sssd.git/src/db/sysdb.h, branch token3

DB: Add user/group lookup by SID

2013-09-10T12:01:24+00:00

SYSDB: Store enumerate flag for subdomain

2013-08-28T16:06:57+00:00

DB: remove unused realm parameter from sysdb_master_domain_add_info

2013-08-28T16:05:02+00:00

The parameter was not used at all.

ipa-server-mode: add IPA group memberships to AD users

2013-08-28T15:30:07+00:00

When IPA trusts an AD domain the AD user or groups can be placed into
IPA groups e.g. to put AD users under the control of HBAC. Since IPA
group can only have members from the IPA directory tree and the AD users
and groups are not stored there a special IPA object called external
group was introduced. SIDs of users and groups can be added to the
external group and since the external groups are in the IPA directory
tree they can be member of IPA groups.

To speed things up and to remove some load from the IPA servers SSSD
reads all external groups and stores them in memory for some time before
rereading the data.

Enhances https://fedorahosted.org/sssd/ticket/1962

sysdb_add_incomplete_group: store SID string is available

2013-08-19T20:32:34+00:00

During initgroups request we read the SID of a group from the server but
do not save it to the cache. This patch fixes this and might help to
avoid an additional lookup of the SID later.

fill_initgr: add original primary GID if available

2013-08-19T10:53:49+00:00

In some cases when MPG domains are used the information about the
original primary group of a user cannot be determined by looking at
the explicit group memberships. In those cases the GID related to the
original primary group is stored in a special attribute of the user
object.

This patch adds the GID of the original primary group when available and
needed.

Fixes https://fedorahosted.org/sssd/ticket/2027

sdap_save_user: save original primary GID of subdomain users

2013-08-19T10:53:49+00:00

If ID mapping is enabled we use magic private groups (MPG) for
subdomains, i.e. the UID and the primary GID of the user will have the
same numerical value. As a consequence the information about the
original primary group might get lost because neither in AD domains nor
on a typical UNIX system the user is an explicit member of it's primary
group.

With this patch the mapped GID or the original primary group is saved in
the cached user object under a new attribute.

Fixes https://fedorahosted.org/sssd/ticket/2027

Save mpg state for subdomains

2013-06-28T18:20:59+00:00

The information of a subdomain will use magic private groups (mpg) or
not will be stored together with other information about the domain in
the cache.

Add support for new ipaRangeType attribute

2013-06-28T18:20:59+00:00

Recent versions of FreeIPA support a range type attribute to allow
different type of ranges for sub/trusted-domains. If the attribute is
available it will be used, if not the right value is determined with the
help of the other idrange attributes.

Fixes https://fedorahosted.org/sssd/ticket/1961

Read SIDs of groups with sysdb_initgroups() as well

2013-06-06T21:58:56+00:00