| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1612
This patch changes the handling of ghost attributes when saving the
actual user entry. Instead of always linking all groups that contained
the ghost attribute with the new user entry, the original member
attributes are now saved in the group object and the user entry is only
linked with its direct parents.
As the member attribute is compared against the originalDN of the user,
if either the originalDN or the originalMember attributes are missing,
the user object is linked with all the groups as a fallback.
The original member attributes are only saved if the LDAP schema
supports nesting.
|
|
|
|
|
| |
The domain can be read from the sysdb object. Removing the domain string
makes the API more self-contained.
|
|
|
|
|
|
| |
This patch switches from using just key in the RDN to using both key and
value. That is neccessary to allow multiple direct mounts in a single
map.
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1506
Changes how the new autofs entry objects are handled. Instead of
creating the entry on the cn=autofs,cn=custom level, the entry is
created below the map it belongs to.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch keeps a local copy of the subdomains in the ipa subdomains plugin
context.
This has 2 advantages:
1. allows to check if anything changed w/o always hitting the sysdb.
2. later will allows us to dump this information w/o having to retrieve it
again. The timestamp also allows to avoid refreshing too often.
|
|
|
|
| |
This will be used later for setting domain_realm mappings in krb5.conf
|
|
|
|
|
| |
Declaring a bunch of structures as const and then wrapping all uses in
discard_const_p() is a bit silly. Remove all these useless decorations.
|
|
|
|
|
| |
Rename the structure to use a standard name prefix so it is properly
name-spaced, in preparation for changing the structure itself.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a regression in the local domain tools where sss_groupadd no longer
detected a GID duplicate. The check for EEXIST is moved one level up into
more high level function.
The patch also adds the same rename support for users. I found it odd that
we allowed a rename of groups but not users. There is a catch when storing
a user -- his cached password would be gone. I think that renaming a user
is such a rare operation that it's not severe, plus there is a warning in
the logs.
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1136
|
| |
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/836
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removed:
SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED)
Added new macro:
CONVERT_AND_SET_DEBUG_LEVEL(new_value)
Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0
so DEBUG macro could be reduced by one condition. Anyway, it has a minor
effect, every time you want to load debug_level from command line parameters,
you have to use following pattern:
/* Set debug level to invalid value so we can deside if -d 0 was used. */
debug_level = SSSDBG_INVALID;
pc = poptGetContext(argv[0], argc, argv, long_options, 0);
while((opt = poptGetNextOpt(pc)) != -1) { ... }
CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/925
Conversion of the old debug_level format to the new one.
(only where it was necessary)
Removed:
SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
|
|
|
|
|
|
| |
This patch deletes memory context parameter in those places in sysdb
where it is not necessary. The code using modified functions has been
updated. Tests updated as well.
|
|
|
|
|
| |
The patch also updates code using modified functions. Tests have also
been adjusted.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Sometimes, a value in LDAP will cease to exist (the classic
example being shadowExpire). We need to make sure we purge that
value from SSSD's sysdb as well.
https://fedorahosted.org/sssd/ticket/750
|
|
|
|
| |
Includes a unit test
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/714
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Previously, it assumed that all members were users. This changes
the interface so that either a user or a group can be specified.
Also, it eliminates the need for a memory context to be passed,
since the internal memory should be self-contained.
|
|
|
|
| |
Useful for optimizing the initgroups operation.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
This might be useful for examining the test database manually with LDB tools
|
|
|
|
|
|
|
|
| |
This function will take a user, a list of groups that this user
should be added to and a list of groups the user should be removed
from and will recursively call sysdb_[add|remove]_group_member
Includes a unit test
|
| |
|
|
|
|
|
|
|
| |
If the configuration option krb5_store_password_if_offline is set to
true and the backend is offline the plain text user password is stored
and used to request a TGT if the backend becomes online. If available
the Linux kernel key retention service is used.
|
|
|
|
|
|
| |
When we converted to the synchronous sysdb interface, the
synchronous-simulating function test_loop() became unnecessary,
but we forgot to remove it.
|
|
|
|
| |
This commit completes the migration to a synchronous sysdb
|
| |
|
| |
|
| |
|
| |
|