| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
also fix sysdb_svc_add declarations
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Also remove sysdb_delete_domgroup()
|
|
|
|
| |
Also remove sysdb_delete_domuser()
|
| |
|
|
|
|
| |
Also changes sysdb_search_custom_by_name()
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Also remove sysdb_store_domgroup()
|
|
|
|
| |
Also remove sysdb_store_domuser()
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Also remove unused sysdb_search_domgroup_by_gid()
|
|
|
|
| |
Also remove unused sysdb_search_domgroup_by_name()
|
|
|
|
| |
Also remove unused sysdb_search_domuser_by_uid()
|
|
|
|
| |
Also remove unused sysdb_search_domuser_by_name()
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore
fqnames proper value in subdomains, by testing for a parent domain being
present or not.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Bring it out of sysdb, which will slowly remove internal dependencies on
domains and instead will always require them to be passed by callers.
|
|
|
|
|
| |
Make it clear to the API users that we can not take arbitrary auth tokens.
We can only take a password for now so simplify and clarify the interface.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1652
It is possible to simply reset the list of ghost users to a different one
during a modify operation. It is also actually how we update entries that
are expired in the SSSD cache.
In this case, we must be careful and retain the ghost users that are not
native to the group we are processing but are rather inherited from child
groups. The intention of the replace operation after all is to set the
list of direct members of that group, not direct and indirect.
|
|
|
|
|
|
|
| |
Similar to the add and delete operation, we also need to propagate the
changes of the ghost user attribute to the parent groups so that if a
nested group updates memberships, its parents also get the membership
updated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1668
The memberof plugin did only expand the ghost users attribute to
parents when adding a nested group, but didn't implement the reverse
operation.
This bug resulted in users being reported as group members even
after the direct parent went away as the expanded ghost attributes were
never removed from the parent entry.
When a ghost entry is removed from a group, all its parent groups are
expired from the cache by setting the expire timestamp to 1. Doing so
would force the SSSD to re-read the group next time it is requested in
order to make sure its members are really up-to-date.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a nested group with ghost users is added, its ghost attribute should
propagate within the nested group structure much like the memberuid
attribute. Unlike the memberuid attribute, the ghost attribute is only
semi-managed by the memberof plugin and added manually to the original
entry.
This bug caused LDB errors saying that attribute or value already exists
when a group with a ghost user was added to the hierarchy as groups were
updated with an attribute they already had.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1612
This patch changes the handling of ghost attributes when saving the
actual user entry. Instead of always linking all groups that contained
the ghost attribute with the new user entry, the original member
attributes are now saved in the group object and the user entry is only
linked with its direct parents.
As the member attribute is compared against the originalDN of the user,
if either the originalDN or the originalMember attributes are missing,
the user object is linked with all the groups as a fallback.
The original member attributes are only saved if the LDAP schema
supports nesting.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1495
|
|
|
|
|
| |
The domain can be read from the sysdb object. Removing the domain string
makes the API more self-contained.
|
|
|
|
|
|
| |
This patch switches from using just key in the RDN to using both key and
value. That is neccessary to allow multiple direct mounts in a single
map.
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1506
Changes how the new autofs entry objects are handled. Instead of
creating the entry on the cn=autofs,cn=custom level, the entry is
created below the map it belongs to.
|