| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
| |
This ensures that /var/run/nslcd is created (when it does not exist)
when starting pynslcd.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This moves the autzsearch_var_add(), autzsearch_vars_free(),
autzsearch_var_get() and do_autzsearches() functions to the top of the
file using more generic names and introduces search_vars_new() in
prepartion of other similar searches.
This also renames the remaining authzsearch functions to authz_search to
be consistent with the pam_authz_search option.
|
|
|
|
|
|
|
|
|
|
|
| |
This ensures that when querying the address 0:18:8a:54:1a:8b both that
format and 00:18:8a:54:1a:8b is searched for in LDAP.
This was triggerred by the fact that ether_ntoa() on FreeBSD returns the
long format while glibc uses the compact format.
Since we are no longer using the libc version of ether_ntoa() we can
also drop the compatibility implementation of ether_ntoa_r().
|
| |
|
| |
|
|
|
|
|
|
| |
The problem was that the ExpressionMapping string value did not include
the quotes which will cause problems when printing the expression (e.g.
when logging or dumping config, etc.).
|
|
|
| |
See https://bugs.debian.org/792871
|
|
|
|
|
|
|
|
|
|
| |
If this option is present, functions which cause all user/group entries
to be loaded (getpwent(), getgrent()) from the directory will not
succeed in doing so. This can dramatically reduce ldap server load in
situations where there are a great number of users and/or groups.
Applications that depend on being able to sequentially read all users
and/or groups may fail to operate correctly. This option is not
recommended for most configurations.
|
|
|
|
|
|
|
| |
This option allows skipping group member list retrieval to improve
performance with very large groups. This option results in inconsistent
group membership information being presented that may confuse some
applications.
|
|
|
|
| |
This introduces the --with-module-name configure option to allow building of NSS and
PAM modules with different namespaces than ldap.
|
| |
|
| |
|
|
|
|
|
|
| |
This allows remapping the member attribute to an empty string which
removes support for that attribute. This can reduce the number of search
operations if the attribute is not used.
|
|
|
|
|
|
| |
This also invalidates the caches configured with reconnect_invalidate on
the first successful search. This should handle the case more gracefully
where caches were filled with negative hits before nslcd was running.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This fixes an error that could occur when the userPassword was retrieved
from LDAP and insufficient privileges were available for reading the
attribute.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This removes custom retrieve() functions and Query classes from the
database modules and uses retrieve_sql retrieve_by, group_by and
group_columns to make a custom retrieval query.
In the cache module this completely replaces how the query grouping is
done. The Query class is now only used inside the cache and the
CnAliasedQuery, RowGrouper and related classed have been removed.
|
| |
|
|
|
|
| |
This also defined the tables for netgroup storage.
|
|
|
|
|
|
|
| |
This introduces the tables property in the Cache object that is used to
define the used tables.
This also fixes the storing of mulit-valued attributes in the cache.
|
|
|
|
|
|
| |
This also moves the creation of a SQLite database connection to a
_get_connection() function to ensure the cache is only created when the
caches are instantiated.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
This allows the PAM module to request the pam_password_prohibit_message
option for denying password change.
|
|
|
|
|
| |
Just like in nslcd this doesn't actually do anything with the session
ids except generating them.
|
| |
|
|
|
|
|
| |
This fixes a few typos and an omission in the configuration file parsing
code.
|
|
|
|
|
| |
This also renames the internal nscd module to invalidator for both nslcd
and pynslcd. The new invalidator module is now no longer nscd-specific.
|
|
|
|
| |
This introduces an nfsidmap value for nscd_invalidate which will cause
the nfsidmap -c command to be run.
|
|
|
|
|
| |
The pynslcd implementation would always clear the passwd nscd cache
regardless of the provided map.
|
| |
|
|
|
|
|
|
|
| |
This tries to conform more closely to PEP8. Imports have been checked and,
if used only once, moved closer to the use to avoid potential import
loops. This also includes a few other minor changes, like using __main__
for utility scripts and variable renames to avoid name clashes.
|
|
|
|
| |
modification
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Similar to the nslcd implementation, this currently only covers modifying the
homeDirectory and loginShell attributes.
|