sssd.git/src/providers/ldap/sdap_async_initgroups.c, branch subdommem System Security Services Daemon [okos' clone] LDAP: Use domain-specific name where appropriate 2013-07-24T11:52:33+00:00 Jakub Hrozek jhrozek@redhat.com 2013-07-23T10:55:25+00:00 bfd59d1a2d0d45125e5164ef12c425690d519f61 The subdomain users user FQDN in their name attribute. However, handling of whether to use FQDN in the LDAP code was not really good. This patch introduces a utility function and converts code that was relying on user/group names matching to this utility function. This is a temporary fix until we can refactor the sysdb API in #2011. 
The subdomain users user FQDN in their name attribute. However, handling
of whether to use FQDN in the LDAP code was not really good. This patch
introduces a utility function and converts code that was relying on
user/group names matching to this utility function.

This is a temporary fix until we can refactor the sysdb API in #2011.
Replace SDAP_ID_MAPPING checks with sdap_idmap_domain_has_algorithmic_mapping 2013-06-28T18:20:59+00:00 Sumit Bose sbose@redhat.com 2013-06-12T13:47:26+00:00 b56b06e199f15a8a840b36bc7cb8010e39ae761d Currently the decision if external or algorithmic mapping should be used in the LDAP or AD provider was based on the value of the ldap_id_mapping config option. Since now all information about ID mapping is handled by libsss_idmap the check for this options can be replace with a call which checks the state via libss_idmap. https://fedorahosted.org/sssd/ticket/1961 
Currently the decision if external or algorithmic mapping should be used
in the LDAP or AD provider was based on the value of the ldap_id_mapping
config option. Since now all information about ID mapping is handled by
libsss_idmap the check for this options can be replace with a call which
checks the state via libss_idmap.

https://fedorahosted.org/sssd/ticket/1961
LDAP: return sdap search return code to ID 2013-06-06T22:14:13+00:00 Jakub Hrozek jhrozek@redhat.com 2013-06-04T13:15:24+00:00 ca344fdecdf127c80ad1074047aeba21e1165313 By default, the LDAP searches delete the entry from cache if it wasn't found during a search. But if a search wants to try both Global Catalog and LDAP, for example, it might be beneficial to have an option to only delete the entry from cache after the last operation fails to prevent unnecessary memberof operations for example. 
By default, the LDAP searches delete the entry from cache if it wasn't
found during a search. But if a search wants to try both Global Catalog
and LDAP, for example, it might be beneficial to have an option to only
delete the entry from cache after the last operation fails to prevent
unnecessary memberof operations for example.
LDAP: new SDAP domain structure 2013-06-06T22:14:13+00:00 Jakub Hrozek jhrozek@redhat.com 2013-05-27T06:48:02+00:00 749cfb5d3270b5daf389d51a0dbd3fd2aec6e05d Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain. 
Previously an sdap_id_ctx was always tied to one domain with a single
set of search bases. But with the introduction of Global Catalog
lookups, primary domain and subdomains might have different search
bases.

This patch introduces a new structure sdap_domain that contains an sssd
domain or subdomain and a set of search bases. With this patch, there is
only one sdap_domain that describes the primary domain.
LDAP: Pass in a connection to ID functions 2013-06-06T22:14:13+00:00 Jakub Hrozek jhrozek@redhat.com 2013-05-22T23:15:02+00:00 9aa117a93e315f790a1922d9ac7bd484878b621e Instead of using the default connection from the sdap_id_ctx, allow the caller to specify which connection shall be used for this particular request. Again, no functional change is present in this patch, just another parameter is added. 
Instead of using the default connection from the sdap_id_ctx, allow the
caller to specify which connection shall be used for this particular
request. Again, no functional change is present in this patch, just
another parameter is added.
LDAP: If deref search fails, try again without deref 2013-03-21T16:58:05+00:00 Jan Cholasta jcholast@redhat.com 2012-11-22T11:21:52+00:00 4709ff46db0dbe073aef061b796d2fd7adeaf18f https://fedorahosted.org/sssd/ticket/1660 
https://fedorahosted.org/sssd/ticket/1660
ldap: Fallback option for rfc2307 schema 2013-03-20T10:49:50+00:00 Simo Sorce simo@redhat.com 2013-03-15T19:27:31+00:00 fae99bfe4bfc8b4a12e9c2a0ad01b3684c22f934 Add option to fallback to fetch local users if rfc2307is being used. This is useful for cases where people added local users as LDAP members and rely on these group memberships to be maintained on the local host. Disabled by default as it violates identity domain separation. Ticket: https://fedorahosted.org/sssd/ticket/1020 
Add option to fallback to fetch local users if rfc2307is being used.
This is useful for cases where people added local users as LDAP members
and rely on these group memberships to be maintained on the local host.

Disabled by default as it violates identity domain separation.

Ticket:
https://fedorahosted.org/sssd/ticket/1020
Removing unused declaration of functions and variable. 2013-03-19T13:13:50+00:00 Lukas Slebodnik lslebodn@redhat.com 2013-03-13T12:34:40+00:00 1f469537545a20b62cb35966033be24e1c0cae39 Variables dir_cc and file_cc are used in three modules: krb5_common.c, krb5_utils.c, krb5_child-test.c, therefore should be declared with extern in krb5_utils.h. 
Variables dir_cc and file_cc are used in three
modules: krb5_common.c, krb5_utils.c, krb5_child-test.c, therefore should be
declared with extern in krb5_utils.h.
Fix initialization of multiple variables 2013-03-13T18:44:20+00:00 Ondrej Kos okos@redhat.com 2013-03-12T12:05:09+00:00 9f37bb2012faa136ef7c1f9fe93689ce2be85637 






Remove sysdb as a be context structure member
2013-01-21T21:17:33+00:00

Simo Sorce
simo@redhat.com

2013-01-09T21:23:25+00:00

df0596ec12bc5091608371e2977f3111241e8caf

The sysdb context is already available through the 'domain' structure.





The sysdb context is already available through the 'domain' structure.