| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Resolves ticket #25
|
| |
|
|
| |
Resolves ticket #26
|
| |
|
|
|
|
|
|
| |
The fake_mname option is optional and will cause the LDAP driver to
ignore idnsSOAmName LDAP attribute and use the value of this option
instead.
Resolves ticket #17
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
We only did a new ldap bind with the old ldap handle, which didn't work.
We fix this by getting rid of the old handle and do a brand new init and
bind.
Resolves ticket #20
|
| |
|
|
|
| |
When destroying an ldap instance we didn't destroy the sasl_realm
setting string.
|
| |
|
|
|
|
| |
The search filter for active zones used value "True" for attribute
"idnsZoneActive". This is incorrect according to section 6.4 of RFC 2252
which states that boolean syntax is either "TRUE" or "FALSE".
|
| |
|
|
|
| |
Allow publishing the code under GPL version 2 or later. Before that, we
only allowed to use version 2.
|
| |
|
|
|
|
|
|
| |
* Change the default authentication method to GSSAPI
* Add "sasl_auth_name" setting for SASL_CB_AUTHNAME
* Add "sasl_password" setting for SASL_CB_PASS to be used instead of
ordinary password, which will now be only used for simple
authentication
|
| |
|
|
| |
Mostly adding logging statements and removing some olds stuff.
|
| |
|
|
|
|
|
|
| |
If the initial search fails to find any zones, destroy the database
instance, but return ISC_R_SUCCESS to BIND, since this is not
technically a fault because of which BIND should abort. We do this
because there is no point in refreshing zones if there are not any and
it is not possible to add them later.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original intent was to add and remove zones periodically, based on
changes in the LDAP database. It seems, however, that this is not
possible with the way BIND views are working. Each view can have zones
added during the configuration phase, but not after that. Luckily, we
can at least change their SSU table without the need to reload named.
This commit also has some changes to the function interfaces and makes
the whole thing a lot simpler. Creation of the ldap instances and cache
instances is now left on the zone manager. Additionally, we now put view
and zonemgr pointers right into into the ldap instance. This makes the
API for refresh_zones_from_ldap() and create_zone() much more simpler.
|
| |
|
|
|
|
|
|
|
|
|
| |
Moving the zone registration into a separate file will make the code
more modular and easier to read and change. Also, we are preparing the
refresh_zones_from_ldap() function for it's intended purpose of being
able to add zones and later modify them if something has changed.
Unfortunately, we will only be able to change some of the zone
attributes (for now the update policy). We will not be able to create
new zones as they are added to LDAP because that requires a reload of
the name server.
|
| |
|
|
|
|
|
|
|
| |
Since the SOA record is special for us, as we store it in multiple LDAP
attributes, it was ignored until now. This is now fixed, but we only
allow changes to the numeric attributes: serial, refresh, retry, expire
and minimum.
Resolves ticket #5
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Until now, we only used ldap_modify_ext_s() when adding a new record.
This is not right, because the label might have not existed before. We
solve this now by checking for LDAP_NO_SUCH_OBJECT error and using
ldap_add_ext_s() if needed.
Partially resolves ticket #1
|
| |
|
|
|
|
| |
The ISC_FORMAT_PRINTF() macro will make sure that gcc checks if these
functions are used correctly. Also fix bugs that were found along the
way.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Equivalent to:
s/new_ldap_db/new_ldap_instance/
s/destroy_ldap_db/destroy_ldap_instance/
s/manager_get_ldap_db_and_cache/manager_get_ldap_instance_and_cache/
s/ldap_db_t/ldap_instance_t/
s/ldap_db/ldap_db/
|
| |
|
|
|
|
|
|
|
| |
Equivalent to:
s/ldap_instance/ldap_connection
s/ldap_inst/ldap_conn
This commit starts a series of larger code refactoring effort. More
changes and renames will follow.
|
| |
|
|
|
| |
Use mutex to serialize kinit.
Reuse existing valid creedentials if any.
|
| |
|
|
| |
A bit hackish, but it does the job.
|
| | |
|
| |
|
|
|
|
| |
Still requires a manual kinit as the named user.
also requires to set the sasl user in named.conf
ex: arg "sasl_user DNS/ipaserver.example.com";
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|
|
All source files are now moved to src/ and the old Makefile is removed.
|
