summaryrefslogtreecommitdiff
path: root/nslcd/myldap.c
AgeCommit message (Collapse)Author
2014-11-28no more myldapLuke Shumaker
2014-10-04fooLuke Shumaker
2014-07-02Minor comment spelling fixTim Harder
2014-07-02Check a socket's connectivity before trying to use itTim Harder
This alleviates some cases where multi-second lag occurs before a query returns due to some or all connections having been closed by the peer, e.g. a load balancer timing out old connections, but they are all tried before opening new connections. Tested and working on Linux.
2014-05-17Clear buffers before free-ingArthur de Jong
This clears most buffers that may hold credentials at one point before free()ing the memory.
2014-05-04Also extract policy controls on BIND failureArthur de Jong
This ensures that controls returned by an LDAP server as part of a failed BIND operation are also returned. This makes it possible to distinguish between a wrong password and an expired password. This also only logs the BIND operation result on DEBUG level (the error is logged later on).
2014-05-04Make buffer size error logging consistentArthur de Jong
This adds logging of most cases where a defined buffer is not large enough to hold provided data on error log level.
2014-05-04Warn when binddn buffer is too smallArthur de Jong
2014-01-05Provide a myldap_get_deref_values() functionArthur de Jong
This function looks for deref response controls (LDAP_CONTROL_X_DEREF) in the entry and returns the information from the dereferenced attribute in two lists: dereferenced values and attribute values that could not be dereferenced.
2014-01-05Request attribute deref via search controlArthur de Jong
This uses the LDAP_CONTROL_X_DEREF control as descibed in draft-masarati-ldap-deref-00 to request the LDAP server to dereference member attribute values to uid attribute values in order to avoid doing extra searches. This control is currently only added for group search by looking for the member attribute in the search.
2014-01-05Rename entry property to indicate storage typeArthur de Jong
This changes entrye->rangedattributevalues to entry->buffers because the propery is not only used for ranged attribute values but for anything that can be freed with free().
2014-01-05Ignore missing page controlsArthur de Jong
Since we could get arbitrray controls and are only interested in page controls we ignore failures to find page controls.
2014-01-05Use do_try_search() also for paged searchesArthur de Jong
This also changes do_try_search() to support building continued paged controls and lays the groundwork for adding more search controls.
2013-12-18Centralise buffer sizesArthur de Jong
Common buffer sizes are now stored centrally so it can be easily and consistently updated if required. Some buffers remain with locally defined sizes that do not match a global buffer size.
2013-10-25Also run invalidators on initial connectArthur de Jong
This also invalidates the caches configured with reconnect_invalidate on the first successful search. This should handle the case more gracefully where caches were filled with negative hits before nslcd was running.
2013-08-28Fix for common spelling mistakeArthur de Jong
2013-08-21Implement function for resetting reconnect timesArthur de Jong
This implemens a myldap_immediate_reconnect() function that resets the reconnect timer to retry failing connections to the LDAP server upon the next search. This can be used to cut the reconnect_sleeptime and reconnect_retrytime sleeping periodss short if we have some indication that the LDAP server is available again.
2013-07-26Rename nscd_invalidate option to reconnect_invalidateArthur de Jong
This also renames the internal nscd module to invalidator for both nslcd and pynslcd. The new invalidator module is now no longer nscd-specific.
2013-03-24spelling fixesArthur de Jong
2013-03-09start the nscd invalidator and invalidate the nscd cache after reconnecting ↵Arthur de Jong
to the LDAP server after failure
2013-03-03return the password policy bind information via PAMArthur de Jong
2013-03-03request and parse password policy controls when doing user authentication in ↵Arthur de Jong
nslcd
2013-03-03pass the session along to the do_bind() functionArthur de Jong
2013-01-12have myldap_get_ranged_values() return a list of values instead of a setArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1912 ef36b2f9-881f-0410-afb5-c4e39611909c
2013-01-12fix memory leak in myldap_get_values_len() when using ranged attributes ↵Arthur de Jong
(very unlikely to occur) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1910 ef36b2f9-881f-0410-afb5-c4e39611909c
2013-01-12fix a problem in memory handling in myldap_get_values_len() if malloc() ↵Arthur de Jong
would fail git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1909 ef36b2f9-881f-0410-afb5-c4e39611909c
2013-01-10fix typo in commentArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1906 ef36b2f9-881f-0410-afb5-c4e39611909c
2013-01-05update FIXMEsArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1901 ef36b2f9-881f-0410-afb5-c4e39611909c
2013-01-05inline most is_valid_...() functionsArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1898 ef36b2f9-881f-0410-afb5-c4e39611909c
2013-01-01log and return a diagnostic message instead of just the LDAP error on ↵Arthur de Jong
password change failure git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1895 ef36b2f9-881f-0410-afb5-c4e39611909c
2013-01-01fix setting restart option log message (fixes r1889)Arthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1892 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-12-30remove undocumented restart configuration optionArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1889 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-12-30reorganise and rename configuration options to be in line with manual pageArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1888 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-12-30remove the ldc_ prefix from struct ldap_config fieldsArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1887 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-12-22update C coding style to a more commonly used styleArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1873 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-12-20fix logic error (use && instead of & for logical and)Arthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1868 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-11-13to only set LDAP_OPT_X_SASL_NOCANON if the sasl_canonicalize option is ↵Arthur de Jong
explicitly set in the configuration file git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1824 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-11-11log connection message before clearing error indicators to not hide these ↵Arthur de Jong
log messages in most configurations (fixes r1095) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1814 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-09-16fix logic error when falling back to getting ranged attribute values for ↵Arthur de Jong
possibly binary attributes (thanks scan-build) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1770 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-09-16swap values and buf assignment to avoid compiler alignment warningsArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1769 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-09-01provide an alternative do_rebind() for Netscape LDAPArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1745 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-08-14remove variable definition that was introduced in r1626 but should have been ↵Arthur de Jong
removed in r1714 git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1734 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-08-14introduce a sasl_canonicalize option that will now, by default, disable ↵Arthur de Jong
reverse host name lookups in OpenLDAP git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1733 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-07-08remove duplicate getting of LDAP_OPT_DIAGNOSTIC_MESSAGE (should have been ↵Arthur de Jong
part of r1639) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1714 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-05-18get rid of a few compiler warnings on FreeBSDArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1693 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-03-16always try to log the ldap error, the diagnostic message and errno if ↵Arthur de Jong
available in a consistent format git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1639 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-03-05remove extra newline from log messageArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1627 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-03-05provide more detailed logging information for ldap_start_tls_s() failures ↵Arthur de Jong
(based on a patch by Mel Flynn) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1626 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-02-29log the first 10 search results in debug mode to make debugging easier ↵Arthur de Jong
(patch by Matthijs Kooijman) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1625 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-01-09Warn if ldap_set_option() fails for LDAP_OPT_ERROR_NUMJakub Hrozek
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1593 ef36b2f9-881f-0410-afb5-c4e39611909c
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2025-08-04 08:51:34 +0000