sssd.git/src/providers/ldap, branch master Unnamed repository; edit this file 'description' to name the repository. DYNDNS: use realm and server commands only as fallback 2015-10-05T18:59:44+00:00 Pavel Reichl preichl@redhat.com 2015-07-23T14:51:50+00:00 12a1c64105ff56b39e197264fec2d9aba6b84185 Resolves: https://fedorahosted.org/sssd/ticket/2495 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Resolves:
https://fedorahosted.org/sssd/ticket/2495

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SDAP: fix minor memory leak 2015-10-02T10:50:37+00:00 Pavel Reichl preichl@redhat.com 2015-09-04T11:04:10+00:00 3fa03d5816d6a401d8e894b77236d3cfd95dbd96 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
SDAP: Relax POSIX check 2015-10-02T10:38:18+00:00 Pavel Reichl preichl@redhat.com 2015-09-22T08:41:18+00:00 6735c0451d4e80d7cd4b480a8c1f7dafb2b536ea Relax the check on UID or GID just to check if at least one of them is present but do not require them to be positive numbers. Add requirement on objectclass attributes to be user or group to make check more reliable. Resolves: https://fedorahosted.org/sssd/ticket/2800 
Relax the check on UID or GID just to check if at least one of them is
present but do not require them to be positive numbers.

Add requirement on objectclass attributes to be user or group to make
check more reliable.

Resolves:
https://fedorahosted.org/sssd/ticket/2800
DDNS: execute nsupdate for single update of PTR rec 2015-09-22T12:51:22+00:00 Pavel Reichl preichl@redhat.com 2015-09-12T13:09:35+00:00 eeac17ebbe38f16deaa8599231cccfc97aaac85c nsupdate fails definitely if any of update request fails when GSSAPI is used. As tmp solution nsupdate is executed for each update. Resolves: https://fedorahosted.org/sssd/ticket/2783 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
nsupdate fails definitely if any of update request fails when GSSAPI is used.

As tmp solution nsupdate is executed for each update.

Resolves:
https://fedorahosted.org/sssd/ticket/2783

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
LDAP: Filter out multiple entries when searching overlapping domains 2015-09-22T11:46:02+00:00 Jakub Hrozek jhrozek@redhat.com 2015-09-04T16:45:45+00:00 fb83de0699b16e7d8eca803305e2112795807b4c In case domain overlap, we might download multiple objects. To avoid saving them all, we attempt to filter out the objects from foreign domains. We can only do this optimization for non-wildcard lookups. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
In case domain overlap, we might download multiple objects. To avoid
saving them all, we attempt to filter out the objects from foreign
domains.

We can only do this optimization for non-wildcard lookups.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
LDAP: Move sdap_create_search_base from ldap to sdap code 2015-09-22T11:46:00+00:00 Jakub Hrozek jhrozek@redhat.com 2015-09-16T13:28:54+00:00 cf66c53e46fad46f47489f43265c58004e0e39d4 The function shouldn't be placed in the LDAP tree, but in the SDAP tree to make it usable from tests without linking to libraries that are normally linked from LDAP provider (such as confdb) Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
The function shouldn't be placed in the LDAP tree, but in the SDAP tree
to make it usable from tests without linking to libraries that are
normally linked from LDAP provider (such as confdb)

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
LDAP: imposing sizelimit=1 for single-entry searches breaks overlapping domains 2015-09-22T11:45:50+00:00 Jakub Hrozek jhrozek@redhat.com 2015-07-21T19:00:27+00:00 67625b1b4f856510bf4e169649b3fb30c2c14152 https://fedorahosted.org/sssd/ticket/2723 In case there are overlapping sdap domains, a search for a single user might match and return multiple entries. For instance, with AD domains represented by search bases: DC=win,DC=trust,DC=test DC=child,DC=win,DC=trust,DC=test A search for user from win.trust.test would be based at: DC=win,DC=trust,DC=test but would match both search bases and return both users. Instead of performing complex filtering, just save both users. The responder would select the entry that matches the user's search. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
https://fedorahosted.org/sssd/ticket/2723

In case there are overlapping sdap domains, a search for a single user
might match and return multiple entries. For instance, with AD domains
represented by search bases:
    DC=win,DC=trust,DC=test
    DC=child,DC=win,DC=trust,DC=test

A search for user from win.trust.test would be based at:
    DC=win,DC=trust,DC=test
but would match both search bases and return both users.

Instead of performing complex filtering, just save both users. The
responder would select the entry that matches the user's search.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
SDAP: Do not set is_offline if ignore_mark_offline is set 2015-09-21T15:04:02+00:00 Jakub Hrozek jhrozek@redhat.com 2015-09-02T11:40:48+00:00 0561d532cf76b035b73cfed929a6896071dac407 Required for: https://fedorahosted.org/sssd/ticket/2637 The caller of the sdap_id_op requests can set the ignore_mark_offline flag to avoid the sdap_id_op from marking the whole back end as offline. However, there was a small bug - the is_offline internal sdap_id_op flag was still being set. As a consequence, the error code from the connection was ignored and EAGAIN was always returned. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Required for:
https://fedorahosted.org/sssd/ticket/2637

The caller of the sdap_id_op requests can set the ignore_mark_offline
flag to avoid the sdap_id_op from marking the whole back end as offline.

However, there was a small bug - the is_offline internal sdap_id_op flag
was still being set. As a consequence, the error code from the
connection was ignored and EAGAIN was always returned.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
LDAP: Sanitize group dn before using in filter 2015-09-18T15:20:42+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-09-01T04:58:50+00:00 6cb5bad3c8e2f35ca9dce1800a506d626f90c079 Each string should be sanitized(rfc4515) before using ldbsearch. A group dn was not sanitized in the function cleanup_groups. Resolves: https://fedorahosted.org/sssd/ticket/2744 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Each string should be sanitized(rfc4515) before using ldbsearch.
A group dn was not sanitized in the function cleanup_groups.

Resolves:
https://fedorahosted.org/sssd/ticket/2744

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Partially revert "LDAP: sanitize group name when used in filter" 2015-09-18T15:20:40+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-09-01T06:26:00+00:00 3d8b576bf49a79d5776574b96c6ef9535bbc46ac This reverts commit e2e334b2f51118cb14c7391c4e4e44ff247ef638. + temporary disable unit test Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
This reverts commit e2e334b2f51118cb14c7391c4e4e44ff247ef638.
+ temporary disable unit test

Reviewed-by: Pavel Březina <pbrezina@redhat.com>