sssd.git/src/providers/ldap/sdap_async_groups.c, branch subdommem System Security Services Daemon [okos' clone] LDAP: Use domain-specific name where appropriate 2013-07-24T11:52:33+00:00 Jakub Hrozek jhrozek@redhat.com 2013-07-23T10:55:25+00:00 bfd59d1a2d0d45125e5164ef12c425690d519f61 The subdomain users user FQDN in their name attribute. However, handling of whether to use FQDN in the LDAP code was not really good. This patch introduces a utility function and converts code that was relying on user/group names matching to this utility function. This is a temporary fix until we can refactor the sysdb API in #2011. 
The subdomain users user FQDN in their name attribute. However, handling
of whether to use FQDN in the LDAP code was not really good. This patch
introduces a utility function and converts code that was relying on
user/group names matching to this utility function.

This is a temporary fix until we can refactor the sysdb API in #2011.
Replace SDAP_ID_MAPPING checks with sdap_idmap_domain_has_algorithmic_mapping 2013-06-28T18:20:59+00:00 Sumit Bose sbose@redhat.com 2013-06-12T13:47:26+00:00 b56b06e199f15a8a840b36bc7cb8010e39ae761d Currently the decision if external or algorithmic mapping should be used in the LDAP or AD provider was based on the value of the ldap_id_mapping config option. Since now all information about ID mapping is handled by libsss_idmap the check for this options can be replace with a call which checks the state via libss_idmap. https://fedorahosted.org/sssd/ticket/1961 
Currently the decision if external or algorithmic mapping should be used
in the LDAP or AD provider was based on the value of the ldap_id_mapping
config option. Since now all information about ID mapping is handled by
libsss_idmap the check for this options can be replace with a call which
checks the state via libss_idmap.

https://fedorahosted.org/sssd/ticket/1961
LDAP: store FQDNs for trusted users and groups 2013-06-06T22:14:13+00:00 Jakub Hrozek jhrozek@redhat.com 2013-05-28T22:56:53+00:00 3ca846cfb59dee6e20b94c4aee2716f1a20ebd3a Because the NSS responder expects the name attribute to contain FQDN, we must save the name as FQDN in the LDAP provider if the domain we save to is a subdomain. 
Because the NSS responder expects the name attribute to contain FQDN,
we must save the name as FQDN in the LDAP provider if the domain we save
to is a subdomain.
LDAP: new SDAP domain structure 2013-06-06T22:14:13+00:00 Jakub Hrozek jhrozek@redhat.com 2013-05-27T06:48:02+00:00 749cfb5d3270b5daf389d51a0dbd3fd2aec6e05d Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain. 
Previously an sdap_id_ctx was always tied to one domain with a single
set of search bases. But with the introduction of Global Catalog
lookups, primary domain and subdomains might have different search
bases.

This patch introduces a new structure sdap_domain that contains an sssd
domain or subdomain and a set of search bases. With this patch, there is
only one sdap_domain that describes the primary domain.
Fixing critical format string issues. 2013-05-20T20:37:25+00:00 Lukas Slebodnik lslebodn@redhat.com 2013-05-17T15:36:38+00:00 7486dea9f5f7b2a6fbbacc6db740a82140b6377c --missing arguments. --format '%s', but argument is integer. --wrong format string, examle: '%\n' 
--missing arguments.
--format '%s', but argument is integer.
--wrong format string, examle: '%\n'
LDAP: always store SID if available 2013-05-02T17:33:56+00:00 Sumit Bose sbose@redhat.com 2013-04-19T10:22:03+00:00 1ae6d34788fd6ac2278be52b60d77c77073d98f3 Currently the string representation of a SID is only stored in the cache for debugging purpose if SID based ID-mapping is used. This patch unconditionally stores the SID if available to allow SID-to-name mappings from the cache. 
Currently the string representation of a SID is only stored in the cache
for debugging purpose if SID based ID-mapping is used. This patch
unconditionally stores the SID if available to allow SID-to-name
mappings from the cache.
LDAP: do not invalidate pointer with realloc while processing ghost users 2013-04-19T12:04:25+00:00 Jakub Hrozek jhrozek@redhat.com 2013-04-12T10:01:01+00:00 d2e8ad3f8fcb3dcabb56ce9b5e7fada6800cfc77 https://fedorahosted.org/sssd/ticket/1799 One peculiarity of the sysdb_attrs_get_el interface is that if the attribute does not exist, then the attrs array is reallocated and the element is created. But in case other pointers are already pointing into the array, the realloc might invalidate them. Such case was in the sdap_process_ghost_members function where if the group had no members, the "gh" pointer requested earlier might have been invalidated by the realloc in order to create the member element. 
https://fedorahosted.org/sssd/ticket/1799

One peculiarity of the sysdb_attrs_get_el interface is that if the
attribute does not exist, then the attrs array is reallocated and the
element is created. But in case other pointers are already pointing
into the array, the realloc might invalidate them.

Such case was in the sdap_process_ghost_members function where if
the group had no members, the "gh" pointer requested earlier might have
been invalidated by the realloc in order to create the member element.
refactor nested group processing: replace old code 2013-04-02T13:33:03+00:00 Pavel Březina pbrezina@redhat.com 2013-02-18T09:28:07+00:00 755aee449c6311518200c2f11c1aae329a19b038 https://fedorahosted.org/sssd/ticket/1784 
https://fedorahosted.org/sssd/ticket/1784
LDAP: If deref search fails, try again without deref 2013-03-21T16:58:05+00:00 Jan Cholasta jcholast@redhat.com 2012-11-22T11:21:52+00:00 4709ff46db0dbe073aef061b796d2fd7adeaf18f https://fedorahosted.org/sssd/ticket/1660 
https://fedorahosted.org/sssd/ticket/1660
Fix initialization of multiple variables 2013-03-13T18:44:20+00:00 Ondrej Kos okos@redhat.com 2013-03-12T12:05:09+00:00 9f37bb2012faa136ef7c1f9fe93689ce2be85637