| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
LDAP server can contain template for home directory instead of plain string.
This patch adds new expand option "%H", which will be replaced with value
from configuration option homedir_substring (from sssd.conf)
Resolves:
https://fedorahosted.org/sssd/ticket/1853
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Function expand_homedir_template had lot of parameters.
After adding new expand option, all function call should be rewritten,
(usually argument NULL will be added)
This patch wraps all necessary arguments to structure.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
sss_parse_name now supports NULL as output parameters so existing calls passing
arguments which were never read were substituted by NULL.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
user_map_cnt was initialized when all the traditional back ends are
initialized. However, for the server mode, we simply copy the defaults
and the count was left zeroed, which led to crashes.
Down the road, we should consider tying the map and the attribute count
together (see ticket #2336)
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit 35d420c5d4609b6e999920e38a9b2ec40a0e1ac4)
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2073
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2073
This commit adds a new option ldap_user_extra_attrs that is unset by
default. When set, the option contains a list of LDAP attributes the LDAP
provider would download and store in addition to the usual set.
The list can either contain LDAP attribute names only, or colon-separated
tuples of LDAP attribute and SSSD cache attribute name. In case only LDAP
attribute name is specified, the attribute is saved to the cache verbatim.
Using a custom SSSD attribute name might be required by environments that
configure several SSSD domains with different LDAP schemas.
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The sdap_copy_opts function copied all the arguments except for the
sentinel.
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit fcb8e3f1f49bb34c409d8dbd75889eb72be05517)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2072
This commit only adds the responder and the needed plumbing. No DBus
related code is in yet.
(cherry picked from commit cb4d5b588e704114b7090678752d33512baa718e)
Conflicts:
src/conf_macros.m4
src/confdb/confdb.h
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some DBus types returned from dbus_message_get_args() require memory
to be released when done. We automatically attach these to the talloc
struct sbus_request memory context in this function.
This accepts varargs similar to dbus_message_get_args(), which are
rather awkward. However instead of reworking them completely, future
generated marshalling code will replace most uses of these varargs.
If parsing the dbus message fails, then it responds to the DBus caller
with an appropriate error such as o.f.D.Error.InvalidArgs. In these
cases (ie: when it returns FALSE) the sbus_request is finished.
Migrated some, but not all, uses of dbus_message_get_args() to the
new function. Some instances have uncommon semantics such as terminating
the connection upon failure to parse a message.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 06b7bc8ca2e005ed510210d3b8dee16afbabbcc9)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most importantly, stop using per connection private data. This doesn't
scale when you have more than one thing exporting or exported on a
connection.
Remove struct sbus_interface and expand sbus_conn_add_interface()
function. Remove various struct sbus_interface args to connection
initialization functions and make callers use sbus_conn_add_interface()
directly. The old method was optimized for exporting one interface
on a connection. We'll have connections that export zero, one or more
interfaces.
To export an interface on a DBus server, call sbus_conn_add_interface()
from within the sbus_server_conn_init_fn. To export an interface on
a DBus client, call sbus_conn_add_interface() after sbus_new_connection()
returns.
As before struct sbus_interface represents an object exported via DBus.
However it is now talloc allocated. One can set instance data on the
struct sbus_interface. This instance data is passed to the various
handlers and used in their implementation.
However, we now have type safe interface exporting in the various
high level sss_process_init() sss_monitor_init() and so on.
Introspection support was not in use, and is now gone until we
implement it using the metadata (future patch).
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 07e941c1bbdc752142bbd3b838c540bc7ecd0ed7)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
struct sbus_request represents a request from a dbus client
being handled by a dbus server implementation. The struct
contains the message, connection and method (and in the
future teh property) which is being requested.
In the future it will contain caller information as well.
sbus_request is a talloc memory context, and is a good place to
attach any allocations and memory specific to the request.
Each handler accepts an sbus_request. If a handler returns
EOK, it is assumed that the handler will finish the request.
Any of the sbus_request_*finish() methods can be used to
complete the request and send back a reply.
sbus_request_return_and_finish() uses the same argument
varargs syntax as dbus_message_append_args(), which isn't
a great syntax. Document it a bit, but don't try to redesign:
The marshalling work (will follow this patch set) will remove
the need to use varargs for most DBus implementation code.
This patch migrates the monitor and data provider dbus code
to use sbus_request, but does not try to rework the talloc
context's to use it.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit d9577dbd92555b0755881e37724019ef9c578404)
Conflicts:
src/sbus/sssd_dbus.h
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Disabling use of Token-Groups is mandatory if expansion of nested groups is not
desired (ldap_group_nesting_level = 0) for AD provider.
Resolves:
https://fedorahosted.org/sssd/ticket/2294
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 69994add9cd4e57d40b3b7a0b1783ef2d0aa974c)
|
| |
|
|
|
|
|
|
|
|
|
| |
Make ldap_group_nesting_level = 0 to ignore group nesting entirely.
Resolves:
https://fedorahosted.org/sssd/ticket/2294
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit c30f1d05d6c75080fbe8ea9868f291e7a331ad44)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This allows us to remove duplicated information, and have the
compiler check that when an method name is changed or removed
the callers are updated.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
(cherry picked from commit b668c77874c6fed325471bdcf5954979a0d734e2)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is not strictly necessary, but avoids duplicating data
in mulitple places, and makes the interface definitions
benefit dbus callers (a little).
After applying this commit you may need to 'make clean' as
the codegen has changed.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
(cherry picked from commit c2cc119de8eac712c040b3993f41c967ff2278de)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previous commits added support for interface metadata and
handler vtables. This commit ports sbus_dbus_connection to
use them.
Port the internal uses of dbus to use the new scheme in a
very minimal way. Further cleanup is possible here.
This commit provides basic definitions of the internal
dbus interfaces. The interfaces aren't fully defined, as the
handlers will continue to unpack manually, and often overload
DBus methods with different arguments (which is rather
unorthodox, but not the end of the world).
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
(cherry picked from commit 769347ad4d35d43488eb98f980143495b0db415d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is an incorrect use of DBus, where we use a single interface
name with completely different sets of methods.
Easily fixed.
Once the vtable stuff is in use then this would be automatically
detected and fail to build.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
(cherry picked from commit 3e7d7af1953410f3f009bf3b2e481a46fb80de83)
|
| |
|
|
|
|
|
|
|
|
|
| |
Remove premature call of tevent_req_done() from sdap_get_initgr_done().
Request is correctly marked as done at sdap_get_initgr_pgid().
Resolves:
https://fedorahosted.org/sssd/ticket/2334
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit fc731b54cd74e6732f1e33c7cc4ed49cab0f7c90)
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch adds some more log messages to functionality of storing groups into
sysdb. As these functions are low level and failures are often handled on
higher levels the commonly chosen level is SSSDBG_TRACE_LIBS.
Related:
https://fedorahosted.org/sssd/ticket/2239
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2322
When the AD subdomains code looked up the root domain subsequently
(after the domain list was already populated), the non-root domains
might have been removed along with their respective tasks, because the
root domain lookup only ever matched a single root domain.
This could cause havoc especially during login when different lookups
for different domains might be going on during user group refresh.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit 66e1502f956ee71de6cd51c37f7752f8aa14f5f5)
|
| |
|
|
|
|
|
|
|
|
|
| |
As the connection code is async-driven, the LDAP handle might be
invalidated before SSSD attempts to use it. Similar to commit
5fe6ca5e339fd345119752e996c14edf8db57660, this patch adds a NULL check
for the LDAP handle and aborts the request instead of crashing.
Resolves:
https://fedorahosted.org/sssd/ticket/2305
(cherry picked from commit 997d4bcd8e994932ac15c42524bb9f00055ee322)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove support for specifying old debug levels to the DEBUG macro:
* remove debug_get_level function which was used for conversion,
* remove debug_get_level tests,
* remove mentions of old/new levels from DEBUG and DEBUG_IS_SET
macro descriptions,
* rename "newlevel" argument of debug_fn to just "level".
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
(cherry picked from commit 5c233380e1ebf641f6106a34d7b94f9e9a606589)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script (identical to commit
83bf46f4066e3d5e838a32357c201de9bd6ecdfd) to update DEBUG* macro
invocations, which use literal numbers for levels, to use bitmask macros
instead:
grep -rl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e 'use strict;
use File::Slurp;
my @map=qw"
SSSDBG_FATAL_FAILURE
SSSDBG_CRIT_FAILURE
SSSDBG_OP_FAILURE
SSSDBG_MINOR_FAILURE
SSSDBG_CONF_SETTINGS
SSSDBG_FUNC_DATA
SSSDBG_TRACE_FUNC
SSSDBG_TRACE_LIBS
SSSDBG_TRACE_INTERNAL
SSSDBG_TRACE_ALL
";
my $text=read_file(\*STDIN);
my $repl;
$text=~s/
^
(
.*
\b
(DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM)
\s*
\(\s*
)(
[0-9]
)(
\s*,
)
(
\s*
)
(
.*
)
$
/
$repl = $1.$map[$3].$4.$5.$6,
length($repl) <= 80
? $repl
: $1.$map[$3].$4."\n".(" " x length($1)).$6
/xmge;
print $text;
' < "$f.orig" > "$f"
rm "$f.orig"
done
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.
This script was used to update the code
(identical to commit a3c8390d19593b1e5277d95bfb4ab206d4785150):
grep -rwl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e \
'use strict;
use File::Slurp;
my $text=read_file(\*STDIN);
$text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
print $text;' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2322
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit ed61bfc5184d9c7a46d17681a22a1abb64423708)
|
| |
|
|
|
|
|
| |
ad_subdomains_refresh() always set value to output parameter 'changes' if EOK is returned.
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit cef2384a3a6fc1a1637c6a55e2bced93d28e8fca)
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2239
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We were assuming that the forest had been looked up by netlogon, but
this is not available on Samba 4 domains. We need to check that the
forest is NULL and force the lookup.
Resolves:
https://fedorahosted.org/sssd/ticket/2311
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 8653b547d6142b69c62daa3cd74c251b2b9aecb7)
|
| |
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 7ac7dec08ec2c82a86fd6a90388993cfcee26da1)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2300
The list of SELinux mapping orders was allocated on tmp_ctx and parsed
into an array. The array itself was correctly allocated on mem_ctx but
its contents remained on tmp_ctx, leading to a use-after-free error.
This patch fixes the memory hierarchy so that both the array and its
contents are allocated on mem_ctx.
(cherry picked from commit 355b8a655cfcc4e783077d12f76b55da1d23fb87)
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2285
Only the forest root has the knowledge about all the domains in the forest,
the forest leaves only see themselves and the forest root.
This patch switches to connecting to the forest root for downloading the
trusted domains instead of the server we are connected to.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Function sysdb_attrs_get_el can enlarge array of ldb_message_element in "struct
sysdb_attrs" if attribute is not among available attributes. Array will be
enlarged with function talloc_realloc but realloc can move array to another
place in memory therefore ldb_message_element should not be used after next
call of function sysdb_attrs_get_el
sysdb_attrs_get_el(netgroup, SYSDB_ORIG_MEMBER_USER, &user_found);
sysdb_attrs_get_el(netgroup, SYSDB_ORIG_MEMBER_HOST, &host_found);
With netgroups, it is common to omit user or host from netgroup triple.
There is very high probability that realloc will be called. it is possible
pointer user_found can refer to the old area after the second call of function
sysdb_attrs_get_el.
Resolves:
https://fedorahosted.org/sssd/ticket/2284
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit c048657aa2fbb246b5dc199ef6101bfd6e5eeaea)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2271
The current krb5_child code attempts to get a TGT for the convenience of
the user using the new password after a password change operation.
However, an OTP should never be used twice, which means we can't perform
the kinit operation after chpass is finished. Instead, we only print a
PAM information instructing the user to log out and back in manually.
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
After changing the Kerberos password krb5-child will try to get a fresh
TGT with the new password. This patch tries to make sure the right gic
options are used.
Resolves: https://fedorahosted.org/sssd/ticket/2289
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Additionally the lifetime option flags are unset if there are no
explicit settings to make sure the defaults from krb5.conf are used even
if other values were set manually in between.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix some incorrect types passed to dbus_message_get_args(),
dbus_message_append_args() or functions accepting similar
varargs and types.
In particular sizeof(bool) != sizeof(dbus_bool_t) on most
platforms. This probably only worked because the compiler
was aligning stack variables and so writing off the end of
one of them wasn't the end of the world.
In addition fix cases where int != int32_t != uint32_t.
Although these will work on many common platforms, assuming
these are interchangeable is not cross platform safe.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 5bad17538eab85ce69e0355cd25b52b4a473cc36)
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2282
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported by scan-build
for (mi = 0; group_only[mi]; mi++) {
^~~~~~~~~~
warning: Array access (from variable 'group_only') results in a null pointer
dereference
It can happend if function ad_group_extra_members fails (ret != EOK)
Reviewed-by: Simo Sorce <simo@redhat.com>
(cherry picked from commit bad65473c4c28ecbf2b6bd374a7ae2d634d57d8d)
|
| |
|
|
|
|
|
| |
Fixes https://fedorahosted.org/sssd/ticket/2279
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 63bf0b7697d5a51b5338070d0e2652d49a4728ce)
|
| |
|
|
|
|
|
|
|
|
|
| |
We blindly used the user's domain for everything. That wrong in case the
user comes from a subdomain. We should use the IPA domain for accessing
the SELinux rules and host data and the user domain only for the user.
https://fedorahosted.org/sssd/ticket/2270
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 36f606d6743e77721bedeed0907f1be7a19fa4f4)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2251
By connecting to GC for users from both trusted domains and parent
domain, we lose the ability to download the shell and homedir if these
are used with ID mapping.
This patch changes the user lookups only. Changing the logic for all
lookups would break cross-domain group memberships, for example.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit bb8a08118db0916bf8252a9481c16271ec20acd3)
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before this patch, a different set of options was used when calling
krb5_get_init_creds_password() for the changepw principal. Because
this set of options did not contain the same FAST settings as the
options for normal requests, all authentication would fail when the
password of a FAST-only account would expire.
The two sets approach was cargo-cult from kinit where multiple
requests could be issued using the same options set. However, in the
case of krb5_child, only one request (or occasionally a well-defined
second request) will be issued. Two option sets are therefore not
required.
To fix this problem we removed the second option set used for changepw
requests. All requests now use a single option set which is modified,
if needed, for well-defined subsequent requests.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2264
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In older IPA server versions where the AD users where looked up by
winbind the user name component of the home directory path was always
lower case. This still holds for IPA clients as well. To avoid
regression this patch makes the user name component lower case as well.
Fixes https://fedorahosted.org/sssd/ticket/2263
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 48b1db73639135dd4a15ee153f958c912836c621)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the sudo target to the AD provider. The main reason is
to cover different default settings in the LDAP and AD provider. E.g.
the default for ldap_id_mapping is True in the AD provider and False
in the LDAP provider. If ldap_id_mapping was not set explicitly in the
config file both components worked with different setting.
Fixes https://fedorahosted.org/sssd/ticket/2256
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 61804568ce5ede3b1a699cda17c033dd6c23f0e3)
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2257
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 90afedb00608547ae1f32aa7aafd552c4b306909)
|
