summaryrefslogtreecommitdiffstats
path: root/daemons/configure.ac
Commit message (Collapse)AuthorAgeFilesLines
* Add OTP last token pluginNathaniel McCallum2014-02-211-0/+1
| | | | | | | | | | This plugin prevents the deletion or deactivation of the last valid token for a user. This prevents the user from migrating back to single factor authentication once OTP has been enabled. Thanks to Mark Reynolds for helping me with this patch. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add libotp internal library for slapi pluginsNathaniel McCallum2014-02-141-0/+1
| | | | Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Enable building in C99 modeNathaniel McCallum2014-02-141-1/+1
| | | | | | | | | | | | | C99 is supported on all compilers we target and provides some useful features, including: * Standard struct initializers * Compound literals * For-loop declarations * Standard bool type * Variable arrays (use with caution) * Too many others to mention... Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Move ipa-otpd socket directoryNathaniel McCallum2014-02-111-3/+3
| | | | | https://fedorahosted.org/freeipa/ticket/4167 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Prevent *.pyo and *.pyc multilib problemsMartin Kosek2013-08-131-0/+1
| | | | | | | | | | | | | Differences in the python byte code fails in a build validation (rpmdiff) done on difference architecture of the same package. This patch: 1) Ensures that timestamps of generated *.pyo and *.pyc files match 2) Python integer literals greater or equal 2^32 and lower than 2^64 are converted to long right away to prevent different type of the integer on architectures with different size of int https://fedorahosted.org/freeipa/ticket/3858
* Use libunistring ulc_casecmp() on unicode stringsNathaniel McCallum2013-07-181-0/+10
| | | | https://fedorahosted.org/freeipa/ticket/3772
* Use pkg-config to detect cmockaLukas Slebodnik2013-07-151-25/+12
| | | | https://fedorahosted.org/freeipa/ticket/3434
* Remove winbind client configure checkSumit Bose2013-07-111-11/+0
| | | | | With the replacement of the winbind calls in the extdom plugin none of the plugins is using the winbind client libraries anymore.
* extdom: replace winbind calls with POSIX/SSSD callsSumit Bose2013-07-111-0/+1
| | | | | | | | | | | | | | | With the new ipa_server_mode SSSD is able to read user and group data from trusted AD domains directly and makes this data available via the NSS responder. With this mode enabled winbind is not needed anymore to lookup users and groups of trusted domains. This patch removed the calls to winbind from the extdom plugin and replaces them with standard POSIX calls like getpwnam() and calls from libsss_nss_idmap to lookup SIDs. Fixes https://fedorahosted.org/freeipa/ticket/3637 because now the extdom plugin does not need to handle idranges anymore, but everything is done inside SSSD.
* Add OTP support to ipa-pwd-extopNathaniel McCallum2013-05-171-33/+6
| | | | | | | | | During LDAP bind, this now plugin determines if a user is enabled for OTP authentication. If so, then the OTP is validated in addition to the password. This allows 2FA during user binds. https://fedorahosted.org/freeipa/ticket/3367 http://freeipa.org/page/V3/OTP
* Add the krb5/FreeIPA RADIUS companion daemonNathaniel McCallum2013-05-171-60/+37
| | | | | | | | | | | This daemon listens for RADIUS packets on a well known UNIX domain socket. When a packet is received, it queries LDAP to see if the user is configured for RADIUS authentication. If so, then the packet is forwarded to the 3rd party RADIUS server. Otherwise, a bind is attempted against the LDAP server. https://fedorahosted.org/freeipa/ticket/3366 http://freeipa.org/page/V3/OTP
* ipasam: add enumeration of UPN suffixes based on the realm domainsAlexander Bokovoy2013-03-291-0/+10
| | | | | | | | | | | | | | | | PASSDB API in Samba adds support for specifying UPN suffixes. The change in ipasam will allow to pass through list of realm domains as UPN suffixes so that Active Directory domain controller will be able to recognize non-primary UPN suffixes as belonging to IPA and properly find our KDC for cross-realm TGT. Since Samba already returns primary DNS domain separately, filter it out from list of UPN suffixes. Also enclose provider of UPN suffixes into #ifdef to support both Samba with and without pdb_enum_upn_suffixes(). Part of https://fedorahosted.org/freeipa/ticket/2848
* Add support for cmocka C-Unit Test frameworkSumit Bose2013-03-281-0/+31
| | | | | | | | cmocka is a more advanced unit test framework for C-code than the currently used check framework. This patch adds configure checks and makefile variables so that new unit tests can use cmocka. Fixes https://fedorahosted.org/freeipa/ticket/3434
* Add 389 DS plugin for special idnsSOASerial attribute handlingPetr Spacek2013-03-221-0/+1
| | | | | | | | | Default value "1" is added to replicated idnsZone objects if idnsSOASerial attribute is missing. https://fedorahosted.org/freeipa/ticket/3347 Signed-off-by: Petr Spacek <pspacek@redhat.com>
* Bump 389-ds-base minimum in our spec fileMartin Kosek2012-12-071-1/+1
| | | | | Our code needs both Requires and BuildRequires set to 389-ds-base which supports transactions. Also add the requires to configure.ac.
* Allow silent build if availableSumit Bose2012-07-061-0/+1
|
* Add range check preop pluginSumit Bose2012-06-291-0/+1
| | | | | | | To make sure that ID ranges do not overlap this plugin checks new additions and changes for conflicts with existing ranges. https://fedorahosted.org/freeipa/ticket/2185
* Add external domain extop DS pluginSumit Bose2012-06-281-1/+18
| | | | | | This extop can be used by clients of the IPA domain, e.g. sssd, to retrieve data from trusted external domains. It can be used e.g. to map Windows SIDs to user or groups names and back.
* Add configure check for C Unit-Test framework checkSumit Bose2012-06-281-0/+10
| | | | The framework can be found at http://check.sourceforge.net.
* Add sidgen postop and taskSumit Bose2012-06-281-0/+1
| | | | | | | | A postop plugin is added to create the SID for new created users and groups. A directory server task allows to set the SID for existing users and groups. Fixes https://fedorahosted.org/freeipa/ticket/2825
* slapi-plugins: use thread-safe ldap librarySimo Sorce2012-01-131-1/+1
|
* Add ipasam samba passdb backendSumit Bose2011-12-061-1/+6
| | | | https://fedorahosted.org/freeipa/ticket/1874
* Create skeleton CLDAP server as a DS pluginSimo Sorce2011-11-211-0/+2
|
* Add support for generating PAC for AS requests for user principalsSimo Sorce2011-11-071-0/+10
|
* daemons: Remove ipa_kpasswdSimo Sorce2011-08-261-1/+0
| | | | | | Now that we have our own database we can properly enforce stricter constraints on how the db can be changed. Stop shipping our own kpasswd daemon and instead use the regular kadmin daemon.
* ipa-kdb: Initial plugin skeletonSimo Sorce2011-08-261-0/+1
|
* Update kerberos password policy values on LDAP binds.Rob Crittenden2011-01-211-0/+1
| | | | | | | | | | | | | | | On a failed bind this will update krbLoginFailedCount and krbLastFailedAuth and will potentially fail the bind altogether. On a successful bind it will zero krbLoginFailedCount and set krbLastSuccessfulAuth. This will also enforce locked-out accounts. See http://k5wiki.kerberos.org/wiki/Projects/Lockout for details on kerberos lockout. ticket 343
* Mozldap-specific code removedMartin Kosek2011-01-141-9/+4
| | | | | | | | Mozldap code removed from all sources and configure source script. Now, IPA will compile even when package mozldap-devel is not installed on the system. https://fedorahosted.org/freeipa/ticket/756
* Drop dependency on mozldapRob Crittenden2011-01-121-7/+0
|
* Do not use LDAP_DEPRECATED in pluginsJakub Hrozek2011-01-071-0/+2
| | | | | | | | | Remove the LDAP_DEPRECATED constant and do not use functions that are marked as deprecated in recent OpenLDAP releases. Also always define WITH_{MOZLDAP,OPENLDAP} since there are conditional header includes that depend on that constant. https://fedorahosted.org/freeipa/ticket/576
* Make use of mozldap vs openldap for plugins selectableSimo Sorce2010-12-061-4/+17
|
* build tweaks - use automake's foreign mode, avoid creating empty files to ↵Nalin Dahyabhai2010-11-291-1/+1
| | | | satisfy gnu mode - run autoreconf -f to ensure that everything matches
* Stricter compilation flagsJakub Hrozek2010-11-221-0/+2
| | | | | | | Use a little stricter compilation flags, in particular -Wall and treat implicit function declarations as errors. Signed-off-by: Simo Sorce <ssorce@redhat.com>
* uuid plugin: convert the plugin to use the libuuid librarySimo Sorce2010-11-151-0/+8
| | | | | | | | | | The DS guys decided not to expose the DS inetrnal functions used to generate UUIDs for DS. This means the interface is not guaranteed to be available. Switch the ipa_uuid plugin to use the system libuuid plugin instead. NOTE: This causes once again a change in the tring format used for UUIDs. fixes: https://fedorahosted.org/freeipa/ticket/465
* Add new plugin used to modify related attributes after a modrdn operation.Simo Sorce2010-10-281-0/+1
|
* Error out when configure finds missing dependenciesRob Crittenden2010-10-261-1/+2
| | | | ticket 315
* ipa-uuid: DNA-like plugin that generates uuidsSimo Sorce2010-10-221-0/+1
|
* Remove ipa-memberof, memberof plugin is now included in 389 DSSimo Sorce2010-10-151-1/+0
|
* Always detect openldap and mozldap at the same timeSimo Sorce2010-10-071-42/+32
| | | | | | Slapi plugins must use mozldap because 389 ds is compiled against that. ipa_kpasswd, instead, should be linked against openldap. So always make sure both are available.
* Fix for include problems relating to NSS3, NSPR4 and SVRCORERob Crittenden2010-09-161-6/+25
| | | | | | | This addresses some problems trying to build on non-Fedora/RHEL distributions, notably Gentoo and Ubuntu/Debian. Patch contributed by Ian Kumlien <pomac@vapor.com>
* Enforce existence of 389-ds header files.Rob Crittenden2010-08-061-0/+7
| | | | ticket #82
* Replication version checking.Rob Crittenden2010-06-241-0/+1
| | | | | | | | Whenever we upgrade IPA such that any data incompatibilities might occur then we need to bump the DATA_VERSION value so that data will not replicate to other servers. The idea is that you can do an in-place upgrade of each IPA server and the different versions own't pollute each other with bad data.
* Enrollment for a host in an IPA domainRob Crittenden2009-09-241-0/+1
| | | | | | | | | | | | This will create a host service principal and may create a host entry (for admins). A keytab will be generated, by default in /etc/krb5.keytab If no kerberos credentails are available then enrollment over LDAPS is used if a password is provided. This change requires that openldap be used as our C LDAP client. It is much easier to do SSL using openldap than mozldap (no certdb required). Otherwise we'd have to write a slew of extra code to create a temporary cert database, import the CA cert, ...
* Remove our copy of the DNA plugin and use the one that comes with DS.Rob Crittenden2009-03-061-1/+0
| | | | | The DS plugin does config checking when adding new entries online so we are dropping the Posix subtree.
* Minor cleanup of configure.acRob Crittenden2009-02-051-1/+0
|
* Get merged tree into an installalble state.Rob Crittenden2009-02-031-0/+291
I have only tested the all, rpms and *clean targets directly. install may work but the rpm moves a lot of things around for us. The Apache configuration file isn't in its final state but it works with the new mod_python configuration.
generated by cgit (git 2.34.1) at 2024-11-12 14:45:02 +0000