| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|\
| |
| |
| |
| | |
* master:
Update makefile
|
| | |
|
| | |
|
|\|
| |
| |
| |
| | |
* master:
pre_bind: Get gold account status for user binds
|
| | |
|
| | |
|
|\|
| |
| |
| |
| | |
* master:
pre_search: Fix objectClass name in filter string
|
| | |
|
| | |
|
|\|
| |
| |
| |
| |
| | |
* master:
pre_bind: Handle all binds and save extension data
POST_BIND: Remove hook.
|
| |
| |
| |
| |
| |
| | |
The pre_bind method has to handle the binds for service accounts, too.
This way it can save the service name and gold service status after
a successful bind.
|
| |
| |
| |
| |
| |
| |
| | |
post_bind is not exected, if the pre_bind method has completed the
bind operation. Additionally the post_bind method does not have
access to the SLAPI_CONN_DN (bind dn). So we have to find another
method to save the extension data.
|
| | |
|
| | |
|
|\|
| |
| |
| |
| | |
* master:
Use connection private data storage for gold status
|
| |
| |
| |
| |
| |
| |
| | |
After a bind operation the service_name and the gold_service status
is saved in a connection data extension, so that it can be used by
the other methods and f.e. the pre_entry method do not need to build
the service dn again.
|
| | |
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* master:
pre_search: Set filter to speed up the search for gold accounts
Fix version
Get service_base_dn from the plugin arguments
pre_entry: Check for gold service even if a user is authed
pre_entry: Only return gold accounts for gold services
pre_bind: Check permissions for gold services
get_service_dn: Get the service dn from service name
is_service: Add possibility to check for gold services
is_user: Add possibility to check for gold accounts
Use new custom objectClass: splineAccount
Fix Makefile
|
| |
| |
| |
| |
| | |
We do not want to execute the pre_entry hooks for all accounts just to
skip them in the result.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
If a user was authed for a gold service and is searching for other users,
only gold users should be returned. So we need to get the service entry
from the service rdn of the authenticated user.
|
| |
| |
| |
| |
| | |
If an authenticated gold service is searching for accounts, it should
only get the gold accounts.
|
| |
| |
| |
| |
| | |
Authentiction for gold services should only be possible for
gold accounts.
|
| |
| |
| |
| |
| | |
This is not really working, because the base_dn of the service
accounts is missing. This will be added later.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
| |
If a service wants to get the user information by searching for the user DN
explicitly (maybe with a BASE search scope), we need to drop the virtual
prefix for the service (the virtual entry might not even exists or does not
have the requested user infromation). The pre_search plugin method is
executed before all searches and modifies the TARGET_DN if required.
|
|
|
|
|
|
| |
slapu_pblock_set copies the DN into the pblock, because it first has to do a
normalization. So we do not need to create a copy of the supplied value and
have to free the supplied string afterwards.
|
|
|
|
| |
We cannot use auth_method, because we cannot set it (denied by openldap).
|
|
|
|
|
|
| |
If a connection is bind against a virtual service password entry, we need to
rewrite the user entries, too. A service might search for the user entry after
authorizing to get the userdata.
|
| |
|
|
|
|
|
| |
The new signature allows to call is_service, without the requirement to
free the pointer to the service name, if the service name is not required.
|
|
|
|
|
| |
The function dn_contains_uid was used to check, if an entry is an user
account. This check uses the objectClass now.
|
|
|
|
| |
All service accounts now have to have the serviceAccount object class.
|
| |
|
| |
|
|
|
|
|
|
| |
If using "slapi_entry_dup" it will create two internal copies of the old
DN, that could not be free'd without reference to internal data structures.
So now we create a new Slapi_Entry, copy all attributes and set the new DN.
|
|
|
|
|
|
| |
Add entry_set_dn to set a new DN and free the memory of the both copies
inside the Slapi_Entry. This currently uses an ugly hack and makes
assumptions about internal data structures.
|
|
|
|
|
|
| |
slapi_attr_get_valueset returns a pointer from the Slapi_Attr* argument. If you free
the Slapi_ValueSet and the Slapi_Attr structures the valuesset is freed twice and
this causes memory corruption and segfaults later.
|
| |
|
| |
|
| |
|
|
|
|
| |
Add doxygen compatible comments to most functions.
|
| |
|