freeipa.git/daemons/ipa-slapi-plugins, branch my-master FreeIPA patches CLDAP: Return empty reply on non-fatal errors 2013-05-23T19:08:52+00:00 Simo Sorce simo@redhat.com 2013-05-23T14:06:22+00:00 fd1fb069a36e2810dc45751ab452d7c5406f3e6c Windows DCs return an empty reply when a legal request cannot satisfied. If we get EINVAL or ENOENT it means the information requested could not be found or input parameters were bogus. Always return an empty reply in these cases. On any other internal error just return, the request may have been legit but we can't really handle it right now, pretend we never saw it and hope the next attempt will succeed. Fixes: https://fedorahosted.org/freeipa/ticket/3639 Signed-off-by: Simo Sorce <simo@redhat.com> 
Windows DCs return an empty reply when a legal request cannot satisfied.
If we get EINVAL or ENOENT it means the information requested could not be
found or input parameters were bogus.
Always return an empty reply in these cases.

On any other internal error just return, the request may have been legit but we
can't really handle it right now, pretend we never saw it and hope the next
attempt will succeed.

Fixes: https://fedorahosted.org/freeipa/ticket/3639

Signed-off-by: Simo Sorce <simo@redhat.com>
CLDAP: Fix domain handling in netlogon requests 2013-05-23T16:55:27+00:00 Simo Sorce simo@redhat.com 2013-05-23T14:04:11+00:00 47256da0944c1c346cbae9b8c7c8a13cb210844d 1. Stop using getdomainname() as it is often not properly initialized 2. The code using getdomainname() was not working anyway it was trying to look at the function call output in hostname which is always empty at that point. 3. Always check the requested domain matches our own, we cannot reply to anything else anyway. Pre-requisite to fix: https://fedorahosted.org/freeipa/ticket/3639 Signed-off-by: Simo Sorce <simo@redhat.com> 
1. Stop using getdomainname() as it is often not properly initialized
2. The code using getdomainname() was not working anyway it was trying to
look at the function call output in hostname which is always empty at that
point.
3. Always check the requested domain matches our own, we cannot reply to
anything else anyway.

Pre-requisite to fix: https://fedorahosted.org/freeipa/ticket/3639

Signed-off-by: Simo Sorce <simo@redhat.com>
WIP: Check for account/pw expiration in pre-bind 2013-05-23T16:55:27+00:00 Simo Sorce simo@redhat.com 2013-05-09T18:25:14+00:00 6b4066ff5c7472aecaffd158615e549e1e9fc419 Insure user accounts are valid and the password is not expired before allowing a password bind. TODO: handle returning a control with more detailed information about failures (only if explicitly requested by client) 
Insure user accounts are valid and the password is not expired
before allowing a password bind.

TODO: handle returning a control with more detailed information about
failures (only if explicitly requested by client)
Add OTP support to ipa-pwd-extop 2013-05-17T07:30:51+00:00 Nathaniel McCallum npmccallum@redhat.com 2013-04-16T20:00:09+00:00 5b58348cd316dd817672cb81358ed557c28e09d3 During LDAP bind, this now plugin determines if a user is enabled for OTP authentication. If so, then the OTP is validated in addition to the password. This allows 2FA during user binds. https://fedorahosted.org/freeipa/ticket/3367 http://freeipa.org/page/V3/OTP 
During LDAP bind, this now plugin determines if a user is enabled
for OTP authentication. If so, then the OTP is validated in addition
to the password. This allows 2FA during user binds.

    https://fedorahosted.org/freeipa/ticket/3367
    http://freeipa.org/page/V3/OTP
Remove unnecessary prefixes from ipa-pwd-extop files 2013-05-17T07:30:51+00:00 Nathaniel McCallum npmccallum@redhat.com 2013-05-09T18:43:17+00:00 1e1bab4edc0ce4b70a370deac8109092b53b97a2 






Allow ID-to-SID mappings in the extdom plugin
2013-05-02T20:57:12+00:00

Sumit Bose
sbose@redhat.com

2013-04-26T15:20:49+00:00

c152c9e7ff2ea49dd65dd6d59672f92602bd3d9f

https://fedorahosted.org/freeipa/ticket/3596





https://fedorahosted.org/freeipa/ticket/3596







Do not store SID string in a local buffer
2013-05-02T20:57:12+00:00

Sumit Bose
sbose@redhat.com

2013-04-26T07:21:43+00:00

0f43cd6ea0d4528638e14a544c62d53e439778e6

https://fedorahosted.org/freeipa/ticket/3596





https://fedorahosted.org/freeipa/ticket/3596







Do not lookup up the domain too early if only the SID is known
2013-05-02T20:57:12+00:00

Sumit Bose
sbose@redhat.com

2013-04-24T12:44:54+00:00

631b3cf7cd85d310773e84569bf29b37ff5cec1b

Request with a SID as input parameter do not contain the domain name,
hence is must be tried to resolve the SID first before the corresponding
domain can be looked up.

https://fedorahosted.org/freeipa/ticket/3596





Request with a SID as input parameter do not contain the domain name,
hence is must be tried to resolve the SID first before the corresponding
domain can be looked up.

https://fedorahosted.org/freeipa/ticket/3596







ipa-pwd-extop: do not use dn until it is really set
2013-04-02T13:39:28+00:00

Sumit Bose
sbose@redhat.com

2013-02-22T08:40:35+00:00

7b45e33400355df44e75576ef7f70a39d163bf8e

https://fedorahosted.org/freeipa/ticket/3539





https://fedorahosted.org/freeipa/ticket/3539







Remove build warnings
2013-03-29T07:59:36+00:00

Martin Kosek
mkosek@redhat.com

2013-03-12T14:28:58+00:00

13b1028ac832c29656c6711834f05f7b34c75cfa

Fix rpm build warnings report in Fedora 19 build.

https://fedorahosted.org/freeipa/ticket/3500





Fix rpm build warnings report in Fedora 19 build.

https://fedorahosted.org/freeipa/ticket/3500