| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
The pre_bind method has to handle the binds for service accounts, too.
This way it can save the service name and gold service status after
a successful bind.
|
| |
|
|
|
|
|
| |
post_bind is not exected, if the pre_bind method has completed the
bind operation. Additionally the post_bind method does not have
access to the SLAPI_CONN_DN (bind dn). So we have to find another
method to save the extension data.
|
| |
|
|
|
|
|
| |
After a bind operation the service_name and the gold_service status
is saved in a connection data extension, so that it can be used by
the other methods and f.e. the pre_entry method do not need to build
the service dn again.
|
| |
|
|
|
| |
We do not want to execute the pre_entry hooks for all accounts just to
skip them in the result.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
If a user was authed for a gold service and is searching for other users,
only gold users should be returned. So we need to get the service entry
from the service rdn of the authenticated user.
|
| |
|
|
|
| |
If an authenticated gold service is searching for accounts, it should
only get the gold accounts.
|
| |
|
|
|
| |
Authentiction for gold services should only be possible for
gold accounts.
|
| |
|
|
|
| |
This is not really working, because the base_dn of the service
accounts is missing. This will be added later.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
If a service wants to get the user information by searching for the user DN
explicitly (maybe with a BASE search scope), we need to drop the virtual
prefix for the service (the virtual entry might not even exists or does not
have the requested user infromation). The pre_search plugin method is
executed before all searches and modifies the TARGET_DN if required.
|
| |
|
|
|
|
| |
slapu_pblock_set copies the DN into the pblock, because it first has to do a
normalization. So we do not need to create a copy of the supplied value and
have to free the supplied string afterwards.
|
| |
|
|
| |
We cannot use auth_method, because we cannot set it (denied by openldap).
|
| |
|
|
|
|
| |
If a connection is bind against a virtual service password entry, we need to
rewrite the user entries, too. A service might search for the user entry after
authorizing to get the userdata.
|
| | |
|
| |
|
|
|
| |
The new signature allows to call is_service, without the requirement to
free the pointer to the service name, if the service name is not required.
|
| |
|
|
|
| |
The function dn_contains_uid was used to check, if an entry is an user
account. This check uses the objectClass now.
|
| |
|
|
| |
All service accounts now have to have the serviceAccount object class.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
If using "slapi_entry_dup" it will create two internal copies of the old
DN, that could not be free'd without reference to internal data structures.
So now we create a new Slapi_Entry, copy all attributes and set the new DN.
|
| |
|
|
|
|
| |
Add entry_set_dn to set a new DN and free the memory of the both copies
inside the Slapi_Entry. This currently uses an ugly hack and makes
assumptions about internal data structures.
|
| |
|
|
|
|
| |
slapi_attr_get_valueset returns a pointer from the Slapi_Attr* argument. If you free
the Slapi_ValueSet and the Slapi_Attr structures the valuesset is freed twice and
this causes memory corruption and segfaults later.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Add doxygen compatible comments to most functions.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
The function could be used in more cases, if it checks if the supplied DN
contains a uid and does not generate the parent_dn. The parent_dn is
generated before calling the function.
|
| | |
|
| |
|
|
| |
Add pre_bind function for service password fallback.
|
| | |
|
| | |
|
| | |
|
| |
|
