sssd.git/src/providers/data_provider_be.c, branch simo Unnamed repository; edit this file to name it for gitweb. Add domain argument to sysdb_initgroups() 2013-01-11T15:43:10+00:00 Simo Sorce simo@redhat.com 2013-01-06T22:42:57+00:00 00d0b4cafa2d85ea056eacca7e10da6b789d9980 






Refactor single domain initialization
2013-01-11T15:43:09+00:00

Simo Sorce
simo@redhat.com

2013-01-06T08:58:58+00:00

0ffd1aee6bcbefb6b7af09f4f086d8b25e09f5b9

Bring it out of sysdb, which will slowly remove internal dependencies on
domains and instead will always require them to be passed by callers.





Bring it out of sysdb, which will slowly remove internal dependencies on
domains and instead will always require them to be passed by callers.







DP: invalidate all cached maps if a request for auto.master comes in
2012-12-18T16:25:34+00:00

Jakub Hrozek
jhrozek@redhat.com

2012-12-15T12:20:30+00:00

06cb67c391dd8c2b1542a7d87fb5568fdad448cb

If the Data Provider receives a request for the auto.master map, it
passes on a flag to let the actual provider let know he should
invalidate the existing maps





If the Data Provider receives a request for the auto.master map, it
passes on a flag to let the actual provider let know he should
invalidate the existing maps







Add backchannel NSS provider query on initgr calls
2012-12-05T22:01:37+00:00

Simo Sorce
simo@redhat.com

2012-12-05T17:40:45+00:00

2fdd57d428e0c38e3ce1f9286337f750727f0e2e

This is needed in order to assure the memcache is properly and promptly
cleaned up if a user memberships change on login.

The list of the current groups for the user is sourced before it is
updated and sent to the NSS provider to verify if it has changed after
the update call has been made.





This is needed in order to assure the memcache is properly and promptly
cleaned up if a user memberships change on login.

The list of the current groups for the user is sourced before it is
updated and sent to the NSS provider to verify if it has changed after
the update call has been made.







Refactor the way subdomain accounts are saved
2012-11-19T14:11:03+00:00

Simo Sorce
simo@redhat.com

2012-11-16T20:25:42+00:00

8d9e0547a864cee05ab36bc988300c0cfa986025

The original sysdb code had a strong assumption that only users from one
domain are saved in the databse, with the subdomain feature, we have
changed reality, but have not adjusted all the code arund the sysdb calls
to not rely on the original assumption.

One of the side effects of this incongrunece is that currently group
memberships do not return fully qualified names for subdomain users as they
should.

In oreder to fix this and other potential issues surrounding the violation
of the original assumption, we need to fully qualify subdomain user names.
By savin them fully qualified we do not risk aliasing local users and have
group memberhips or other name based matching code mistake a domain user
with subdomain usr or vice versa.





The original sysdb code had a strong assumption that only users from one
domain are saved in the databse, with the subdomain feature, we have
changed reality, but have not adjusted all the code arund the sysdb calls
to not rely on the original assumption.

One of the side effects of this incongrunece is that currently group
memberships do not return fully qualified names for subdomain users as they
should.

In oreder to fix this and other potential issues surrounding the violation
of the original assumption, we need to fully qualify subdomain user names.
By savin them fully qualified we do not risk aliasing local users and have
group memberhips or other name based matching code mistake a domain user
with subdomain usr or vice versa.







Run IPA subdomain provider if IPA ID provider is configured
2012-11-14T09:42:34+00:00

Sumit Bose
sbose@redhat.com

2012-11-09T20:31:23+00:00

5063dcc5ab685dce325b13b9c1e93cee2a673e60

To make configuration easier the IPA subdomain provider should be always
loaded if the IPA ID provider is configured and the subdomain provider
is not explicitly disabled. But to avoid the overhead of regular
subdomain requests in setups where no subdomains are used the IPA
subdomain provider should behave differently if configured explicit or
implicit.

If the IPA subdomain provider is configured explicitly, i.e.
'subdomains_provider = ipa' can be found in the domain section of
sssd.conf subdomain request are always send to the server if needed.

If it is configured implicitly and a request to the server fails
with an indication that the server currently does not support subdomains
at all, e.g. is not configured to handle trust relationships, a new
request will be only send to the server after a long timeout or after
a going-online event.

To be able to make this distinction this patch save the configuration
status to the subdomain context.

Fixes https://fedorahosted.org/sssd/ticket/1613





To make configuration easier the IPA subdomain provider should be always
loaded if the IPA ID provider is configured and the subdomain provider
is not explicitly disabled. But to avoid the overhead of regular
subdomain requests in setups where no subdomains are used the IPA
subdomain provider should behave differently if configured explicit or
implicit.

If the IPA subdomain provider is configured explicitly, i.e.
'subdomains_provider = ipa' can be found in the domain section of
sssd.conf subdomain request are always send to the server if needed.

If it is configured implicitly and a request to the server fails
with an indication that the server currently does not support subdomains
at all, e.g. is not configured to handle trust relationships, a new
request will be only send to the server after a long timeout or after
a going-online event.

To be able to make this distinction this patch save the configuration
status to the subdomain context.

Fixes https://fedorahosted.org/sssd/ticket/1613







backend: add PAC to the list of known clients
2012-11-12T19:30:01+00:00

Pavel Březina
pbrezina@redhat.com

2012-11-12T15:44:37+00:00

1f60f558ce39a31a457cdeed55c8a71a8b025faa












Include talloc log in our debug facility
2012-10-29T16:15:37+00:00

Michal Zidek
mzidek@redhat.com

2012-10-15T13:24:15+00:00

9e2c64c6d4f5560e27207193efea6536a566865e

https://fedorahosted.org/sssd/ticket/1495





https://fedorahosted.org/sssd/ticket/1495







Make subdomain discovery less noisy
2012-09-24T15:58:10+00:00

Sumit Bose
sbose@redhat.com

2012-09-20T18:16:28+00:00

c3f27432d012dd72f0282bc2c0962264bafacabd

Fixes https://fedorahosted.org/sssd/ticket/1517





Fixes https://fedorahosted.org/sssd/ticket/1517







backend: initialize sudo only when it is enabled in services
2012-09-12T12:27:37+00:00

Pavel Březina
pbrezina@redhat.com

2012-09-10T11:41:08+00:00

30f029ee8e4220cfa03ae06df88860186482b483

https://fedorahosted.org/sssd/ticket/1458

When the responder is disabled and sudo_provider is set explicitly,
a warning is print and the module will be initialized.





https://fedorahosted.org/sssd/ticket/1458

When the responder is disabled and sudo_provider is set explicitly,
a warning is print and the module will be initialized.