| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Added new trusted domain section in the
sssd.conf were the search bases for the
trusted domain can be specified.
Resolves:
https://pagure.io/SSSD/sssd/issue/2599
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Function create_multidom_test_ctx() prepares test environment for
multidomains. This patch enables setting of different params for
each domain.
Resolves:
https://fedorahosted.org/sssd/ticket/3230
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
During the initialization of AD subdomains parameters like the SASL auth
id are determined. Since subdomains use a default set of the AD specific
configuration options the default keytab will be used. If krb5_keytab is
set in sssd.conf for the AD domain this keytab should be used for the
subdomains (domains of the same AD forest) as well.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There was a compile time warning if building with NSS crypto
libraries.
src/tests/cmocka/test_ad_common.c: In function ‘main’:
src/tests/cmocka/test_ad_common.c:873:5: error: implicit declaration of function ‘nspr_nss_cleanu’ [-Werror=implicit-function-declaration]
nspr_nss_cleanup();
^~~~~~~~~~~~~~~~
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
If there is a recently attached PAC blob in the cached user entry the
PAC data is used to update the group memberships data of the user. If
there is no PAC attached or if it is too old the other configured
methods will be used.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
| |
Push/pop global_talloc_context into check_leaks is redudant. It is done
in leak_check_setup() and leak_check_teardown() functions in
src/tests/check_leaks.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2810
Provides a new AD common function ad_ldap_conn_list() that creates a
list of AD connection to use along with properties to avoid mistakes
when manually constructing these lists.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This patch also improved cleanup. The functions
test_ad_create_2way_trust_options created keytab which was used by other
following tests test_ldap_conn_list, test_conn_list. The keytab was not
removed at the end of al tests.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2638
For one-way trusts we can assume that AD domain is the same as the
Kerberis realm. On the other hand, SASL realm and keytab path are
specified, unlike two-way trusts that use the system keytab.
Includes a unit test.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2638
Removed code duplication. Amends unit test to make sure we don't
regress.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2638
Make the function reusable and add a simple unit test.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2638
Better reflects what's going on in the function. Also adds a unit test.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ad_get_dom_ldap_conn() assumed that ad_ctx->ldap_ctx always points at
the LDAP connection for the primary domain, however it turns out that
this is not always the case. It's currently unclear why, but this
connection can sometimes be pointing at a subdomain. Since the value of
subdom_id_ctx->ldap_ctx always points to the correct domain (including
the primary domain case), there's no benefit to trying to shortcut to
the ad_ctx->ldap_ctx when performing this lookup.
This patch also makes a minor tweak to the tests so that the primary
domain passes the sdap_domain_get() check for validity (since it needs
to have a private member assigned).
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
All tests now use the cmocka-1.0-compatible API.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2348
Programs that are supposed to only be executed on the foreground should
log to stderr automatically.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
| |
Since we have the LDAP port of a trusted AD GC always available now, we
can always perform a fallback.
|
| |
|
|
|
|
|
|
|
|
| |
SSSD now defaults to using GC by default. For some environments, for
instance those that don't or can't replicate the POSIX attributes to
Global Catalog, this might not be desirable.
This patch introduces a new option ad_enable_gc, that is enabled by
default. Setting this option to false makes the SSSD contact only the
LDAP port of AD DCs.
|
|
|
ad_id.c and ad_access.c used the same block of code. With the upcoming
option to disable GC lookups, we should unify the code in a function to
avoid breaking one of the code paths.
The same applies for the LDAP connection to the trusted AD DC.
Includes a unit test.
|
