sssd.git/src/providers/ipa, branch saveldapsid System Security Services Daemon [okos' clone] Fix the default FQDN format 2013-07-19T15:49:43+00:00 Jakub Hrozek jhrozek@redhat.com 2013-07-19T15:28:26+00:00 d5e8c3a1290d68d07362a119e63121156ad448df Commit 52ae806bd17c3c00d70bd1aed437f10f5ae51a1c changed the default FQDN format by accident to the one we only ever user internally. This commit fixes the mistake. 
Commit 52ae806bd17c3c00d70bd1aed437f10f5ae51a1c changed the default FQDN
format by accident to the one we only ever user internally. This commit
fixes the mistake.
IPA: warn if full_name_format is customized in server mode 2013-07-19T11:47:05+00:00 Jakub Hrozek jhrozek@redhat.com 2013-07-12T13:19:02+00:00 52ae806bd17c3c00d70bd1aed437f10f5ae51a1c https://fedorahosted.org/sssd/ticket/2009 If the IPA server mode is on and the SSSD is running on the IPA server, then the server's extdom plugin calls getpwnam_r to read info about trusted users from the AD server and return them to the clients that called the extended operation. The SSSD returns the subdomain users fully-qualified, ie "user@domain" by default. The format of the fully qualified name is configurable. However, the extdom plugin returns the user name without the domain component. With this patch, when ipa_server_mode is on, warn if the full_name_format is set to a non-default value. That would prompt the admin to change the format if he changed it to something exotic. 
https://fedorahosted.org/sssd/ticket/2009

If the IPA server mode is on and the SSSD is running on the IPA server,
then the server's extdom plugin calls getpwnam_r to read info about trusted
users from the AD server and return them to the clients that called the
extended operation.

The SSSD returns the subdomain users fully-qualified, ie "user@domain"
by default. The format of the fully qualified name is configurable.

However, the extdom plugin returns the user name without the domain
component.

With this patch, when ipa_server_mode is on, warn if the full_name_format
is set to a non-default value. That would prompt the admin to change the
format if he changed it to something exotic.
IPA: Look up AD users directly if IPA server mode is on 2013-06-28T20:22:20+00:00 Jakub Hrozek jhrozek@redhat.com 2013-06-19T08:51:19+00:00 3d28e0e560b787b5c57ed7327d184310342a7e38 https://fedorahosted.org/sssd/ticket/1962 If the ipa_server_mode is selected IPA subdomain user and group lookups are not done with the help of the extdom plugin but directly against AD using the AD ID code. 
https://fedorahosted.org/sssd/ticket/1962

If the ipa_server_mode is selected IPA subdomain user and group lookups
are not done with the help of the extdom plugin but directly against AD
using the AD ID code.
IPA: Create and remove AD id_ctx for subdomains discovered in server mode 2013-06-28T20:22:20+00:00 Jakub Hrozek jhrozek@redhat.com 2013-06-19T11:20:50+00:00 418e6ccd116eced7ccc75aca999a4c37c67289ba When IPA server mode is on, then this patch will create an ad_id_ctx for each subdomain discovered in IPA provider. The ID context is needed to perform direct lookups using the AD provider. Subtask of: https://fedorahosted.org/sssd/ticket/1962 
When IPA server mode is on, then this patch will create an ad_id_ctx for
each subdomain discovered in IPA provider. The ID context is needed to
perform direct lookups using the AD provider.

Subtask of:
https://fedorahosted.org/sssd/ticket/1962
IPA: Initialize server mode ctx if server mode is on 2013-06-28T20:22:20+00:00 Jakub Hrozek jhrozek@redhat.com 2013-06-19T08:50:44+00:00 f8a4a5f6240156809e1b5ef03816f673281e3fa0 This patch introduces a new structure that holds information about a subdomain and its ad_id_ctx. This structure will be used only in server mode to make it possible to search subdomains with a particular ad_id_ctx. Subtask of: https://fedorahosted.org/sssd/ticket/1962 
This patch introduces a new structure that holds information about a
subdomain and its ad_id_ctx. This structure will be used only in server
mode to make it possible to search subdomains with a particular
ad_id_ctx.

Subtask of:
https://fedorahosted.org/sssd/ticket/1962
IPA: Add a server mode option 2013-06-28T20:22:20+00:00 Jakub Hrozek jhrozek@redhat.com 2013-06-17T07:32:07+00:00 0249e8d37920f59fd70bdafa4f6706a05ae523c1 https://fedorahosted.org/sssd/ticket/1993 SSSD needs to know that it is running on an IPA server and should not look up trusted users and groups with the help of the extdom plugin but do the lookups on its own. For this a new boolean configuration option, is introduced which defaults to false but is set to true during ipa-server-install or during updates of the FreeIPA server if it is not already set. 
https://fedorahosted.org/sssd/ticket/1993

SSSD needs to know that it is running on an IPA server and should not
look up trusted users and groups with the help of the extdom plugin
but do the lookups on its own. For this a new boolean configuration
option, is introduced which defaults to false but is set to true during
ipa-server-install or during updates of the FreeIPA server if it is not
already set.
Save mpg state for subdomains 2013-06-28T18:20:59+00:00 Sumit Bose sbose@redhat.com 2013-06-27T19:49:26+00:00 09d7c105839bfc7447ea0f766413ed86675ca075 The information of a subdomain will use magic private groups (mpg) or not will be stored together with other information about the domain in the cache. 
The information of a subdomain will use magic private groups (mpg) or
not will be stored together with other information about the domain in
the cache.
IPA: read ranges before subdomains 2013-06-28T18:20:59+00:00 Sumit Bose sbose@redhat.com 2013-06-28T16:44:49+00:00 20ccfd63a17dc15dd24e6543424d86913d511c4b Since FreIPA will start to support external mapping for trusted domains as well the range type for the domain must be know before the domain object is created. The reason is that external mapping will not use magic private groups (mpg) while algorithmic mapping will use them. 
Since FreIPA will start to support external mapping for trusted domains
as well the range type for the domain must be know before the domain
object is created. The reason is that external mapping will not use
magic private groups (mpg) while algorithmic mapping will use them.
Replace new_subdomain() with find_subdomain_by_name() 2013-06-28T18:20:59+00:00 Sumit Bose sbose@redhat.com 2013-06-27T15:07:36+00:00 b8d703cf3aba81800cf1b8ccca64bb00ef0b30f7 new_subdomain() will create a new domain object and should not be used anymore in the priovder code directly. Instead a reference to the domain from the common domain object should be used. 
new_subdomain() will create a new domain object and should not be used
anymore in the priovder code directly. Instead a reference to the domain
from the common domain object should be used.
Add support for new ipaRangeType attribute 2013-06-28T18:20:59+00:00 Sumit Bose sbose@redhat.com 2013-06-14T11:09:00+00:00 5e60c73cb91d1659755fb5ea829837db68d46163 Recent versions of FreeIPA support a range type attribute to allow different type of ranges for sub/trusted-domains. If the attribute is available it will be used, if not the right value is determined with the help of the other idrange attributes. Fixes https://fedorahosted.org/sssd/ticket/1961 
Recent versions of FreeIPA support a range type attribute to allow
different type of ranges for sub/trusted-domains. If the attribute is
available it will be used, if not the right value is determined with the
help of the other idrange attributes.

Fixes https://fedorahosted.org/sssd/ticket/1961