summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Perform initgroups lookups for all domainsStephen Gallagher2011-02-211-3/+5
| | | | | | | | | | Previously, we were setting the client context PAM lookup timeout after the first domain replied. However, if the user wasn't a member of the first domain, their information wasn't being updated. This patch ensures that we only set this timeout after the user has been found or all domains were searched.
* Remove renewal item if it is not re-addedSumit Bose2011-02-181-1/+34
|
* Remove cached user entry if initgroups returns ENOENTStephen Gallagher2011-02-181-0/+11
| | | | | This behavior was present for getpwnam() but was lacking for initgroups.
* Fix for generating lists of translated man pagesSumit Bose2011-02-171-6/+6
| | | | | | In some automatic build environments the lists of translated man pages were not generated properly because ls put multiple file names into a single single.
* Point the IPA provider at the compat tree for netgroupsStephen Gallagher2011-02-171-0/+19
| | | | | | We don't yet have support for IPA's internal representation of netgroups, so we need to use its compatibility mode for the time being.
* Do not attempt to use START_TLS on SSL connectionsStephen Gallagher2011-02-164-11/+43
| | | | | | | Not all LDAP servers are capable of handling dual-encryption with both TLS and SSL. https://fedorahosted.org/sssd/ticket/795
* Verify LDAP file descriptor validityStephen Gallagher2011-02-141-1/+1
|
* Check LDB_MODULES_PATH for sysdbSumit Bose2011-02-141-0/+9
|
* Introduce sysdb_ldb_connect()Sumit Bose2011-02-141-45/+42
|
* Use neutral name for functions used by both pam and nssSimo Sorce2011-02-113-49/+64
|
* Make 'make check' look nice againSumit Bose2011-02-111-8/+0
| | | | | | | | | With current libldb releases 'make check' will print a lot of 'unable to dlopen' messages although the test will succeed. This patch place the memberof module into a directory of its own to avoid these messages. Additionally this patch introduces TESTS_ENVIRONMENT which allows us to remove the SYSDB_TEST preprocessor definition.
* Fix module registration with newer LDB libraries.Stephen Gallagher2011-02-111-1/+14
|
* Fix cleanup transactionStephen Gallagher2011-02-111-0/+1
| | | | | Without setting in_transaction=true, if the sysdb operations threw an error, we wouldn't cancel the transaction.
* Clear up -Wunused-but-set-variable warningsStephen Gallagher2011-02-113-8/+4
|
* Check that the socket is really ours before attempting to close it.Simo Sorce2011-02-081-13/+42
| | | | Fixes: https://fedorahosted.org/sssd/ticket/790
* Only print "no matching service rule" when appropriateStephen Gallagher2011-02-041-6/+6
|
* updating sss_obfuscate man page accordinglyGowrishankar Rajaiyan2011-02-031-2/+1
|
* removing password option functionalityGowrishankar Rajaiyan2011-02-031-5/+1
|
* Gracefully handle permission errors in sss_obfuscateStephen Gallagher2011-02-031-3/+15
|
* Make the domain argument mandatory in sss_obfuscateStephen Gallagher2011-02-031-2/+6
| | | | | It doesn't make sense to set a "default" domain. We should require that the domain always be specified.
* Add additional indexing for sysdbStephen Gallagher2011-02-032-1/+117
| | | | | | | | | | | | Adds an index for dataExpireTimestamp This is used for determining which users need to be removed during the cleanup task. If enumeration is enabled (or huge numbers of users have been cached), the cleanup task runs very slowly due to the non-indexed search. Also adds an index for ONELEVEL lookups, to speed up situations where we would need to request all entries under a particular node in the LDB.
* Wrap cleanup task in a sysdb transactionStephen Gallagher2011-02-031-0/+20
|
* Sanitize search filters for nested group lookupsStephen Gallagher2011-02-011-3/+17
|
* Remove LDAP_DEPRECATEDSumit Bose2011-01-311-1/+0
|
* Add option to disable TLS for LDAP authsssd-1_5_1Stephen Gallagher2011-01-275-4/+25
| | | | | Option is named to discourage use in production environments and is intentionally not listed in the SSSDConfig API.
* Do not fail if attributes are emptySumit Bose2011-01-271-16/+29
| | | | | | | Currently we fail if attributes are empty. But there are some use cases where requested attributes are empty. E.g Active Directory uses an empty member attribute to indicate that a subset of the members are in a range sub-attribute.
* Updating uk translationYuri Chornoivan2011-01-271-88/+118
| | | | Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* Update man.stamp when the potfile or po4a.cfg is updatedStephen Gallagher2011-01-251-1/+1
|
* Update translation files for string freezeStephen Gallagher2011-01-243-850/+1313
| | | | Earlier patch for strings was incomplete
* Updating translation files for string freezeStephen Gallagher2011-01-211-197/+212
|
* Updating uk manpage translationYuri Chornoivan2011-01-211-355/+496
| | | | Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* Delete attributes that are removed from LDAPStephen Gallagher2011-01-217-13/+297
| | | | | | | | Sometimes, a value in LDAP will cease to exist (the classic example being shadowExpire). We need to make sure we purge that value from SSSD's sysdb as well. https://fedorahosted.org/sssd/ticket/750
* Fix nested group handling during enumerationSumit Bose2011-01-211-0/+14
| | | | | Nested groups where not unrolled completely during the first enumeration run because not all where present in the cache.
* Fix uninitialized value errorSumit Bose2011-01-211-1/+1
|
* Rename dns_domain to discovery domain for fo_add_srv_server()Stephen Gallagher2011-01-212-8/+12
|
* Allow fallback to SSSD domainStephen Gallagher2011-01-213-7/+50
| | | | | | | | | | | | | | | | | | | | | For backwards-compatibility with older versions of the SSSD (such as 1.2.x), we need to be able to have our DNS SRV record lookup be capable of falling back to using the SSSD domain name as the DNS discovery domain. This patch modifies our DNS lookups so that they behave as follows: If dns_discovery_domain is specified, it is considered authoritative. No other discovery domains will be attempted. If dns_discovery_domain is not specified, we first attempt to look up the SRV records using the domain portion of the machine's hostname. If this returns "NOTFOUND", we will try performing an SRV record query using the SSSD domain name as the DNS discovery domain. https://fedorahosted.org/sssd/ticket/754
* Add missing include file to sdap_async_accounts.cStephen Gallagher2011-01-211-0/+1
|
* Perform initgroups lookup for PAMStephen Gallagher2011-01-211-1/+3
| | | | | Previously we were only looking up the user, but we need to make sure that all groups are available for use by access providers.
* Add the user's primary group to the initgroups lookupStephen Gallagher2011-01-213-14/+56
| | | | | The user may not be a direct member of their primary group, but we still want to make sure that group is cached on the system.
* NSS obfuscation code cleanupJakub Hrozek2011-01-201-38/+97
| | | | https://fedorahosted.org/sssd/ticket/752
* Add ldap_tls_{cert,key,cipher_suite} config optionsTyson Whitehead2011-01-209-1/+87
| | | | Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* Fix return value checkSumit Bose2011-01-191-2/+2
|
* Fix incorrect example fileStephen Gallagher2011-01-191-8/+7
| | | | | | | The example sssd.conf still had entry_cache_timeout listed in the [nss] section, and did not have correct values for entry_cache_nowait_percentage (it was listed as entry_cache_nowait_timeout and gave a value in seconds)
* Don't double-sanitize member DNsStephen Gallagher2011-01-191-12/+4
| | | | | | | | | After asking the cache for the list of member DNs for groups during an initgroups request, we were passing it through the sanitization function. Since this had already been done before they were saved to the cache, this meant that it was corrupting the results. It is safe to pass the returned DN directly into the sysdb_group_dn_name() function.
* Use DEFAULT_PAM_VERBOSITY if config value cannot be retrievedSumit Bose2011-01-191-1/+1
|
* Add pam_pwd_expiration_warning config optionSumit Bose2011-01-195-12/+68
|
* Add ipa_hbac_search_base config optionSumit Bose2011-01-197-54/+58
|
* Add LDAP expire policy base RHDS/IPA attributeSumit Bose2011-01-199-4/+76
| | | | | The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
* Add LDAP expire policy based on AD attributesSumit Bose2011-01-199-4/+141
| | | | | | The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
* Remove support for pre-1.1 netlinkStephen Gallagher2011-01-173-61/+27
| | | | | | | Netlink 1.0 and older is buggy and unreliable, occasionally causing tight-loops. We're no longer going to try to support it. https://fedorahosted.org/sssd/ticket/755
generated by cgit (git 2.34.1) at 2024-05-25 13:59:40 +0000