| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
When the ldap child process is killed after a timeout, try the next KDC.
When none of the ldap child processes succeed, just abort the connection
because we wouldn't be able to authenticate to the LDAP server anyway.
https://fedorahosted.org/sssd/ticket/1324
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previous version of the SSSD did not abort the async LDAP search
operation on errors. In cases where the request ended in progress, such
as when the paging was very strictly limited, the old versions at least
returned partial data.
This patch special-cases the LDAP_SIZELIMIT_EXCEEDED error to avoid a
user-visible regression.
https://fedorahosted.org/sssd/ticket/1322
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1320
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1258
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1307
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1249
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1282
|
|
|
|
|
|
|
|
|
| |
There were many places where we were printing (null) to the logs
because a NULL keytab name tells libkrb5 to use its configured
default instead of a particular path. This patch should clean up
all uses of this to print "default" in the logs.
https://fedorahosted.org/sssd/ticket/1288
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1270
|
|
|
|
| |
case-insensitive domains
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1260
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1274
|
|
|
|
|
|
|
|
|
|
| |
We were never freeing "result" if it was allocated by
ldap_result(). We were also not freeing "errmsg" if it was
allocated but ldap_parse_result() returned an error.
Also disambiguate error messages from ldap_parse_result() and
error messages from sss_ldap_get_diagnostic_msg() since they use
differing memory-management functions.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
If we can't reach the RootDSE, let's just proceed as if it's
unavailable with reasonable defaults. If we fail later on, that's
fine.
Fixes https://fedorahosted.org/sssd/ticket/1257
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1242
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1238
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1227
|
|
|
|
| |
We want to consume this in the IPA provider.
|
|
|
|
|
|
|
| |
Instead of keeping the number of parent groups in "state" and having to
reset the count when moving to another group on the same level, keep
track of the all groups on a particular level along with their parents
and parent count.
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1214
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function alters the memory hierarchy of the be_req
to ensure memory safety during shutdown. It creates a
spy on the be_cli object so that it will free the be_req
if the client is freed.
It is generally allocated atop the private data context
for the appropriate back-end against which it is being
filed.
https://fedorahosted.org/sssd/ticket/1226
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1215
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1217
|
|
|
|
|
|
|
|
| |
We now have a session module that is only available for the IPA
provider. We should not be logging noisily that other providers
do not have the session provider configured.
https://fedorahosted.org/sssd/ticket/1211
|
| |
|
|
|
|
|
|
| |
The orig_dn here isn't being passed to a filter and therefore must
not be santized, as the sanitization process would break DNs that
contain (among other things) parentheses.
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1136
|
|
|
|
|
|
|
|
|
|
| |
The paging control can cause issues on servers that put limits on
how many paging controls can be active at one time (on some
servers, it is limited to one per connection). We need to reduce
our usage so that we only activate the paging control when making
a request that may return an arbitrary number of results.
https://fedorahosted.org/sssd/ticket/1202 phase one
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1168
|
|
|
|
| |
This was only used for properly identifying debug messages.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Previously, we were using sdap_parse_search_base() for setting up
the search_base objects for use in IPA. However, this was
generating unfriendly log messages about unknown search base
types. This patch creates a new common_parse_search_base() routine
that can be used with either LDAP or IPA providers.
https://fedorahosted.org/sssd/ticket/1151
|
| |
|
|
|
|
|
|
|
|
| |
Instead of failing the group lookup, just skip them. This was
impacting some users of ActiveDirectory where not all users had
the appropriate attributes.
https://fedorahosted.org/sssd/ticket/1169
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1173
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1186
|