| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
This supports both `uri DNSLDAPS` and `uri DNSLDAPS:some.domain`
variants alongside the pre-existing `uri DNS` that was already supported
generating ldaps URIs for all SRV records found.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows putting `base ""` in nslcd.conf to specify an empty search
base.
Note that the LDAP server needs to support this. With slapd this
requires setting up an olcDefaultSearchBase attribute in the
olcFrontendConfig object under cn=config or have the database have an
empty suffix.
Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/50
|
|
|
|
| |
This option is passed to the LDAP library if it is supported.
|
|
|
|
| |
This option is passed to the LDAP library if it is supported.
|
|
|
|
|
|
| |
This option is passed to the LDAP library if it is supported.
Closes https://github.com/arthurdejong/nss-pam-ldapd/pull/41
|
|
|
|
|
|
|
|
|
| |
This adds a domain variable (if it can be determined on the system) that
can be used in pam_authz_search and pam_authc_search filters to build
search filters that search on the domain name (the FQDN without the
starting host name).
Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/8
|
|
|
|
|
|
|
|
| |
This increases the host name buffer to support host names (that include
FQDNs) to 255 characters and removes the reliance on HOST_NAME_MAX and
_POSIX_HOST_NAME_MAX which may be smaller in some situations.
Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/22
|
|
|
|
|
|
|
|
| |
This increases the maximum size of tokens that are read from the
nslcd.conf configuration file to 256 characters. This was a problem for
some very long uri values.
Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/21
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
This fixes a copy-paste bug where nss_disable_enumeration was
incorrectly handled. Fixes c0366d8.
Thanks Andrew W Elble for pointing this out.
|
|
|
|
| |
This option allows completely disabling ppolicy handling.
|
|
|
|
|
| |
This uses access() instead of stat() to see if the file is readable by
the current process. This fixes f089e01.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the check (for configuration options that specify file
names) to just check that the specified path is readable instead of
ensisting that it points to a file.
This allows tls_randfile to point to /dev/urandom (a character device)
or a pipe. This fixes 6779a51.
This also applies the same check to the krb5_ccname option.
Thanks to Patrick McLean for pointing this out.
|
|
|
|
|
|
| |
This adds addition checks to the tls_cacertdir, tls_cacertfile,
tls_randfile, tls_cert and tls_key options to ensure that they point to
an existing file when parsing nslcd.conf.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If this option is present, functions which cause all user/group entries
to be loaded (getpwent(), getgrent()) from the directory will not
succeed in doing so. This can dramatically reduce ldap server load in
situations where there are a great number of users and/or groups.
Applications that depend on being able to sequentially read all users
and/or groups may fail to operate correctly. This option is not
recommended for most configurations.
|
|
|
|
|
|
|
| |
This option allows skipping group member list retrieval to improve
performance with very large groups. This option results in inconsistent
group membership information being presented that may confuse some
applications.
|
|
|
|
|
|
|
|
| |
In several places the code used a %d format to print a size_t variable.
On amd64 at least size_t is an unsigned long, so use %lu instead.
An alternative would be to use %ud for size_t and %zd fo ssize_t but not
all platforms seem to support that formatter.
|
|
|
|
|
|
|
|
|
| |
mmkfilter_passwd_byuid()/mkfilter_group_bygid() get wrong filter string
because "%d" will return negative when uid/gid larger than 2^31, and
result to "Authentiction failure".
This also changes the other places where uid_t or gid_t values are
formatted.
|
|
|
|
|
| |
This adds logging of most cases where a defined buffer is not large
enough to hold provided data on error log level.
|
|
|
|
|
| |
This adds the cache nslcd.conf configuration option to configure the
dn2uid cache in nslcd with a positive and negative cache lifetime.
|
|
|
|
| |
This fixes 2caeef4.
|
| |
|
|
|
|
|
| |
This fixes a few typos and an omission in the configuration file parsing
code.
|
|
|
|
|
| |
This also renames the internal nscd module to invalidator for both nslcd
and pynslcd. The new invalidator module is now no longer nscd-specific.
|
|
|
|
| |
This introduces an nfsidmap value for nscd_invalidate which will cause
the nfsidmap -c command to be run.
|
|
|
|
|
|
| |
This option can be used in both nslcd and pynslcd to enable recursive group
member lookups. By default the functionality is disabled. This also updates
the documentation.
|
| |
|
| |
|
|
|
|
| |
option and allow parentheses (taken from Fedora packages)
|
| |
|
|
|
|
| |
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1920 ef36b2f9-881f-0410-afb5-c4e39611909c
|
|
|
|
| |
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1917 ef36b2f9-881f-0410-afb5-c4e39611909c
|
|
|
|
| |
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1913 ef36b2f9-881f-0410-afb5-c4e39611909c
|
|
|
|
|
|
| |
allocation problems are logged
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1911 ef36b2f9-881f-0410-afb5-c4e39611909c
|
|
|
|
|
|
| |
reconnect_maxsleeptime and tls_checkpeer options which have been replaced some time ago
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1890 ef36b2f9-881f-0410-afb5-c4e39611909c
|
|
|
|
| |
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1889 ef36b2f9-881f-0410-afb5-c4e39611909c
|
|
|
|
|
|
| |
line with manual page
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1888 ef36b2f9-881f-0410-afb5-c4e39611909c
|
|
|
|
| |
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1887 ef36b2f9-881f-0410-afb5-c4e39611909c
|
|
|
|
| |
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1873 ef36b2f9-881f-0410-afb5-c4e39611909c
|
|
|
|
|
|
| |
sasl_canonicalize option is explicitly set in the configuration file
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1824 ef36b2f9-881f-0410-afb5-c4e39611909c
|
|
|
|
|
|
| |
(thanks Marcus Moeller)
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1735 ef36b2f9-881f-0410-afb5-c4e39611909c
|
|
|
|
|
|
| |
default, disable reverse host name lookups in OpenLDAP
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1733 ef36b2f9-881f-0410-afb5-c4e39611909c
|
|
|
|
|
|
| |
group of the specified user and load the user's supplementary groups
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1723 ef36b2f9-881f-0410-afb5-c4e39611909c
|
|
|
|
|
|
| |
option to deny password change introducing a NSLCD_ACTION_CONFIG_GET request thanks to Ted Cheng
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1715 ef36b2f9-881f-0410-afb5-c4e39611909c
|
|
|
|
| |
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1694 ef36b2f9-881f-0410-afb5-c4e39611909c
|
|
|
|
|
|
| |
multiple times
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1679 ef36b2f9-881f-0410-afb5-c4e39611909c
|
|
|
|
|
|
| |
configurable (patch by Matthew L. Dailey)
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1634 ef36b2f9-881f-0410-afb5-c4e39611909c
|