| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
|
|
|
|
|
| |
This replaces e0491d2 to run xmlto from the man directory. This handles
the case more gracefully if xmlto is not available.
|
| |
|
|
|
|
|
|
| |
This fixes an error that could occur when the userPassword was retrieved
from LDAP and insufficient privileges were available for reading the
attribute.
|
|\
| |
| |
| |
| |
| |
| |
| | |
When nslcd receives the SIGUSR1 signal it will retry connecting to
unavailable LDAP servers sooner.
This signal can for example be sent when (re)stablishing a network
connection.
|
| |
| |
| |
| |
| |
| | |
This implements and documents handling of the SIGUSR1 signal in nslcd to
reset the reconnect_sleeptime and reconnect_retrytime timers to re-check
availability of the LDAP server.
|
|/
|
|
|
|
|
|
|
|
| |
This implemens a myldap_immediate_reconnect() function that resets the
reconnect timer to retry failing connections to the LDAP server upon the
next search.
This can be used to cut the reconnect_sleeptime and reconnect_retrytime
sleeping periodss short if we have some indication that the LDAP server
is available again.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This also returns everything except the password hash from the shadow
database to non-root users (nothing was returned before). This allows
non-root users to do PAM authentication in some configurations.
On some systems there is a setgid executable that is allowed to read
/etc/shadow for authentication by e.g. screensavers. Returning no shadow
information will cause pam_unix to deny authorisation in common
configurations.
See:
http://bugs.debian.org/706913
|
| |
|
|
|
|
|
|
|
| |
There is a potential memory leak if the old password is saved multiple
times. Furthermore, PAM_NEW_AUTHTOK_REQD is only allowed as a result of
the authorisation phase, not the authentication phase so there is no use
in checking.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This runs a somewhat limited pylint run against the source files. It
should at least catch some issues.
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| | |
This introduces a -n, --nofork option that skips the deamonising step on
start-up. This may be required for running nslcd from upstart.
See:
https://bugs.launchpad.net/bugs/806761
|
| | |
|
| | |
|
|/ |
|
|\
| |
| |
| |
| | |
This fixes most of the existing caching functionality. Cache expiry,
negative hits and entries going away remain to be implemented.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This removes custom retrieve() functions and Query classes from the
database modules and uses retrieve_sql retrieve_by, group_by and
group_columns to make a custom retrieval query.
In the cache module this completely replaces how the query grouping is
done. The Query class is now only used inside the cache and the
CnAliasedQuery, RowGrouper and related classed have been removed.
|
| | |
|
| |
| |
| |
| | |
This also defined the tables for netgroup storage.
|
| |
| |
| |
| |
| |
| |
| | |
This introduces the tables property in the Cache object that is used to
define the used tables.
This also fixes the storing of mulit-valued attributes in the cache.
|
|/
|
|
|
|
| |
This also moves the creation of a SQLite database connection to a
_get_connection() function to ensure the cache is only created when the
caches are instantiated.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
This allows the PAM module to request the pam_password_prohibit_message
option for denying password change.
|
|
|
|
|
| |
Just like in nslcd this doesn't actually do anything with the session
ids except generating them.
|
| |
|
|
|
|
|
| |
Since the utils are automatically built if Python is available --disable
is more appropriate a default then --enable.
|
|
|
|
|
|
|
|
| |
We need to avoid writing pyc files because during make distcheck, the
source directory is read-only.
This also ensures that the test is skipped if the Python interpreter is
not found.
|
|
|
|
|
|
| |
This fixes a typo, clarifies the section on the LDAP schema values that
are supported and updates the differences between nss-pam-ldapd and
nss_ldap and pam_ldap.
|
| |
|
|\
| |
| |
| | |
The branch accidentally got merged before it was fully tested.
|
| |
| |
| |
| |
| | |
This fixes a few typos and an omission in the configuration file parsing
code.
|
|\|
| |
| |
| |
| | |
This changes the nscd_invalidate option into a more generic
reconnect_invalidate and also allows clearing the nfsidmap cache.
|
| |
| |
| |
| |
| | |
This also renames the internal nscd module to invalidator for both nslcd
and pynslcd. The new invalidator module is now no longer nscd-specific.
|
|/
|
|
| |
This introduces an nfsidmap value for nscd_invalidate which will cause
the nfsidmap -c command to be run.
|
|
|
|
|
| |
The pynslcd implementation would always clear the passwd nscd cache
regardless of the provided map.
|
| |
|
| |
|
| |
|