| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
These changes allow the server to be built with OpenLDAP (2.4.17+). A brief summary of the changes:
* #defines not provided by OpenLDAP were copied into slapi-plugin.h and protected with #ifndef blocks
* where it made sense, I created slapi wrapper functions for things like URL and LDIF processing to abstract way the differences in the APIs
* I created a new file utf8.c which contains the UTF8 functions from MozLDAP - this is only compiled when using OpenLDAP
* I tried to clean up the code - use the _ext versions of LDAP functions everywhere since the older versions should be considered deprecated
* I removed some unused code
NOTE that this should still be considered a work in progress since it depends on functionality not yet present in a released version of OpenLDAP, for NSS crypto and for the LDIF public API.
|
|
|
|
|
|
|
| |
A change was also made to Makefile.am to avoid library versioning
for our C++ plug-in libraries. This change should allow us to use
autogen.sh on recent platforms without running into issues during
build-time.
|
|
|
|
|
|
| |
Also added numericstring syntax support.
For more details, see the design doc at http://directory.fedoraproject.org/wiki/Syntax_Validation_Design
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Support server-to-server SASL - kerberos improvements
Reviewed by: ssorce (Thanks!)
Fix Description: I made several improvements to the kerberos code at
Simo's suggestion
First look for the principal in the ccache. If not found, use the
username if it does not look like a DN. If still not found, construct a
principal using the krb5_sname_to_principal() function to construct
"ldap/fqdn@REALM".
Next, see if the credentials for this principal are still valid. In
order to grab the credentials from the ccache, I needed to construct the
server principal, which in this case is the TGS service principal (e.g.
krbtgt/REALM@REALM). If the credentials are present and not expired,
then the code assumes they are ok and does not acquire new credentials.
If the credentials are expired or not found, the code will then use the
keytab to authenticate.
Based on more feedback from Simo, I made some additional changes:
* Go ahead and reacquire the creds if they have expired or will expire in 30 seconds - this is not configurable but could be made to be - 30 seconds should be long enough so that the credentials will not expire by the time they are actually used deep in the ldap/sasl/gssapi/krb code, and short enough so that this won't cause unnecessary credential churn
* Retry the bind in the case of Ticket expired. There is no way that I can see to get the actual error code - fortunately the extended ldap error message has this information
Platforms tested: Fedora 8, Fedora 9
Flag Day: no
Doc impact: oh yes
|
|
|
|
| |
Summary: Added 64-bit atomic functions for platforms lacking built-ins.
|
|
|
|
| |
Summary: Convert counters to 64-bit capable Slapi_Counter type.
|
|
|
|
|
|
|
|
|
|
| |
Summary: LDAPI: when nsslapd-ldapiautodnsuffix doesn't exist - Bind is incorrect
Description:
- introducing --enable-auto-dn-suffix option to configure (disabled by default)
- building the auto-dn-suffix code only when the option is set
======================
autoconf version 2.59
automake version 1.9.6
|
| |
|
|
|
|
| |
Summary: Add support for 64-bit counters (phase 1).
|
| |
|
|
|
|
| |
Summary: Add CLI for dynamic reload schema file task
|
|
|
|
| |
Summary: Added CLI for creating memberOf fix-up task entry.
|
|
|
|
|
|
| |
Summary: LDAPI: introduce --enable-autobind to support AUTOBIND
Description: --enable-autobind is supported. Unless it's set, the auto-bind
code is not compiled in.
|
| |
|
|
|
|
| |
640:9c57bd91b32f if ipa-memberof.c).
|
|
|
|
| |
Summary: Don't define _XOPEN_SOURCE_EXTENDED on HP-UX.
|
|
|
|
| |
Summary: Solaris: warnings reported by the Solaris compiler
|
|
|
|
| |
Summary: HP-UX: warnings reported by the HP-UX compiler
|
|
|
|
| |
be ignored, which causes rpm packaging errors
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Description: bitwise matching plugin
Fix Description: Samba requires backend LDAP servers to support bitwise operations. This is to support search filters like this:
(|(|(&(!(groupType:1.2.840.113556.1.4.803:=1))(groupType:1.2.840.113556.1.4.803:=2147483648)(groupType:1.2.840.113556.1.4.804:=10))(samAccountType=805306368))(samAccountType=805306369))
Note: This patch works for Samba's tests, but hasn't been more broadly or specifically tested.
This commit also adds an --enable-bitwise option to configure (enabled by default - use --disable-bitwise to disable it) and adds the plugin entry to the configuration during new instance creation.
Platforms tested: FC5/FC6
|
|
|
|
| |
Summary: Modified the with-fhs and with-fhs-opt configure options
|
|
|
|
|
|
|
|
|
| |
Bug Description: Add enable switches for optional/experimental features
Reviewed by: nkinder, nhosoi, prowley (Thanks!)
Fix Description: Added --enable-pam-passthru, --enable-dna, and --enable-ldapi. They are all on by default and must be explicitly disabled (--disable-pam-passthru). These all cause ENABLE_xxx to be defined for C code so that we can enclose the code in #ifdef ENABLE_PAM_PASSTHRU blocks, for example. For the first two, these also cause the plugins to be built - so that if you specify --disable-pam-passthru, the plugin code will not be built at all. I discovered a nifty autoconf macro called AS_HELP_STRING - this nicely formats the help messages output by configure --help. I don't know if it's worth going through all of our m4 code to use this, but I went ahead and fixed configure.ac. Create instance will now add plugin configuration entries (but disabled) for pam passthru and dna if the corresponding ENABLE_ macros are defined. I also fixed a bug with passthru (not pam passthru) - the plugin configuration entry was not being added.
Platforms tested: RHEL4, FC6
Flag Day: no
Doc impact: no
|
|
|
|
| |
Summary: Fixed build flags for compiling with pthread on HP-UX.
|
|
|
|
| |
Summary: Replacing -D<DEFINE> with AC_DEFINE to reduce the compile command line length
|
|
|