summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap
Commit message (Collapse)AuthorAgeFilesLines
* Add helper function msgs2attrs_arrayStephen Gallagher2011-07-082-0/+33
| | | | | This function converts a list of ldb_messages into a list of sysdb_attrs.
* Use ldap_init_fd() instead of ldap_initialize() if availableSumit Bose2011-06-303-37/+88
|
* Use name based URI instead of IP address based URIsSumit Bose2011-06-301-37/+2
|
* Add sdap_call_conn_cb() to call add connection callback directlySumit Bose2011-06-302-0/+40
|
* Add sockaddr_storage to sdap_serviceSumit Bose2011-06-302-0/+12
|
* Do not check pwdAttributeSumit Bose2011-06-161-9/+0
| | | | | | | It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy.
* Switch resolver to using resolv_hostent and honor TTLJakub Hrozek2011-06-151-2/+2
|
* Non-posix group processing - ldap provider and nss responderJan Zeleny2011-06-022-28/+79
|
* Use escaped IP addresses in LDAP providerJakub Hrozek2011-06-021-6/+56
|
* Sanitize username during initgroups callSumit Bose2011-05-251-1/+7
|
* Separate return paths for success and failure in sdap_nested_group_check_cacheJakub Hrozek2011-05-251-6/+10
|
* Make "password" the default for ldap_default_authtok_typeStephen Gallagher2011-05-241-1/+1
|
* Fix uninitialized scalar variable in sdap_nested_group_check_cacheJakub Hrozek2011-05-241-2/+4
| | | | https://fedorahosted.org/sssd/ticket/878
* Fix uninitialized pointer read in sdap_x_deref_parse_entryJakub Hrozek2011-05-241-1/+1
| | | | https://fedorahosted.org/sssd/ticket/877
* Fix bad comparison in sdap_has_deref_supportJakub Hrozek2011-05-241-1/+1
| | | | https://fedorahosted.org/sssd/ticket/876
* Use dereference when processing RFC2307bis nested groupsJakub Hrozek2011-05-203-15/+457
| | | | | | | | Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799
* Refactor RFC2307bis nested group processingJakub Hrozek2011-05-201-123/+188
| | | | | | This patch splits checking cache and hash tables into standalone functions. This will make it easy to reuse the code in a new branch that uses dereferencing.
* Use fake users during RFC2307bis nested group processingJakub Hrozek2011-05-201-13/+165
| | | | | | Instead of downloading complete user data which is potentionally very slow, only download the necessary minimum information and store the users as dummy entries.
* Change sysdb_add_fake_user to add OriginalDNJakub Hrozek2011-05-201-1/+1
| | | | | RFC2307bis code relies heavily on originalDN, so the fake users need to have an option to store it, too.
* Generic dereference searchJakub Hrozek2011-05-202-0/+157
| | | | | | A generic wrapper around ASQ and OpenLDAP dereference searches. https://fedorahosted.org/sssd/ticket/635
* OpenLDAP dereference searchesJakub Hrozek2011-05-203-0/+376
| | | | | | | | This dereference method is supported at least by OpenLDAP and 389DS/RHDS For more details, see: http://tools.ietf.org/html/draft-masarati-ldap-deref-00
* Add support for Attribute Scoped QueriesJakub Hrozek2011-05-201-0/+203
| | | | | | For more details on ASQ, see: http://msdn.microsoft.com/en-us/library/aa366976%28VS.85%29.aspx http://msdn.microsoft.com/en-us/library/aa746418%28v=VS.85%29.aspx
* Generic dereference data structures and utilitiesJakub Hrozek2011-05-202-0/+45
| | | | These will be shared by both dereference methods in a later patch.
* sdap_get_generic_extJakub Hrozek2011-05-201-73/+202
| | | | | | | | | | | Add a private sdap_get_generic_ext_send()/_recv() request that exposes more of ldap_search_ext options, in particular the server contols. The existing sdap_generic_search_send()/_recv() request is now a thin wrapper around the new _ext request. The other important change is that an entry parsing is a callback now. That was done in order to allow custom parsing for results such as OpenLDAP deref or Attribute Scoped Queries.
* Remove append_attrs_to_arrayJakub Hrozek2011-05-202-12/+0
| | | | This function was not used anywhere
* IPA Provider: don't fail if user is not a member of any groupsStephen Gallagher2011-05-201-2/+5
|
* Possible memory leak fixedJan Zeleny2011-05-161-1/+1
|
* Fixed wrong variable in sdap_initgr_nested_storeJan Zeleny2011-05-161-1/+1
|
* Fixed lastUSN checking improvementsJan Zeleny2011-05-043-5/+23
| | | | | | | | This patch fixes some issues with setting lastUSN attribute and it adds check against the highest user/group USN after enumeration to keep better track of the real highest USN. Optimal solution here would be to schedule a check of rootDSE entry right after the enumeration finishes, but for the moment this is good enough.
* Do not leak LDAP URI with high log levelJakub Hrozek2011-05-041-2/+7
|
* Do not leak LDAP paging controlsJakub Hrozek2011-04-281-0/+5
|
* Add ldap_page_size configuration optionStephen Gallagher2011-04-274-3/+9
|
* Enable paging support for LDAPStephen Gallagher2011-04-271-23/+117
|
* Log the LDAP message type we're processingStephen Gallagher2011-04-271-0/+57
|
* Modify principal selection for keytab authenticationJan Zeleny2011-04-255-6/+19
| | | | | | | | | | | | | | | | Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
* Add last usn checking after reconnectionJan Zeleny2011-04-192-1/+31
| | | | | | | | | | | When reconnecting to the LDAP server supporting USNs (either because of new incomming id operation or invokation of callback responsible for checking status of the backend), detect whether the highest USN is lower than the one SSSD has recorded. If so, setup enumeration/cleanup to refresh potentionally changed account information in the SSSD cache. Related ticket: https://fedorahosted.org/sssd/ticket/734
* Add value of the last USN to server configurationStephen Gallagher2011-04-192-0/+16
| | | | | Related: https://fedorahosted.org/sssd/ticket/734
* Add user and group search LDAP filter optionsJakub Hrozek2011-04-194-19/+82
| | | | https://fedorahosted.org/sssd/ticket/647
* Do not throw a DP error when failing to delete a nonexistent entityStephen Gallagher2011-04-151-4/+4
|
* Never remove gecos from the sysdb cacheStephen Gallagher2011-04-121-0/+9
| | | | | Now that gecos can come from either the 'gecos' or 'cn' attributes, we need to ensure that we never remove it from the cache.
* Initialise rootdse to NULL if not availableSumit Bose2011-04-121-0/+1
|
* Initialise srv_opts even if rootDSE is missingSumit Bose2011-04-112-46/+49
|
* Read only rootDSE data if rootDSE is availableSumit Bose2011-04-081-20/+22
|
* Fix unchecked return values of pam_add_responseJakub Hrozek2011-04-081-2/+7
| | | | https://fedorahosted.org/sssd/ticket/798
* Don't pass NULL to printf for TLS errorsJakub Hrozek2011-04-083-33/+24
| | | | https://fedorahosted.org/sssd/ticket/643
* Only save members for successfully saved groupsJakub Hrozek2011-04-011-2/+17
|
* Fall back to cn if gecos is not availableStephen Gallagher2011-03-301-0/+9
| | | | | | | | | | | | | We were not fully compliant with section 5.3 of RFC 2307 which states: An account's GECOS field is preferably determined by a value of the gecos attribute. If no gecos attribute exists, the value of the cn attribute MUST be used. (The existence of the gecos attribute allows information embedded in the GECOS field, such as a user's telephone number, to be returned to the client without overloading the cn attribute. It also accommodates directories where the common name does not contain the user's full name.)
* Mark transaction as done when cancelledJakub Hrozek2011-03-281-2/+8
|
* RFC2307: Ignore zero-length member names in group lookupsStephen Gallagher2011-03-281-0/+4
|
* Always complete the transaction in sdap_process_group_members_2307Stephen Gallagher2011-03-281-0/+11
| | | | | | If the loop ran through at least one sdap_process_missing_member_2307() call and errored out later, we were not canceling the transaction.
generated by cgit (git 2.34.1) at 2024-06-30 10:30:55 +0000