sssd.git/src/providers/ldap/sdap_async_users.c, branch subdommem System Security Services Daemon [okos' clone] LDAP: Use domain-specific name where appropriate 2013-07-24T11:52:33+00:00 Jakub Hrozek jhrozek@redhat.com 2013-07-23T10:55:25+00:00 bfd59d1a2d0d45125e5164ef12c425690d519f61 The subdomain users user FQDN in their name attribute. However, handling of whether to use FQDN in the LDAP code was not really good. This patch introduces a utility function and converts code that was relying on user/group names matching to this utility function. This is a temporary fix until we can refactor the sysdb API in #2011. 
The subdomain users user FQDN in their name attribute. However, handling
of whether to use FQDN in the LDAP code was not really good. This patch
introduces a utility function and converts code that was relying on
user/group names matching to this utility function.

This is a temporary fix until we can refactor the sysdb API in #2011.
Replace SDAP_ID_MAPPING checks with sdap_idmap_domain_has_algorithmic_mapping 2013-06-28T18:20:59+00:00 Sumit Bose sbose@redhat.com 2013-06-12T13:47:26+00:00 b56b06e199f15a8a840b36bc7cb8010e39ae761d Currently the decision if external or algorithmic mapping should be used in the LDAP or AD provider was based on the value of the ldap_id_mapping config option. Since now all information about ID mapping is handled by libsss_idmap the check for this options can be replace with a call which checks the state via libss_idmap. https://fedorahosted.org/sssd/ticket/1961 
Currently the decision if external or algorithmic mapping should be used
in the LDAP or AD provider was based on the value of the ldap_id_mapping
config option. Since now all information about ID mapping is handled by
libsss_idmap the check for this options can be replace with a call which
checks the state via libss_idmap.

https://fedorahosted.org/sssd/ticket/1961
LDAP: Do not store separate GID for subdomain users 2013-06-06T22:14:13+00:00 Jakub Hrozek jhrozek@redhat.com 2013-05-29T14:01:23+00:00 d27d7f2c270b69d0805633c4bedcf6d806acd5cd As the subdomains are MPG domains, we don't want to store a separate GID for the subdomain users, but rather just create a UPG. 
As the subdomains are MPG domains, we don't want to store a separate GID
for the subdomain users, but rather just create a UPG.
Split generating primary GID for ID mapped users into a separate function 2013-06-06T22:14:13+00:00 Jakub Hrozek jhrozek@redhat.com 2013-05-29T13:51:38+00:00 a79c0a639c4ab26eacbc29f9f42bc95421e33f6e Move the part of sdap_save_user into a separate function so that it can be special cased an only called for users in primary domains, not subdomain users. 
Move the part of sdap_save_user into a separate function so that it can
be special cased an only called for users in primary domains, not
subdomain users.
LDAP: store FQDNs for trusted users and groups 2013-06-06T22:14:13+00:00 Jakub Hrozek jhrozek@redhat.com 2013-05-28T22:56:53+00:00 3ca846cfb59dee6e20b94c4aee2716f1a20ebd3a Because the NSS responder expects the name attribute to contain FQDN, we must save the name as FQDN in the LDAP provider if the domain we save to is a subdomain. 
Because the NSS responder expects the name attribute to contain FQDN,
we must save the name as FQDN in the LDAP provider if the domain we save
to is a subdomain.
LDAP: always store SID if available 2013-05-02T17:33:56+00:00 Sumit Bose sbose@redhat.com 2013-04-19T10:22:03+00:00 1ae6d34788fd6ac2278be52b60d77c77073d98f3 Currently the string representation of a SID is only stored in the cache for debugging purpose if SID based ID-mapping is used. This patch unconditionally stores the SID if available to allow SID-to-name mappings from the cache. 
Currently the string representation of a SID is only stored in the cache
for debugging purpose if SID based ID-mapping is used. This patch
unconditionally stores the SID if available to allow SID-to-name
mappings from the cache.
ldap: Fallback option for rfc2307 schema 2013-03-20T10:49:50+00:00 Simo Sorce simo@redhat.com 2013-03-15T19:27:31+00:00 fae99bfe4bfc8b4a12e9c2a0ad01b3684c22f934 Add option to fallback to fetch local users if rfc2307is being used. This is useful for cases where people added local users as LDAP members and rely on these group memberships to be maintained on the local host. Disabled by default as it violates identity domain separation. Ticket: https://fedorahosted.org/sssd/ticket/1020 
Add option to fallback to fetch local users if rfc2307is being used.
This is useful for cases where people added local users as LDAP members
and rely on these group memberships to be maintained on the local host.

Disabled by default as it violates identity domain separation.

Ticket:
https://fedorahosted.org/sssd/ticket/1020
Add domain argument to sysdb_store_user() 2013-01-15T09:53:01+00:00 Simo Sorce simo@redhat.com 2013-01-08T01:03:33+00:00 6ac396bebb4cd3124711d26dce54263f6f9c7c45 Also remove sysdb_store_domuser() 
Also remove sysdb_store_domuser()
AD: replace GID/UID, do not add another one 2013-01-09T16:59:23+00:00 Jakub Hrozek jhrozek@redhat.com 2013-01-06T15:04:32+00:00 f9f74a587c8e96dcf90214c760022684afc8bef7 The code would call sysdb_attrs_add_uint32 which added another UID or GID to the ID=0 we already downloaded from LDAP (0 is the default value) when ID-mapping an entry. This led to funky behaviour later on when we wanted to process the ID. 
The code would call sysdb_attrs_add_uint32 which added another UID or GID
to the ID=0 we already downloaded from LDAP (0 is the default value) when
ID-mapping an entry. This led to funky behaviour later on when we wanted
to process the ID.
idmap: Silence DEBUG messages when dealing with built-in SIDs. 2012-11-28T10:20:09+00:00 Michal Zidek mzidek@redhat.com 2012-11-14T14:36:22+00:00 d6f283302268520c1506fb3da4f2a22f5a741be5 When converting built-in SID to unix GID/UID a confusing debug message about the failed conversion was printed. This patch special cases these built-in objects. https://fedorahosted.org/sssd/ticket/1593 
When converting built-in SID to unix GID/UID a confusing debug
message about the failed conversion was printed. This patch special
cases these built-in objects.

https://fedorahosted.org/sssd/ticket/1593