sssd.git/src/util/domain_info_utils.c, branch simo Unnamed repository; edit this file to name it for gitweb. Stop creating fake sysdb contexts 2013-01-11T15:43:15+00:00 Simo Sorce simo@redhat.com 2013-01-08T19:02:53+00:00 e55fa623db624764446cad7eb3c94b5b6a5a63d9 Now that the sysdb context does not contain anymore domain related data we can simply stop creating faxe sysdb context and just reference the parent context. 
Now that the sysdb context does not contain anymore domain related data
we can simply stop creating faxe sysdb context and just reference the
parent context.
Move mpg flag to the domain where it belongs 2013-01-11T15:43:14+00:00 Simo Sorce simo@redhat.com 2013-01-08T18:45:55+00:00 1abceda09d8a78a4103d0fb829065ce78097ef69 A sysdb contains now multiple domains, but the mpg property is a property of a specific domain not of the underlying database. 
A sysdb contains now multiple domains, but the mpg property is a
property of a specific domain not of the underlying database.
Pass domain to sysdb_get<pw/gr>nam() functions 2013-01-11T15:43:10+00:00 Simo Sorce simo@redhat.com 2013-01-06T22:17:25+00:00 87cf33df962e48a39514d037ddc514ff11081db6 Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore fqnames proper value in subdomains, by testing for a parent domain being present or not. 
Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore
fqnames proper value in subdomains, by testing for a parent domain being
present or not.
Refactor single domain initialization 2013-01-11T15:43:09+00:00 Simo Sorce simo@redhat.com 2013-01-06T08:58:58+00:00 0ffd1aee6bcbefb6b7af09f4f086d8b25e09f5b9 Bring it out of sysdb, which will slowly remove internal dependencies on domains and instead will always require them to be passed by callers. 
Bring it out of sysdb, which will slowly remove internal dependencies on
domains and instead will always require them to be passed by callers.
Refactor the way subdomain accounts are saved 2012-11-19T14:11:03+00:00 Simo Sorce simo@redhat.com 2012-11-16T20:25:42+00:00 8d9e0547a864cee05ab36bc988300c0cfa986025 The original sysdb code had a strong assumption that only users from one domain are saved in the databse, with the subdomain feature, we have changed reality, but have not adjusted all the code arund the sysdb calls to not rely on the original assumption. One of the side effects of this incongrunece is that currently group memberships do not return fully qualified names for subdomain users as they should. In oreder to fix this and other potential issues surrounding the violation of the original assumption, we need to fully qualify subdomain user names. By savin them fully qualified we do not risk aliasing local users and have group memberhips or other name based matching code mistake a domain user with subdomain usr or vice versa. 
The original sysdb code had a strong assumption that only users from one
domain are saved in the databse, with the subdomain feature, we have
changed reality, but have not adjusted all the code arund the sysdb calls
to not rely on the original assumption.

One of the side effects of this incongrunece is that currently group
memberships do not return fully qualified names for subdomain users as they
should.

In oreder to fix this and other potential issues surrounding the violation
of the original assumption, we need to fully qualify subdomain user names.
By savin them fully qualified we do not risk aliasing local users and have
group memberhips or other name based matching code mistake a domain user
with subdomain usr or vice versa.
Make sub-domains case-insensitive 2012-10-26T08:32:06+00:00 Sumit Bose sbose@redhat.com 2012-10-26T07:28:45+00:00 ac7a7ee3d1e138818a1ed78758f7dd3c3306a56b Currently the only type of supported sub-domains are AD domains which are not case-sensitive. To make it easier for Windows user we make sub-domains case-insensitive as well which allows to write the username in any case at the login prompt. If support for other types of sub-domains is added it might be necessary to set the case-sensitive flag based on the domain type. 
Currently the only type of supported sub-domains are AD domains which
are not case-sensitive. To make it easier for Windows user we make
sub-domains case-insensitive as well which allows to write the username
in any case at the login prompt.

If support for other types of sub-domains is added it might be necessary
to set the case-sensitive flag based on the domain type.
Make re_expression and full_name_format per domain options 2012-06-13T01:28:06+00:00 Stef Walter stefw@gnome.org 2012-04-11T13:02:10+00:00 3c60433641ce2e86b9b04778c8f8652ef0d097e4 * Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663 
 * Allows different user/domain qualified names for different
   domains. For example Domain\User or user@domain.
 * The global re_expression and full_name_format options remain
   as defaults for the domains.
 * Subdomains get the re_expression and full_name_format of
   their parent domain.

https://bugzilla.redhat.com/show_bug.cgi?id=811663
Modify behavior of pam_pwd_expiration_warning 2012-05-04T17:36:42+00:00 Jan Zeleny jzeleny@redhat.com 2012-05-01T07:36:37+00:00 bf8cce77a35cb0a3cdb0d21fb9c39b7b6372bc11 New option pwd_expiration_warning is introduced which can be set per domain and can override the value specified by the original pam_pwd_expiration_warning. If the value of expiration warning is set to zero, the filter isn't apllied at all - if backend server returns the warning, it will be automatically displayed. Default value for Kerberos: 7 days Default value for LDAP: don't apply the filter Technical note: default value when creating the domain is -1. This is important so we can distinguish between "no value set" and 0. Without this possibility it would be impossible to set different values for LDAP and Kerberos provider. 
New option pwd_expiration_warning is introduced which can be set per
domain and can override the value specified by the original
pam_pwd_expiration_warning.

If the value of expiration warning is set to zero, the filter isn't
apllied at all - if backend server returns the warning, it will be
automatically displayed.

Default value for Kerberos: 7 days
Default value for LDAP: don't apply the filter

Technical note: default value when creating the domain is -1. This is
important so we can distinguish between "no value set" and 0. Without
this possibility it would be impossible to set different values for LDAP
and Kerberos provider.
Two fixes in responder subdomain code 2012-04-24T18:26:52+00:00 Jan Zeleny jzeleny@redhat.com 2012-04-24T17:25:18+00:00 2c68b4a680e64d8e506794d5976367394133504b 






New config option for subdomains
2012-04-24T13:19:43+00:00

Jan Zeleny
jzeleny@redhat.com

2012-03-14T10:18:45+00:00

8ccb0de226ccb9330f5a6865de487d6f0313902d

subdomain_homedir - if set, it contains default value, can be overriden
in further processing





subdomain_homedir - if set, it contains default value, can be overriden
in further processing