sssd.git/src/providers/ldap, branch sasl_ad_compat Experimental work on SSSD - Systen Security Services Daemon Enable removing nonexisting dn in sdap_handle_account_info 2013-08-07T22:52:02+00:00 Lukas Slebodnik lslebodn@redhat.com 2013-08-02T15:53:52+00:00 edcf38f274b5e9022d4d92d294a9267bec13b882 Change was introduced in commit ca344fde 
Change was introduced in commit ca344fde
Fix memory context for hash entries 2013-08-07T22:30:57+00:00 Sumit Bose sbose@redhat.com 2013-08-07T11:01:09+00:00 f7aef1e3ca5bdcddb6fb7c7e6556315faa96165d In sdap_nested_group_populate_users() username and orignal_dn are allocated on a temporary memory context. If the corresponding user is not found in the cache both are added to a hash which is later on returned to the caller. To avoid a use-after-free when the hash entries are looked up both must be reassigned to the memory context of the hash. 
In sdap_nested_group_populate_users() username and orignal_dn are
allocated on a temporary memory context. If the corresponding user is
not found in the cache both are added to a hash which is later on
returned to the caller. To avoid a use-after-free when the hash entries
are looked up both must be reassigned to the memory context of the hash.
Fix memory context for a state member 2013-08-07T09:36:50+00:00 Sumit Bose sbose@redhat.com 2013-08-07T08:34:52+00:00 9615f4c3c6f6dcc50ee7d4e50020549a2ff720c0 primary_name was allocated on a temporary memory context but as it is a member of the state struct it should belong to the memory context of the state. 
primary_name was allocated on a temporary memory context but as it is a
member of the state struct it should belong to the memory context of the
state.
sudo: print better debug message when a rule has multiple cn values 2013-08-05T14:52:44+00:00 Pavel Březina pbrezina@redhat.com 2013-07-26T10:29:37+00:00 006d178c70e0469061068e607f20446f7995f773 






sudo: skip rule on error instead of failing completely
2013-08-05T14:52:44+00:00

Pavel Březina
pbrezina@redhat.com

2013-07-26T10:25:01+00:00

2c7ab882bcc64c9d2bc16091d10a56073c472775

https://fedorahosted.org/sssd/ticket/2031





https://fedorahosted.org/sssd/ticket/2031







Prevent using uninitialized "group_name" in done section.
2013-07-25T15:43:05+00:00

Lukas Slebodnik
lslebodn@redhat.com

2013-07-25T11:14:10+00:00

73e0e5fc1058e3e2c717c97035e8a378d090db69

Coverity ID: 11927





Coverity ID: 11927







LDAP: Use domain-specific name where appropriate
2013-07-24T11:52:33+00:00

Jakub Hrozek
jhrozek@redhat.com

2013-07-23T10:55:25+00:00

bfd59d1a2d0d45125e5164ef12c425690d519f61

The subdomain users user FQDN in their name attribute. However, handling
of whether to use FQDN in the LDAP code was not really good. This patch
introduces a utility function and converts code that was relying on
user/group names matching to this utility function.

This is a temporary fix until we can refactor the sysdb API in #2011.





The subdomain users user FQDN in their name attribute. However, handling
of whether to use FQDN in the LDAP code was not really good. This patch
introduces a utility function and converts code that was relying on
user/group names matching to this utility function.

This is a temporary fix until we can refactor the sysdb API in #2011.







SIGCHLD handler: do not call callback when pvt data where freed
2013-07-17T13:01:51+00:00

Pavel Březina
pbrezina@redhat.com

2013-06-24T12:53:27+00:00

711bba7e2f72a816774effa389ad13bcc46e7843

https://fedorahosted.org/sssd/ticket/1992





https://fedorahosted.org/sssd/ticket/1992







print hint about password complexity when new password is rejected
2013-07-17T11:13:28+00:00

Pavel Březina
pbrezina@redhat.com

2013-07-15T11:44:31+00:00

6f6e4408cedaebbfcef61e5adb78ba75abe5839d

https://fedorahosted.org/sssd/ticket/1827





https://fedorahosted.org/sssd/ticket/1827







LDAP: When resolving a SID, search for groups first, then users
2013-07-17T11:13:10+00:00

Jakub Hrozek
jhrozek@redhat.com

2013-07-12T15:57:01+00:00

1bb04648878b7b3e3897484e7cfc2d11725c8014

https://fedorahosted.org/sssd/ticket/1997

Most of the time, the SIDs are resolved as a call coming from the PAC
responder during initgroups. In that case at least, it makes sense to
search for group matching that SID first, then users.

We may consider making this behaviour configurable ie for the server
mode where typically the users should be queried first.





https://fedorahosted.org/sssd/ticket/1997

Most of the time, the SIDs are resolved as a call coming from the PAC
responder during initgroups. In that case at least, it makes sense to
search for group matching that SID first, then users.

We may consider making this behaviour configurable ie for the server
mode where typically the users should be queried first.