sssd.git/src/providers/ipa/ipa_views.c, branch prompting Unnamed repository; edit this file to name it for gitweb. IPA: Use search timeout, not enum timeout for searching overrides 2015-12-09T13:12:14+00:00 Jakub Hrozek jhrozek@redhat.com 2015-12-07T15:39:02+00:00 a687f4473bf305bc2ccb075cd93154c9d661b638 Related: https://fedorahosted.org/sssd/ticket/2866 If the LDAP connection is still established when the client moves offline, we rely on the search timeout to find out the client is offline. The override search used the enum timeout defaults to 60 seconds. That caused too long delays in going offline. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Related:
    https://fedorahosted.org/sssd/ticket/2866

If the LDAP connection is still established when the client moves
offline, we rely on the search timeout to find out the client is
offline. The override search used the enum timeout defaults to 60 seconds.
That caused too long delays in going offline.

Reviewed-by: Sumit Bose <sbose@redhat.com>
views: Add is_default_view helper function 2015-07-02T11:37:38+00:00 Michal Židek mzidek@redhat.com 2015-06-24T16:03:49+00:00 9ac2a33f4cdc4941fa63118dcffe8058854f33c4 Ticket: https://fedorahosted.org/sssd/ticket/2641 Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Ticket:
https://fedorahosted.org/sssd/ticket/2641

Reviewed-by: Pavel Reichl <preichl@redhat.com>
IPA: add get_be_acct_req_for_user_name() 2015-01-13T17:17:16+00:00 Sumit Bose sbose@redhat.com 2014-12-10T14:02:15+00:00 d32b165fad7b89462f49c82349e1df5a2343afa2 Related to https://fedorahosted.org/sssd/ticket/2481 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Related to https://fedorahosted.org/sssd/ticket/2481

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
IPA: check overrrides for IPA users as well 2014-11-20T09:52:57+00:00 Sumit Bose sbose@redhat.com 2014-11-05T14:58:04+00:00 acebf94a16c91b17c7c082538ab3083ee26aa992 Currently overrides were only available for sub-domains, e.g. trusted AD domains. With this patch overrides can be used for IPA users as well. Related to https://fedorahosted.org/sssd/ticket/2481 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Currently overrides were only available for sub-domains, e.g. trusted AD
domains. With this patch overrides can be used for IPA users as well.

Related to https://fedorahosted.org/sssd/ticket/2481

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
ipa: add get_be_acct_req_for_uuid() 2014-11-20T09:52:51+00:00 Sumit Bose sbose@redhat.com 2014-11-07T14:05:41+00:00 1c82a31a254c2fca6dfa3e3b52986b75221d8742 This new call creates the needs data for a lookup by UUID which is needed when trying to find the original object for an IPA override object. Related to https://fedorahosted.org/sssd/ticket/2481 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This new call creates the needs data for a lookup by UUID which is
needed when trying to find the original object for an IPA override
object.

Related to https://fedorahosted.org/sssd/ticket/2481

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
ipa: fix issues with older servers not supporting views 2014-10-22T10:37:41+00:00 Sumit Bose sbose@redhat.com 2014-10-22T08:03:09+00:00 44329653f423c632b027065a9c0ea0bf4199396a Older FreeIPA servers which do not know about the ipaAssignedIDView attribute will return an error during the LDAP dereference request because SSSD marks LDAP extensions as critical. In this case we keep the view name empty and skip override lookups. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Older FreeIPA servers which do not know about the ipaAssignedIDView
attribute will return an error during the LDAP dereference request
because SSSD marks LDAP extensions as critical. In this case we keep the
view name empty and skip override lookups.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
views: search overrides for user and group requests 2014-10-16T15:56:18+00:00 Sumit Bose sbose@redhat.com 2014-10-01T15:04:44+00:00 ed4a9bd4d0f7fb359bed66a8d63a92e7be633aae If the name or the POSIX ID of a user or a group is overridden the search request for those objects have to check the overide objects first before looking up the original objects. This patch adds a new request for the IPA sub-domain users which checks the overrides first if - SSSD is running in ipa-server-mode and a name or a POSIX ID is searched, since we do not override the SIDs we can skip the search in the override tree here - if the responder indicates it has not found the corresponding object in the cache and the input might be an override name or ID and not the original one of an object. If an override object was found the SID is extracted from the anchor attribute and the original object is search by its SID. If no override object was found the original object is search with the original input and finally it is checked if an override object exits for the found object. Relates to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
If the name or the POSIX ID of a user or a group is overridden the
search request for those objects have to check the overide objects first
before looking up the original objects.

This patch adds a new request for the IPA sub-domain users which checks
the overrides first if
- SSSD is running in ipa-server-mode and a name or a POSIX ID is
  searched, since we do not override the SIDs we can skip the search in
  the override tree here
- if the responder indicates it has not found the corresponding object
  in the cache and the input might be an override name or ID and not the
  original one of an object.

If an override object was found the SID is extracted from the anchor
attribute and the original object is search by its SID. If no override
object was found the original object is search with the original input
and finally it is checked if an override object exits for the found
object.

Relates to https://fedorahosted.org/sssd/ticket/2375

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
views: get overrides during user and group lookups 2014-10-16T15:56:14+00:00 Sumit Bose sbose@redhat.com 2014-09-23T11:13:37+00:00 9c8db0a17a66c58c36966b17d004142a4aaace8d With this patch the IPA provider will check if overrides exists for the given view during the lookup of users and groups from trusted domains. In ipa-server-mode the default view is automatically applied and written to the cache. On IPA clients which use the extdom plugin for user and group lookups the override data is saved separately and the original object and the override data are linked with DN attributes for faster reference. Related to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
With this patch the IPA provider will check if overrides exists for the
given view during the lookup of users and groups from trusted domains.
In ipa-server-mode the default view is automatically applied and written
to the cache. On IPA clients which use the extdom plugin for user and
group lookups the override data is saved separately and the original
object and the override data are linked with DN attributes for faster
reference.

Related to https://fedorahosted.org/sssd/ticket/2375

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
views: add ipa_get_ad_override_send() 2014-10-16T15:56:02+00:00 Sumit Bose sbose@redhat.com 2014-09-17T13:25:04+00:00 0f3df54840ec9a050cc0b1b68269c3f28c859e64 Related to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Related to https://fedorahosted.org/sssd/ticket/2375

Reviewed-by: Pavel Březina <pbrezina@redhat.com>