summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap
Commit message (Collapse)AuthorAgeFilesLines
* Fix default upper limit of slicesOndrej Kos2012-10-041-1/+1
| | | | | | | https://fedorahosted.org/sssd/ticket/1537 changes upper limit of slices to 2000200000 in providers code and manpage.
* Slices calculation is alway wrong for default valuesOndrej Kos2012-10-041-2/+2
|
* Remove unused variableJakub Hrozek2012-10-041-6/+0
|
* Variable in sdap_sudo_rules_refresh_send could be used, uninitialized.Michal Zidek2012-10-031-0/+1
|
* Flip the default value of ldap_initgroups_use_matching_rule_in_chainJakub Hrozek2012-10-021-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1535
* remove left over principal selectionPavel Březina2012-10-021-21/+0
| | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1303 Domain start up was taking too long when there are many principals in a kerberos keytab. We were looking up in the keytab two times. The first time we try to select a proper principal and remember it. The second call happens almost right after the first one and it is just a check if the principal exists in the keytab, without any output information other than success/failure. It is probably a left over from https://fedorahosted.org/sssd/ticket/781. This patch removes the second call.
* LDAP: Handle empty namingContexts values safelyStephen Gallagher2012-09-261-0/+8
| | | | | | | | Certain LDAP servers can return an empty string as the value of namingContexts. We need to treat these as NULL so that we can fail gracefully. https://fedorahosted.org/sssd/ticket/1542
* SYSDB: Remove unnecessary domain parameter from several sysdb callsJakub Hrozek2012-09-242-2/+2
| | | | | The domain can be read from the sysdb object. Removing the domain string makes the API more self-contained.
* AUTOFS: Use both key and value in entry RDNJakub Hrozek2012-09-241-2/+10
| | | | | | This patch switches from using just key in the RDN to using both key and value. That is neccessary to allow multiple direct mounts in a single map.
* AUTOFS: Add entry objects below map objectsJakub Hrozek2012-09-241-43/+91
| | | | | | | | https://fedorahosted.org/sssd/ticket/1506 Changes how the new autofs entry objects are handled. Instead of creating the entry on the cn=autofs,cn=custom level, the entry is created below the map it belongs to.
* AUTOFS: Do not fail if search base is not providedJakub Hrozek2012-09-241-2/+2
|
* AD: Handle sysdb lookup failure during tokenGroups processingStephen Gallagher2012-09-241-0/+6
|
* sdap_add_incomplete_groups(): fix ret may be uninitialized warningPavel Březina2012-09-241-1/+1
|
* AD: Optimize initgroups lookups with tokenGroupsStephen Gallagher2012-09-243-4/+313
| | | | https://fedorahosted.org/sssd/ticket/1355
* AD: Detect domain controller compatibility versionStephen Gallagher2012-09-243-0/+44
|
* AD: autorid compatibility should recommend the use of default domainStephen Gallagher2012-09-241-4/+4
| | | | | | | | | | | Previously, we were failing to start if ldap_idmap_autorid_compat was True but the default domain SID was unspecified. This is the recommended configuration, but it is functional without it. There is just a slight risk that the IDs will be inconsistent between machines if the first user requested is not from the default domain. https://fedorahosted.org/sssd/ticket/1530
* SSSD fails to store users if any of the requested attribute is empty.Michal Zidek2012-09-201-0/+6
| | | | https://fedorahosted.org/sssd/ticket/1440
* Add more debuginfo into ldap_childOndrej Kos2012-09-201-23/+36
| | | | | | | https://fedorahosted.org/sssd/ticket/1225 krb5_child already updated before. Adding more debuginfo into ldap_child. Also old debug levels rewritten into new macros.
* Failover: use _srv_ when no primary server is definedPavel Březina2012-09-171-12/+3
| | | | https://fedorahosted.org/sssd/ticket/1521
* FO: Check server validity before setting statusJakub Hrozek2012-09-132-8/+17
| | | | | | | | | | | | | | | | | The list of resolved servers is allocated on the back end context and kept in the fo_service structure. However, a single request often resolves a server and keeps a pointer until the end of a request and only then gives feedback about the server based on the request result. This presents a big race condition in case the SRV resolution is used. When there are requests coming in in parallel, it is possible that an incoming request will invalidate a server until another request that holds a pointer to the original server is able to give a feedback. This patch simply checks if a server is in the list of servers maintained by a service before reading its status. https://fedorahosted.org/sssd/ticket/1364
* Don't terminate the same connection twiceJakub Hrozek2012-09-051-6/+0
| | | | https://fedorahosted.org/sssd/ticket/1488
* Retry the next server if bind during LDAP auth times outJakub Hrozek2012-09-051-1/+6
|
* Fix: IPv6 address with square brackets doesn't work.Michal Zidek2012-08-231-0/+7
| | | | https://fedorahosted.org/sssd/ticket/1365
* Unify usage of sysdb transactionsMichal Zidek2012-08-236-36/+93
| | | | | | Removing bad examples of usage of sysdb_transaction_start/commit/end functions and making it more consistent (all files except of src/db/sysdb_*.c).
* Clean up cache on server reinitializationPavel Březina2012-08-235-4/+403
| | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/734 We successfully detect when the server is reinitialized by testing the new lastUSN value. The maximum USN values are set to zero, but the current cache content remains. This patch removes records that were deleted from the server. It uses the following approach: 1. remove entryUSN attribute from all entries 2. run enumeration 3. remove records that doesn't have entryUSN attribute updated We don't need to do this for sudo rules, they will be refreshed automatically during next smart/full refresh, or when an expired rule is deleted.
* Remove compilation warning: ret may be uninitializedPavel Březina2012-08-211-0/+2
|
* Process all groups from a single nesting levelJakub Hrozek2012-08-211-4/+14
| | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=846664 If the first group was cached when processing the nested group membership, we would call tevent_req_done, effectivelly marking the whole nesting level as done.
* Duplicate detection in fail over did not work.Michal Zidek2012-08-151-1/+6
| | | | https://fedorahosted.org/sssd/ticket/1472
* When ldap_group_nesting_level was reached, the LDAP provider tried to link ↵Michal Zidek2012-08-101-1/+45
| | | | | | group members with groups outside nesting limit. https://fedorahosted.org/sssd/ticket/1194
* SRV resolution for backup servers should not be permitted.Michal Zidek2012-08-091-1/+9
| | | | https://fedorahosted.org/sssd/ticket/1463
* Change default for ldap_idmap_range_min to 200000Jakub Hrozek2012-08-091-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1462
* Rename SYSDB_SUDO_CACHE_AT_OC to SYSDB_SUDO_CACHE_OCPavel Březina2012-08-072-3/+3
| | | | | It does not contain name of the object class attribute but the value itself. I renamed it to avoid confusion.
* shadow attributes can contain -1Pavel Březina2012-08-061-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1393
* Primary server support: new options in krb5 providerJan Zeleny2012-08-013-4/+5
| | | | | | This patch adds support for new config options krb5_backup_server and krb5_backup_kpasswd. The description of this option's functionality is included in man page in one of previous patches.
* Primary server support: new option in ldap providerJan Zeleny2012-08-013-4/+7
| | | | | | This patch adds support for new config option ldap_backup_uri. The description of this option's functionality is included in man page in previous patch.
* Primary server support: LDAP adaptationJan Zeleny2012-08-013-35/+84
| | | | | | This patch adds support for the primary server functionality into LDAP provider. No backup servers are added at the moment, just the basic support is in place.
* Primary server support: support for "disconnecting" connections in LDAPJan Zeleny2012-08-011-4/+37
| | | | | | | | | This patch adds support for marking existing connections as being disconnected. Each such connection can't be used for new queries and a new one has to be created instead if necessary. This will ensure that pending operations will end gracefully during reconnection. Also all new queries to the server we are reconnecting to will use another (probably newly created) connection.
* Primary server support: basic support in failover codeJan Zeleny2012-08-011-2/+2
| | | | | | | | Now there are two list of servers for each service. If currently selected server is only backup, then an event will be scheduled which tries to get connection to one of primary servers and if it succeeds, it starts using this server instead of the one which is currently connected to.
* Unbreak SASLPavel Březina2012-07-311-9/+12
| | | | | | | Patch bc76428246c4ce532abd0eadcd539069fc1d94a8 changed the data type of sasl_minssf from int to ber_len_t. Unfortunately, default value of ldap_sasl_minssf is -1 but ber_len_t is defined as unsigned long. This made SASL mechanism inoperative.
* sudo ldap provider: support autoconfiguration of hostnamesPavel Březina2012-07-301-6/+275
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1420 sudoHost attribute may contain hostname or fqdn of the machine. Sudo itself supports only one hostname and its fqdn - the one that is returned by gethostbyname(). This patch implements autoconfiguration of hostname and fqdn if it has not been set manually by ldap_sudo_hostnames option.
* sdap_sudo.c: add missing end of line in few debug messagesPavel Březina2012-07-231-3/+3
|
* Fix uninitialized valuesNick Guay2012-07-183-8/+8
| | | | https://fedorahosted.org/sssd/ticket/1379
* LDAP: Properly cast type for MINSSF valueJan Vcelak2012-07-181-11/+9
|
* Fixed wrong number in shadowLastChangeJan Zeleny2012-07-161-1/+2
| | | | | The attribute is supposed to contain number of days since the epoch, not the number of seconds.
* Fix incorrect error-checkStephen Gallagher2012-07-091-1/+1
| | | | Coverity #12770
* Fix potential NULL-dereferenceStephen Gallagher2012-07-091-1/+3
| | | | Coverity #12797
* Fix uninitialized variableStephen Gallagher2012-07-091-0/+1
| | | | Coverity #12802
* Revert commit 4c157ecedd52602f75574605ef48d0c48e9bfbe8Stef Walter2012-07-061-15/+0
| | | | | | | | * This broke corner cases when used with default_tkt_types = des-cbc-crc and DES enabled on an AD domain. * This is fixed in kerberos instead, in a more correct way and in a way which we cannot replicate.
* LDAP: Rename user and group maps for ADStephen Gallagher2012-07-062-4/+4
| | | | This will eliminate ambiguity for the AD provider
* KRB5: Drop memctx parameter of krb5_try_kdcipStephen Gallagher2012-07-061-1/+1
| | | | | | | | | | | | | | | | This function is not supposed to return any newly-allocated memory directly. It was actually leaking the memory for krb5_servers if krb5_kdcip was being used, though it was undetectable because it was allocated on the provided memctx. This patch removes the memctx parameter and allocates krb5_servers temporarily on NULL and ensures that it is freed on all exit conditions. It is not necessary to retain this memory, as dp_opt_set_string() performs a talloc_strdup onto the appropriate context internally. It also updates the DEBUG messages for this function to the appropriate new macro levels.