP: Copy URI instead of pointing at failover service record	Stephen Gallagher	2012-01-14	1	-2/+8
\| \| \| \| \| \| \| \|	In a heavy load environment, sometimes the failover service record would be updated and free the URI value. We need to guarantee that this URI string remains valid throughout the entire request. https://fedorahosted.org/sssd/ticket/1139
*	Add sdap_connection_expire_timeout option	Stephen Gallagher	2011-12-12	1	-0/+12
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1036
*	LDAP: Fix missing break statements in force_tls	Stephen Gallagher	2011-12-08	1	-6/+12
\| \| \| \|	Also add a default case to protect against bad input
*	LDAP provider: Error while setting the nocanon option should not be fatal	Jakub Hrozek	2011-12-08	1	-3/+9
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1100
*	Add ldap_sasl_minssf option	Jan Zeleny	2011-12-08	1	-0/+17
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1075
*	Provide means of forcing TLS and GSSAPI enabled/disabled for sdap connections	Jakub Hrozek	2011-11-29	1	-7/+28
\|
*	LDAP: Try next failover server on any error	Stephen Gallagher	2011-11-29	1	-9/+5
\|
*	Cleanup: Remove unused parameters	Jakub Hrozek	2011-11-22	1	-9/+5
\|
*	Prevent printing NULL in several places of LDAP provider	Jakub Hrozek	2011-11-18	1	-3/+5
\|
*	Support to request canonicalization in LDAP/IPA provider	Jan Zeleny	2011-11-02	1	-0/+15
\| \| \| \|	https://fedorahosted.org/sssd/ticket/957
*	sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string()	Pavel Březina	2011-09-06	1	-16/+16
\| \| \| \|	https://fedorahosted.org/sssd/ticket/986
*	sss_ldap_err2string() - function created	Pavel Březina	2011-09-06	1	-2/+0
\| \| \| \|	https://fedorahosted.org/sssd/ticket/986
*	Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON	Jakub Hrozek	2011-08-26	1	-0/+11
\| \| \| \|	https://fedorahosted.org/sssd/ticket/978
*	Handle timeout during sss_ldap_init_send	Jakub Hrozek	2011-08-15	1	-1/+5
\| \| \| \| \| \| \| \| \|	In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds.
*	Request password control unconditionally during bind	Jakub Hrozek	2011-08-01	1	-6/+6
\| \| \| \|	https://fedorahosted.org/sssd/ticket/940
*	Use ldap_init_fd() instead of ldap_initialize() if available	Sumit Bose	2011-06-30	1	-36/+83
\|
*	Add ldap_page_size configuration option	Stephen Gallagher	2011-04-27	1	-0/+4
\|
*	Modify principal selection for keytab authentication	Jan Zeleny	2011-04-25	1	-2/+7
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
*	Initialise rootdse to NULL if not available	Sumit Bose	2011-04-12	1	-0/+1
\|
*	Initialise srv_opts even if rootDSE is missing	Sumit Bose	2011-04-11	1	-8/+9
\|
*	Read only rootDSE data if rootDSE is available	Sumit Bose	2011-04-08	1	-20/+22
\|
*	Don't pass NULL to printf for TLS errors	Jakub Hrozek	2011-04-08	1	-19/+22
\| \| \| \|	https://fedorahosted.org/sssd/ticket/643
*	Do not attempt to use START_TLS on SSL connections	Stephen Gallagher	2011-02-16	1	-2/+10
\| \| \| \| \| \| \|	Not all LDAP servers are capable of handling dual-encryption with both TLS and SSL. https://fedorahosted.org/sssd/ticket/795
*	Convert obfuscated password once at startup	Sumit Bose	2011-01-06	1	-14/+0
\|
*	Mark unavailable Kerberos server as PORT_NOT_WORKING	Sumit Bose	2010-12-07	1	-0/+1
\|
*	ldap: add checks to determine if USN features are available.	Simo Sorce	2010-12-07	1	-9/+19
\|
*	Fix offline detection in sdap_cli_connect request	Sumit Bose	2010-12-01	1	-0/+1
\| \| \| \| \| \| \|	sdap_cli_connect_recv_ext() checks if the failover server is not set to determine if the backend is offline. To make this work properly if multiple servers are defined the failover server must be set to NULL if all servers are checked.
*	Use (default)namingContext to set empty search bases	Sumit Bose	2010-11-04	1	-0/+8
\|
*	Allow authentication for referrals	Sumit Bose	2010-10-27	1	-0/+193
\|
*	Add some missing ldap_memfree()	Sumit Bose	2010-10-22	1	-2/+4
\|
*	Add ldap_deref option	Sumit Bose	2010-10-22	1	-0/+37
\|
*	Initialize kerberos service for GSSAPI	Jakub Hrozek	2010-10-13	1	-4/+88
\|
*	Make ldap_child report kerberos return code to parent	Jakub Hrozek	2010-10-13	1	-1/+3
\|
*	Check if control is supported before using it.	Simo Sorce	2010-09-15	1	-7/+9
\|
*	Revert "Make ldap bind asynchronous"	Jakub Hrozek	2010-09-15	1	-127/+91
\| \| \| \|	This reverts 56d8d19ac9d857580a233d8264e851883b883c67
*	Store rootdse supported features in sdap_handler	Sumit Bose	2010-09-15	1	-34/+17
\|
*	Deobfuscate password in back ends	Jakub Hrozek	2010-09-08	1	-7/+52
\| \| \| \| \| \|	When obfuscated password is used in config file, the LDAP backend converts it back to clear text and uses it to authenticate to the server.