Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd/cfg.c
Commit message (Collapse)AuthorAgeFilesLines
* Support DNSLDAPS in uriArthur de Jong2021-11-191-6/+26
| | | | | | This supports both `uri DNSLDAPS` and `uri DNSLDAPS:some.domain` variants alongside the pre-existing `uri DNS` that was already supported generating ldaps URIs for all SRV records found.
* Support an empty search baseArthur de Jong2021-11-021-9/+5
| | | | | | | | | | | | This allows putting `base ""` in nslcd.conf to specify an empty search base. Note that the LDAP server needs to support this. With slapd this requires setting up an olcDefaultSearchBase attribute in the olcFrontendConfig object under cn=config or have the database have an empty suffix. Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/50
* Add tls_reqsan to check certificate SANArthur de Jong2021-01-231-13/+49
| | | | This option is passed to the LDAP library if it is supported.
* Add tls_crlfile to check local CRL fileArthur de Jong2021-01-231-2/+22
| | | | This option is passed to the LDAP library if it is supported.
* Add tls_crlcheck to check Certificate Revocation Listsebastienblavier2021-01-181-0/+52
| | | | | | This option is passed to the LDAP library if it is supported. Closes https://github.com/arthurdejong/nss-pam-ldapd/pull/41
* Add domain variable for use in pam_authz_searchArthur de Jong2018-07-211-0/+1
| | | | | | | | | This adds a domain variable (if it can be determined on the system) that can be used in pam_authz_search and pam_authc_search filters to build search filters that search on the domain name (the FQDN without the starting host name). Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/8
* Increase size of hostname bufferArthur de Jong2018-02-171-2/+2
| | | | | | | | This increases the host name buffer to support host names (that include FQDNs) to 255 characters and removes the reliance on HOST_NAME_MAX and _POSIX_HOST_NAME_MAX which may be smaller in some situations. Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/22
* Increase size of config file tokenArthur de Jong2017-12-231-1/+1
| | | | | | | | This increases the maximum size of tokens that are read from the nslcd.conf configuration file to 256 characters. This was a problem for some very long uri values. Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/21
* Support spaces in attribute mapping expressionsArthur de Jong2017-10-131-5/+4
|
* Add the ability to offset UID and GID numbersSeth Wright2017-06-201-0/+14
|
* Add pam_authc_search option parsingArthur de Jong2017-06-151-19/+45
|
* Fix nss_disable_enumeration configurationArthur de Jong2016-02-131-1/+1
| | | | | | | This fixes a copy-paste bug where nss_disable_enumeration was incorrectly handled. Fixes c0366d8. Thanks Andrew W Elble for pointing this out.
* Add pam_authc_ppolicy optionMathieu Baeumler2016-01-061-0/+17
| | | | This option allows completely disabling ppolicy handling.
* Correct file readability checkArthur de Jong2015-11-131-9/+2
| | | | | This uses access() instead of stat() to see if the file is readable by the current process. This fixes f089e01.
* Loosen up file existence checkArthur de Jong2015-08-271-70/+65
| | | | | | | | | | | | | This changes the check (for configuration options that specify file names) to just check that the specified path is readable instead of ensisting that it points to a file. This allows tls_randfile to point to /dev/urandom (a character device) or a pipe. This fixes 6779a51. This also applies the same check to the krb5_ccname option. Thanks to Patrick McLean for pointing this out.
* Check file existence for configuration optionsArthur de Jong2015-07-191-5/+43
| | | | | | This adds addition checks to the tls_cacertdir, tls_cacertfile, tls_randfile, tls_cert and tls_key options to ensure that they point to an existing file when parsing nslcd.conf.
* Allow configuration values longer than 63 charactersJed Liu2015-05-241-2/+2
|
* Implement disable_enumerationAndrew Elble2015-05-011-0/+7
| | | | | | | | | | If this option is present, functions which cause all user/group entries to be loaded (getpwent(), getgrent()) from the directory will not succeed in doing so. This can dramatically reduce ldap server load in situations where there are a great number of users and/or groups. Applications that depend on being able to sequentially read all users and/or groups may fail to operate correctly. This option is not recommended for most configurations.
* Implement nss_getgrent_skipmembersArthur de Jong2015-04-201-1/+8
| | | | | | | This option allows skipping group member list retrieval to improve performance with very large groups. This option results in inconsistent group membership information being presented that may confuse some applications.
* Fix formatting of size_t valuesPatrick McLean2015-03-141-4/+4
| | | | | | | | In several places the code used a %d format to print a size_t variable. On amd64 at least size_t is an unsigned long, so use %lu instead. An alternative would be to use %ud for size_t and %zd fo ssize_t but not all platforms seem to support that formatter.
* uid_t/gid_t should be formatted as unsigned longJason Luan2014-09-301-3/+3
| | | | | | | | | mmkfilter_passwd_byuid()/mkfilter_group_bygid() get wrong filter string because "%d" will return negative when uid/gid larger than 2^31, and result to "Authentiction failure". This also changes the other places where uid_t or gid_t values are formatted.
* Make buffer size error logging consistentArthur de Jong2014-05-041-3/+13
| | | | | This adds logging of most cases where a defined buffer is not large enough to hold provided data on error log level.
* Implement a cache configuration optionArthur de Jong2013-12-211-0/+94
| | | | | This adds the cache nslcd.conf configuration option to configure the dn2uid cache in nslcd with a positive and negative cache lifetime.
* Support printing children search scopeArthur de Jong2013-12-211-0/+3
| | | | This fixes 2caeef4.
* Add cast to int when logging configuration summaryArthur de Jong2013-08-201-3/+3
|
* Fix errors in invalidator changesArthur de Jong2013-07-261-0/+2
| | | | | This fixes a few typos and an omission in the configuration file parsing code.
* Rename nscd_invalidate option to reconnect_invalidateArthur de Jong2013-07-261-7/+7
| | | | | This also renames the internal nscd module to invalidator for both nslcd and pynslcd. The new invalidator module is now no longer nscd-specific.
* Allow invalidating the nfsidmap cacheArthur de Jong2013-07-261-0/+1
| | | | This introduces an nfsidmap value for nscd_invalidate which will cause the nfsidmap -c command to be run.
* Implement a nss_nested_groups configuration optionArthur de Jong2013-03-241-0/+7
| | | | | | This option can be used in both nslcd and pynslcd to enable recursive group member lookups. By default the functionality is disabled. This also updates the documentation.
* fix a few compiler warningsArthur de Jong2013-03-101-0/+2
|
* implement parsing of the nscd_invalidate optionArthur de Jong2013-03-091-22/+82
|
* allow names with one character in default validnames ↵Arthur de Jong2013-02-231-1/+1
| | | | option and allow parentheses (taken from Fedora packages)
* handle the log configuration option in nslcdArthur de Jong2013-02-231-0/+52
|
* dump full nslcd configuration at debug level on start-upArthur de Jong2013-01-181-0/+263
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1920 ef36b2f9-881f-0410-afb5-c4e39611909c
* support children search scope for systems that have itArthur de Jong2013-01-141-0/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1917 ef36b2f9-881f-0410-afb5-c4e39611909c
* reorganise configuration file parsing codeArthur de Jong2013-01-121-561/+535
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1913 ef36b2f9-881f-0410-afb5-c4e39611909c
* check result of set_tolist() to ensure that memory ↵Arthur de Jong2013-01-121-0/+5
| | | | | | allocation problems are logged git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1911 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove deprecated use_sasl, reconnect_tries, ↵Arthur de Jong2012-12-301-18/+2
| | | | | | reconnect_maxsleeptime and tls_checkpeer options which have been replaced some time ago git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1890 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove undocumented restart configuration optionArthur de Jong2012-12-301-8/+0
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1889 ef36b2f9-881f-0410-afb5-c4e39611909c
* reorganise and rename configuration options to be in ↵Arthur de Jong2012-12-301-27/+26
| | | | | | line with manual page git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1888 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove the ldc_ prefix from struct ldap_config fieldsArthur de Jong2012-12-301-89/+87
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1887 ef36b2f9-881f-0410-afb5-c4e39611909c
* update C coding style to a more commonly used styleArthur de Jong2012-12-221-603/+652
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1873 ef36b2f9-881f-0410-afb5-c4e39611909c
* to only set LDAP_OPT_X_SASL_NOCANON if the ↵Arthur de Jong2012-11-131-1/+1
| | | | | | sasl_canonicalize option is explicitly set in the configuration file git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1824 ef36b2f9-881f-0410-afb5-c4e39611909c
* change the default value of sasl_canonicalize to yes ↵Arthur de Jong2012-08-311-1/+3
| | | | | | (thanks Marcus Moeller) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1735 ef36b2f9-881f-0410-afb5-c4e39611909c
* introduce a sasl_canonicalize option that will now, by ↵Arthur de Jong2012-08-141-0/+17
| | | | | | default, disable reverse host name lookups in OpenLDAP git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1733 ef36b2f9-881f-0410-afb5-c4e39611909c
* on startup have the gid option default to the primary ↵Arthur de Jong2012-07-201-3/+16
| | | | | | group of the specified user and load the user's supplementary groups git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1723 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a pam_password_prohibit_message nslcd.conf ↵Arthur de Jong2012-07-081-0/+22
| | | | | | option to deny password change introducing a NSLCD_ACTION_CONFIG_GET request thanks to Ted Cheng git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1715 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement extra range checking of all numeric valuesArthur de Jong2012-05-201-2/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1694 ef36b2f9-881f-0410-afb5-c4e39611909c
* allow the pam_authz_search option to be specified ↵Arthur de Jong2012-05-041-3/+12
| | | | | | multiple times git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1679 ef36b2f9-881f-0410-afb5-c4e39611909c
* make whether or not to do case-sensitive filtering ↵Arthur de Jong2012-03-131-0/+6
| | | | | | configurable (patch by Matthew L. Dailey) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1634 ef36b2f9-881f-0410-afb5-c4e39611909c