sssd.git/src/providers/ad, branch master Unnamed repository; edit this file to name it for gitweb. SUDO: AD provider 2014-03-02T19:55:49+00:00 Sumit Bose sbose@redhat.com 2014-02-28T09:05:34+00:00 61804568ce5ede3b1a699cda17c033dd6c23f0e3 This patch adds the sudo target to the AD provider. The main reason is to cover different default settings in the LDAP and AD provider. E.g. the default for ldap_id_mapping is True in the AD provider and False in the LDAP provider. If ldap_id_mapping was not set explicitly in the config file both components worked with different setting. Fixes https://fedorahosted.org/sssd/ticket/2256 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
This patch adds the sudo target to the AD provider. The main reason is
to cover different default settings in the LDAP and AD provider. E.g.
the default for ldap_id_mapping is True in the AD provider and False
in the LDAP provider. If ldap_id_mapping was not set explicitly in the
config file both components worked with different setting.

Fixes https://fedorahosted.org/sssd/ticket/2256

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
DP: Provide separate dp_copy_defaults function 2014-02-26T14:24:40+00:00 Jakub Hrozek jhrozek@redhat.com 2014-02-24T14:42:51+00:00 90afedb00608547ae1f32aa7aafd552c4b306909 https://fedorahosted.org/sssd/ticket/2257 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
https://fedorahosted.org/sssd/ticket/2257

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Fix DEBUG message formatting 2014-02-25T12:38:44+00:00 Jakub Hrozek jhrozek@redhat.com 2014-02-25T12:38:44+00:00 4d69d511ee4843cbdacde2f73ed378182ead83f6 






ad_account_can_shortcut(): return bool instead of errno
2014-02-19T16:06:26+00:00

Pavel Březina
pbrezina@redhat.com

2014-02-14T11:58:07+00:00

4cde267bec52ae1723a125d19439a5c75b47ebb7

Resolves:
https://fedorahosted.org/sssd/ticket/2210

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>





Resolves:
https://fedorahosted.org/sssd/ticket/2210

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>







Make DEBUG macro invocations variadic
2014-02-12T21:30:55+00:00

Nikolai Kondrashov
Nikolai.Kondrashov@redhat.com

2014-02-12T15:12:04+00:00

a3c8390d19593b1e5277d95bfb4ab206d4785150

Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.

This script was used to update the code:

grep -rwl --include '*.[hc]' DEBUG . |
    while read f; do
        mv "$f"{,.orig}
        perl -e \
            'use strict;
             use File::Slurp;
             my $text=read_file(\*STDIN);
             $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
             print $text;' < "$f.orig" > "$f"
        rm "$f.orig"
    done

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>





Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.

This script was used to update the code:

grep -rwl --include '*.[hc]' DEBUG . |
    while read f; do
        mv "$f"{,.orig}
        perl -e \
            'use strict;
             use File::Slurp;
             my $text=read_file(\*STDIN);
             $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
             print $text;' < "$f.orig" > "$f"
        rm "$f.orig"
    done

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>







AD: Remove dead code
2014-02-12T14:35:49+00:00

Jakub Hrozek
jhrozek@redhat.com

2014-02-05T15:40:41+00:00

d3436880c0ec1a7776698c739d4a3edc9a6ac57c

Reviewed-by: Pavel Březina <pbrezina@redhat.com>





Reviewed-by: Pavel Březina <pbrezina@redhat.com>







AD: Only download domains that are set to enumerate
2014-02-12T14:35:40+00:00

Jakub Hrozek
jhrozek@redhat.com

2014-02-05T15:39:47+00:00

957c55df7a7086166fb3c14cead6a0dab8f574c1

Reviewed-by: Pavel Březina <pbrezina@redhat.com>





Reviewed-by: Pavel Březina <pbrezina@redhat.com>







LDAP: Detect the presence of POSIX attributes
2014-02-12T14:26:27+00:00

Jakub Hrozek
jhrozek@redhat.com

2013-12-16T17:36:12+00:00

e81deec535d11912b87954c81a1edd768c1386c9

When the schema is set to AD and ID mapping is not used, there is a one-time
check ran when searching for users to detect the presence of POSIX
attributes in LDAP. If this check fails, the search fails as if no entry
was found and returns a special error code.

The sdap_server_opts structure is filled every time a client connects to
a server so the posix check boolean is reset to false again on connecting
to the server.

It might be better to move the check to where the rootDSE is retrieved,
but the check depends on several features that are not known to the code
that retrieves the rootDSE (or the connection code for example) such as what
the attribute mappings are or the authentication method that should be used.

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>





When the schema is set to AD and ID mapping is not used, there is a one-time
check ran when searching for users to detect the presence of POSIX
attributes in LDAP. If this check fails, the search fails as if no entry
was found and returns a special error code.

The sdap_server_opts structure is filled every time a client connects to
a server so the posix check boolean is reset to false again on connecting
to the server.

It might be better to move the check to where the rootDSE is retrieved,
but the check depends on several features that are not known to the code
that retrieves the rootDSE (or the connection code for example) such as what
the attribute mappings are or the authentication method that should be used.

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>







AD: Remove unused memory contexts
2014-01-31T23:03:28+00:00

Lukas Slebodnik
lslebodn@redhat.com

2014-01-27T13:01:27+00:00

113debb7297f0c02b5be0dd404badeef78841a83

Memory context memctx was unused in functions _ad_servers_init
sdap_ad_tokengroups_update_members





Memory context memctx was unused in functions _ad_servers_init
sdap_ad_tokengroups_update_members







AD: Establish cross-domain memberships after enumeration finishes
2014-01-29T13:08:51+00:00

Jakub Hrozek
jhrozek@redhat.com

2014-01-22T14:21:24+00:00

b4ffa4d19e912740af6df3c1a4fabcea69729885

Because domain enumeration currently works for each domain separately,
the code has to establish cross-domain memberships after all domains are
enumerated. The code works as follows:

    1) check if any *sub*domains were enumerated. If not, do nothing
    2) if any of the groups saved had more original members than
       sysdb members, check if members of these groups can be linked now
       that all users and groups are saved using the orig_member
       attribute of the group matched against originalDN member of the
       user.

Related:
https://fedorahosted.org/sssd/ticket/2142





Because domain enumeration currently works for each domain separately,
the code has to establish cross-domain memberships after all domains are
enumerated. The code works as follows:

    1) check if any *sub*domains were enumerated. If not, do nothing
    2) if any of the groups saved had more original members than
       sysdb members, check if members of these groups can be linked now
       that all users and groups are saved using the orig_member
       attribute of the group matched against originalDN member of the
       user.

Related:
https://fedorahosted.org/sssd/ticket/2142