| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
| |
This should have been part of d217632.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This implements a function in the Solaris version of the NSS module to
check if a specifc netgroup triplet is part of a netgroup.
This also avoids a compiler warning and includes improvements and
testing by Mark R Bannister.
|
|
|
|
|
|
|
|
|
|
| |
If this option is present, functions which cause all user/group entries
to be loaded (getpwent(), getgrent()) from the directory will not
succeed in doing so. This can dramatically reduce ldap server load in
situations where there are a great number of users and/or groups.
Applications that depend on being able to sequentially read all users
and/or groups may fail to operate correctly. This option is not
recommended for most configurations.
|
|
|
|
|
|
|
| |
This option allows skipping group member list retrieval to improve
performance with very large groups. This option results in inconsistent
group membership information being presented that may confuse some
applications.
|
|
|
|
|
|
|
| |
This only restores the signal mask after signal handlers are in place
and the daemon has completely daemonised to avoid a race condition in
the start-up phase of nslcd where a signal could be sent to nslcd
causing it to quit or fail to write information to the parent process.
|
| |
|
| |
|
| |
|
|
|
|
| |
This fixes a byte order issue when nscd is running.
|
|
|
|
| |
This adds tests for a function and type used in the code.
|
|
|
|
| |
FreeBSD doesn't have ENODATA so we use ENOATTR instead.
|
|
|
|
| |
This was a compatibility leftover from the nss_ldap days.
|
| |
|
|
|
|
|
|
|
| |
This updates the test framework to support --with-module-name, ensures
that exports.map is rebuilt when configure is re-ran, fixes parsing of
nsswitch.conf (to determine what to return for passwd lookups) and fixes
the check for _nss_ldap_version.
|
|
|
|
|
|
|
| |
This disables the use of thread-local storage in the NSS module when it
is not available in libc. This results in the get*ent() functions not
being thread-safe. However, on most platforms they are not expected to
be thread-safe anyway.
|
|
|
|
|
|
|
| |
Update nslcd.conf man page that multiple URIs can be set by using more
uri lines or more URIs defined on one uri line.
https://bugzilla.redhat.com/show_bug.cgi?id=1204195
|
|
|
|
|
|
|
|
| |
In several places the code used a %d format to print a size_t variable.
On amd64 at least size_t is an unsigned long, so use %lu instead.
An alternative would be to use %ud for size_t and %zd fo ssize_t but not
all platforms seem to support that formatter.
|
|
|
|
|
|
|
| |
There are several places where a static length array in a struct is
compared to a null pointer. These comparisons will always be false,
since an array in a struct is not actually a pointer, so they can be
removed.
|
|
|
|
|
| |
Adjust the Linux OOM (Out-Of-Memory) killer score by -1000 for nslcd so
that it should not be killed.
|
|
|
|
| |
This introduces the --with-module-name configure option to allow building of NSS and
PAM modules with different namespaces than ldap.
|
|
|
|
|
| |
This fixes a bug in the NSS library when encountering IPv6 addresses in
the hosts map.
|
|
|
|
|
|
|
| |
Thanks David Binderma for pointing this out.
Note that in practical situations this should not result in any errors
due to the position of searches within the ldap_session struct.
|
|
|
| |
See http://lists.arthurdejong.org/nss-pam-ldapd-users/2014/msg00166.html
|
|
|
| |
Thanks Jianhai Luan.
|
| |
|
|
|
|
|
|
|
|
|
| |
mmkfilter_passwd_byuid()/mkfilter_group_bygid() get wrong filter string
because "%d" will return negative when uid/gid larger than 2^31, and
result to "Authentiction failure".
This also changes the other places where uid_t or gid_t values are
formatted.
|
|
|
|
|
|
|
|
| |
This fixes a problem with a buffer that could end up padded with
garbage.
This also clarifies the code a bit and adds extra logging for errors
that could occur during daemonising.
|
| |
|
|
|
|
|
|
|
|
|
| |
This alleviates some cases where multi-second lag occurs before a query
returns due to some or all connections having been closed by the peer,
e.g. a load balancer timing out old connections, but they are all tried
before opening new connections.
Tested and working on Linux.
|
| |
|
|
|
|
|
|
| |
This uses IP addresses from the RFC 5737 TEST-NET-1 range that is meant
for use in documentation. This avoids issues with running the tests
environments that also use the 10.0.0.0/8 range.
|
| |
|
|
|
|
|
|
| |
This is a small fix for when using nscd (which still does not seem to
work completely). The port is stored in network byte order but should be
printed in host byte order.
|
| |
|
|
|
|
| |
This fixes 15fc13c.
|
|
|
|
| |
This fixes 3d29861.
|
|
|
|
| |
This fixes 2274b41.
|
| |
|
| |
|
|
|
|
|
|
| |
This command can be used to perform a lookup using getgrouplist() to
present a list of returned numeric group ids. This can be used to avoid
the additional lookups that are done with the id and groups commands.
|
|
|
|
|
| |
This clears most buffers that may hold credentials at one point before
free()ing the memory.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
This ensures that controls returned by an LDAP server as part of a
failed BIND operation are also returned. This makes it possible to
distinguish between a wrong password and an expired password.
This also only logs the BIND operation result on DEBUG level (the error
is logged later on).
|
| |
|