sssd2.git/src/config/SSSDConfig.py, branch sssd-1-2 System Security Services Daemon [okos' clone] Handle (ignore) unknown options in get_domain() and get_service() 2010-06-16T20:22:04+00:00 Stephen Gallagher sgallagh@redhat.com 2010-06-16T18:01:05+00:00 c2a0a5c4b61f1a21bec65d85f50afd6b931e2c1c We will now eliminate any unknown options and providers to guarantee that the domain is safe for use. 
We will now eliminate any unknown options and providers to
guarantee that the domain is safe for use.
Undocument the krb5_changepw_principal option 2010-06-14T20:54:42+00:00 Jakub Hrozek jhrozek@redhat.com 2010-06-10T14:16:24+00:00 efeada8c40ade5e6911fa5b4ba58ce8c720d18f1 Fixes: #531 
Fixes: #531
Remove unused ldap_offline_timeout option 2010-05-18T17:08:37+00:00 Stephen Gallagher sgallagh@redhat.com 2010-05-18T14:17:22+00:00 6663abdda9ce55aace1b19c4170b1153d39136e0 






Add ldap_krb5_ticket_lifetime option
2010-05-16T17:28:43+00:00

Sumit Bose
sbose@redhat.com

2010-05-11T15:51:02+00:00

bc45212faf209b10d2d6eb57e056a5e6f04b0876












Add ldap_access_filter option
2010-05-16T17:28:43+00:00

Stephen Gallagher
sgallagh@redhat.com

2010-05-06T14:09:41+00:00

fa26de3b1a8993a1c5a4b071851e5e5ff7ec2ce6

This option (applicable to access_provider=ldap) allows the admin
to set an additional LDAP search filter that must match in order
for a user to be granted access to the system.

Common examples for this would be limiting access to users by in a
particular group, for example:
ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com





This option (applicable to access_provider=ldap) allows the admin
to set an additional LDAP search filter that must match in order
for a user to be granted access to the system.

Common examples for this would be limiting access to users by in a
particular group, for example:
ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com







Add dynamic DNS updates to FreeIPA
2010-05-07T20:38:24+00:00

Stephen Gallagher
sgallagh@redhat.com

2010-05-02T11:48:26+00:00

f432c0b1875e6167f07bf3e27eaf040a29aae199

This adds two new options:

ipa_dyndns_update: Boolean value to select whether this client
should automatically update its IP address in FreeIPA DNS.

ipa_dyndns_iface: Choose an interface manually to use for
updating dynamic DNS. Default is to use the interface associated
with the LDAP connection to FreeIPA.

This patch supports A and AAAA records. It relies on the presence
of the nsupdate tool from the bind-utils package to perform the
actual update step. The location of this utility is set at build
time, but its availability is determined at runtime (so clients
that do not require dynamic update capability do not need to meet
this dependency).





This adds two new options:

ipa_dyndns_update: Boolean value to select whether this client
should automatically update its IP address in FreeIPA DNS.

ipa_dyndns_iface: Choose an interface manually to use for
updating dynamic DNS. Default is to use the interface associated
with the LDAP connection to FreeIPA.

This patch supports A and AAAA records. It relies on the presence
of the nsupdate tool from the bind-utils package to perform the
actual update step. The location of this utility is set at build
time, but its availability is determined at runtime (so clients
that do not require dynamic update capability do not need to meet
this dependency).







Add support for delayed kinit if offline
2010-05-07T20:38:23+00:00

Sumit Bose
sbose@redhat.com

2010-04-19T09:59:09+00:00

fc7ec12f1b851bab1eedf3ecdcb094ea80b46dd2

If the configuration option krb5_store_password_if_offline is set to
true and the backend is offline the plain text user password is stored
and used to request a TGT if the backend becomes online. If available
the Linux kernel key retention service is used.





If the configuration option krb5_store_password_if_offline is set to
true and the backend is offline the plain text user password is stored
and used to request a TGT if the backend becomes online. If available
the Linux kernel key retention service is used.







Add dns_resolver_timeout option
2010-04-30T11:50:58+00:00

Stephen Gallagher
sgallagh@redhat.com

2010-04-26T17:02:04+00:00

fc28a2fa97feab70492b36afcc058d6b3fb52d79

We had a hard-coded timeout of five seconds for DNS lookups in the
async resolver. This patch adds an option 'dns_resolver_timeout'
to specify this value (Default: 5)





We had a hard-coded timeout of five seconds for DNS lookups in the
async resolver. This patch adds an option 'dns_resolver_timeout'
to specify this value (Default: 5)







Do not revert options to defaults in SSSDConfig.get_domain()
2010-03-31T13:34:13+00:00

Stephen Gallagher
sgallagh@redhat.com

2010-03-31T13:10:55+00:00

7acaaa6c6563cf3b8ab20bf6431898d20d735842

There was a faulty check in get_domain() that led to the
*_provider options being re-added, sometimes after options related
to them had already been set. If those options had a default
value, they would be overwritten by the default.

Fixes: https://fedorahosted.org/sssd/ticket/441





There was a faulty check in get_domain() that led to the
*_provider options being re-added, sometimes after options related
to them had already been set. If those options had a default
value, they would be overwritten by the default.

Fixes: https://fedorahosted.org/sssd/ticket/441







Fix typo in ldap_id_use_start_tls option description
2010-03-31T13:23:40+00:00

Stephen Gallagher
sgallagh@redhat.com

2010-03-31T13:22:49+00:00

b620ff89f7ba1f2b03e38625d6f41d4dda98108d