freeipa.git/daemons/ipa-slapi-plugins/ipa-winsync, branch WIP Unnamed repository; edit this file 'description' to name the repository. Treat UPGs correctly in winsync replication 2012-03-15T08:57:37+00:00 Martin Kosek mkosek@redhat.com 2012-03-06T14:59:20+00:00 51601ac794ce589981c0cc3501d91518cea27f15 IPA winsync plugin failed to replicate users when default user group was non-posix even though User Private Groups (UPG) were enabled on the server. Both their uidNumber and gidNumber were empty and they missed essential object classes. When the default user group was made posix and UPG was disabled it did not set gidNumber to the default group gidNumber. This patch improves this behavior to set gidNumber correctly according to UPG configuration and the default group status (posix/non-posix). 4 situations can occur, the following list specifies what value is assigned to user gidNumber: 1) Default group posix, UPG enabled: gidNumber = UPG gidNumber 2) Default group posix, UPG disabled: gidNumber = default group gidNumber 3) Default group non-posix, UPG enabled: gidNumber = UPG gidNumber 4) Default group non-posix, UPG disabled: an error is printed to the dirsrv log as the gidNumber cannot be retrieved. User is replicated in the same way as before this patch, i.e. without essential object classes. https://fedorahosted.org/freeipa/ticket/2436 
IPA winsync plugin failed to replicate users when default user group
was non-posix even though User Private Groups (UPG) were enabled
on the server. Both their uidNumber and gidNumber were empty and
they missed essential object classes. When the default user group
was made posix and UPG was disabled it did not set gidNumber to
the default group gidNumber.

This patch improves this behavior to set gidNumber correctly
according to UPG configuration and the default group status
(posix/non-posix). 4 situations can occur, the following list
specifies what value is assigned to user gidNumber:
 1) Default group posix, UPG enabled: gidNumber = UPG gidNumber
 2) Default group posix, UPG disabled: gidNumber = default
    group gidNumber
 3) Default group non-posix, UPG enabled: gidNumber = UPG gidNumber
 4) Default group non-posix, UPG disabled: an error is printed to
    the dirsrv log as the gidNumber cannot be retrieved. User
    is replicated in the same way as before this patch, i.e.
    without essential object classes.

https://fedorahosted.org/freeipa/ticket/2436
Fix typos 2011-09-07T11:20:42+00:00 Yuri Chornoivan yurchor@ukr.net 2011-09-05T14:30:05+00:00 1785d0a7c1fb5d90945e187b2e94fddf95ead13a Fix "The the" and "classses" in FreeIPA code and messages. https://fedorahosted.org/freeipa/ticket/1480 
Fix "The the" and "classses" in FreeIPA code and messages.

https://fedorahosted.org/freeipa/ticket/1480
memory leak in ipa_winsync_get_new_ds_user_dn_cb 2011-06-28T04:11:04+00:00 Rich Megginson rmeggins@redhat.com 2011-06-25T01:44:05+00:00 cae6f1511ef81c645e1bf873b2ae975190ea5c4c The new_dn_string passed into this function is malloc'd. It must be freed before we reassign the value. 
The new_dn_string passed into this function is malloc'd.  It
must be freed before we reassign the value.
modify user deleted in AD crashes winsync 2011-06-28T04:11:04+00:00 Rich Megginson rmeggins@redhat.com 2011-06-25T01:42:47+00:00 89c67c3ad97f858ebde38a34a7b106379371c125 https://fedorahosted.org/freeipa/ticket/1382 crash in winsync if replaying a MOD and user does not exist in AD If the AD entry is deleted before the deletion can be synced back to IPA, and in the meantime an operation is performed on the corresponding entry in IPA that should be synced to AD, winsync attempts to get the AD entry and it is empty. This just means the operation will not go through, and the entry will be deleted when the sync from AD happens. The IPA winsync plugin needs to handle the case when the ad_entry is NULL. 
https://fedorahosted.org/freeipa/ticket/1382
crash in winsync if replaying a MOD and user does not exist in AD
If the AD entry is deleted before the deletion can be synced back to IPA,
and in the meantime an operation is performed on the corresponding
entry in IPA that should be synced to AD, winsync attempts to get the
AD entry and it is empty.  This just means the operation will not go
through, and the entry will be deleted when the sync from AD happens.
The IPA winsync plugin needs to handle the case when the ad_entry
is NULL.
winsync enables disabled users in AD 2011-06-28T04:11:04+00:00 Rich Megginson rmeggins@redhat.com 2011-06-25T01:38:13+00:00 d43e87e10c9ebe8ee1bc6a1481c0f238b1defc37 https://fedorahosted.org/freeipa/ticket/1379 winsync enables disabled users in AD when the AD entry changes This was likely broken when ipa switched from using CoS/groups for account inactivation to using nsAccountLock directly. The code that handled the account sync in the from AD direction was broken, but was never found before now because it had not been used. The fix is to correctly set or remove nsAccountLock. 
https://fedorahosted.org/freeipa/ticket/1379
winsync enables disabled users in AD when the AD entry changes
This was likely broken when ipa switched from using CoS/groups for account
inactivation to using nsAccountLock directly.  The code that handled the
account sync in the from AD direction was broken, but was never found before
now because it had not been used.  The fix is to correctly set or remove
nsAccountLock.
Make activated/inactivated groups optional 2011-03-01T16:02:55+00:00 Simo Sorce ssorce@redhat.com 2011-02-25T21:56:15+00:00 09dd05b49ac8b5bcb0adcc193e9b943be6471f70 directly change nsAccountLock on the entry if they are not used Fixes: https://fedorahosted.org/freeipa/ticket/1021 
directly change nsAccountLock on the entry if they are not used

Fixes: https://fedorahosted.org/freeipa/ticket/1021
Fix user synchronization. 2011-03-01T16:02:55+00:00 Simo Sorce ssorce@redhat.com 2011-02-25T22:00:24+00:00 83549087b5927acd4ac2d8459970881634d5ae76 We need to set uidNumber and gidNumber to the magic values so that DNA can assign appropriate Ids, otherwise the synchronization of users from AD will fail with an error about posixAccount requiring a missing (uidNumber) attribute. Fixes: https://fedorahosted.org/freeipa/ticket/1020 
We need to set uidNumber and gidNumber to the magic values so that DNA can
assign appropriate Ids, otherwise the synchronization of users from AD will
fail with an error about posixAccount requiring a missing (uidNumber)
attribute.

Fixes: https://fedorahosted.org/freeipa/ticket/1020
Unbreak the ipa winsync plugin. 2011-03-01T16:02:55+00:00 Simo Sorce ssorce@redhat.com 2011-02-25T18:11:34+00:00 1d01ea53f1ecc050ad8e6703a3537912f5f84704 Fix RDN construction. Fixes: https://fedorahosted.org/freeipa/ticket/1015 
Fix RDN construction.

Fixes: https://fedorahosted.org/freeipa/ticket/1015
Set the loginShell attribute on winsynced entries if configured 2011-03-01T16:02:55+00:00 Simo Sorce ssorce@redhat.com 2011-02-18T15:54:31+00:00 b3e9cac972b94444a3e8b1ee94dbd30a49957582 Fixes: https://fedorahosted.org/freeipa/ticket/266 
Fixes: https://fedorahosted.org/freeipa/ticket/266
Mozldap-specific code removed 2011-01-14T22:33:11+00:00 Martin Kosek mkosek@redhat.com 2011-01-14T12:41:05+00:00 bd965c92d829f9d88f4e29f37890c9beffbd716d Mozldap code removed from all sources and configure source script. Now, IPA will compile even when package mozldap-devel is not installed on the system. https://fedorahosted.org/freeipa/ticket/756 
Mozldap code removed from all sources and configure source script.
Now, IPA will compile even when package mozldap-devel is not
installed on the system.

https://fedorahosted.org/freeipa/ticket/756