sssd.git/src/config, branch token2

Add a new option to control subdomain enumeration

2013-08-28T16:07:04+00:00

IPA: Add a server mode option

2013-06-28T20:22:20+00:00

https://fedorahosted.org/sssd/ticket/1993

SSSD needs to know that it is running on an IPA server and should not
look up trusted users and groups with the help of the extdom plugin
but do the lookups on its own. For this a new boolean configuration
option, is introduced which defaults to false but is set to true during
ipa-server-install or during updates of the FreeIPA server if it is not
already set.

Add now options ldap_min_id and ldap_max_id

2013-06-28T18:20:59+00:00

Currently the range for Posix IDs stored in an LDAP server is unbound.
This might lead to conflicts in a setup with AD and trusts when the
configured domain uses IDs from LDAP. With the two noe options this
conflict can be avoided.

A new option krb5_use_kdcinfo

2013-06-10T19:03:01+00:00

https://fedorahosted.org/sssd/ticket/1883

The patch introduces a new Kerberos provider option called
krb5_use_kdcinfo. The option is true by default in all providers. When
set to false, the SSSD will not create krb5 info files that the locator
plugin consumes and the user would have to set up the Kerberos options
manually in krb5.conf

back end: add refresh expired records periodic task

2013-06-10T18:30:57+00:00

https://fedorahosted.org/sssd/ticket/1713

Add new option refresh_expired_interval.

Add a domain config attribute for realmd

2013-05-23T17:55:43+00:00

realmd needs to be able to tag various domains with basic info
when it configures a domain.

Add 'description' attribute to SSSDConfig API

2013-05-23T15:06:23+00:00

It was mentioned in the manpages, but not accepted by the API

Adding option to disable retrieving large AD groups.

2013-05-23T09:45:38+00:00

This commit adds new option ldap_disable_range_retrieval with default value
FALSE. If this option is enabled, large groups(>1500) will not be retrieved and
behaviour will be similar like was before commit ae8d047122c
"LDAP: Handle very large Active Directory groups"

https://fedorahosted.org/sssd/ticket/1823

AD: read flat name and SID of the AD domain

2013-05-07T12:12:06+00:00

For various features either the flat/short/NetBIOS domain name or the
domain SID is needed. Since the responders already try to do a subdomain
lookup when and known domain name is encountered I added a subdomain
lookup to the AD provider which currently only reads the SID from the
base DN and the NetBIOS name from a reply of a LDAP ping. The results
are written to the cache to have them available even if SSSD is started
in offline mode. Looking up trusted domains can be added later.

Since all the needed responder code is already available from the
corresponding work for the IPA provider this patch fixes

https://fedorahosted.org/sssd/ticket/1468

dyndns: new option dyndns_auth

2013-05-03T18:25:46+00:00

This options is mostly provided for future expansion. Currently it is
undocumented and both IPA and AD dynamic DNS updates default to
GSS-TSIG. Allowed values are GSS-TSIG and none.