647 Commits

Author	SHA1	Message	Date
Quanah Gibson-Mount	6c4d6c880b	Happy New Year!	2016-01-29 13:32:05 -06:00
Howard Chu	fb00ef1915	ITS#8294 more for prev commit	2015-10-29 20:31:36 +00:00
Howard Chu	01c27e1342	ITS#8294 avoid symbol clash with other crypto libs	2015-10-29 20:19:00 +00:00
Howard Chu	639da48fdc	ITS#8230 add GnuTLS/nettle support	2015-09-25 19:28:18 +01:00
Howard Chu	ccedb68ee2	ITS#8230 fix padding count	2015-09-25 18:53:05 +01:00
Howard Chu	6e4c747d5d	ITS#8230 Don't skip tval on big-endian	2015-09-25 18:52:24 +01:00
Ryan Tandy	f81bec6184	ITS#8235 fix compiler warnings	2015-09-02 13:15:23 -07:00
Ryan Tandy	9d2dc5dd24	ITS#8198 use #elif instead of #else for gnutls cases ... Reserve #else for actual fallback cases.	2015-08-22 18:59:13 -07:00
Luca Bruno	709a0f4a97	ITS#8198 Optionally use libnettle instead of OpenSSL for crypto ... OpenLDAP can be configured to be either built with OpenSSL or GnuTLS. This commit adds support for building pw-pbkbdf2 module without OpenSSL, by using PBKDF2 crypto primitives provided by libnettle. Closes hamano/openldap-pbkdf2#2 Signed-off-by: Luca Bruno <luca.bruno@rocket-internet.de>	2015-08-22 19:35:38 +00:00
Luca Bruno	ba20d70d2b	ITS#8198 Fix an always-true check ... Fixed asprintf return value check, in order to properly catch error conditions. This has been caught by clang -Wtautological-compare: pw-pbkdf2.c:132:17: warning: comparison of unsigned expression < 0 is always false if(msg->bv_len < 0){ ~~~~~~~~~~~ ^ ~ Signed-off-by: Luca Bruno <luca.bruno@rocket-internet.de>	2015-08-22 19:35:34 +00:00
Howard Chu	768967f176	More filter tweaks	2015-08-10 19:36:06 +01:00
Howard Chu	571a7c72fc	Shortcut name mapping ... If the naming attribute is in the RDN we don't need to look it up.	2015-08-09 20:57:49 +01:00
Howard Chu	523f989d8f	More filter mapping ... Was only handling (objectclass=<group>)(<memberUid>=bar). Now handles (objectclass=<group>)(<groupname>=bar) too.	2015-08-07 04:04:22 +01:00
Howard Chu	706bbd42d9	Fix interaction with rwm	2015-08-01 00:35:44 +01:00
Howard Chu	20c0464fed	Also remap explicitly requested attr names	2015-08-01 00:20:49 +01:00
Howard Chu	024d4cbee2	Fix filter init ... compound filters f_next is not ignored	2015-07-28 12:10:54 +01:00
Howard Chu	fb7470d82f	More tweaks ... Check for error on internal search, init AttributeAssertions in constructed filter	2015-07-25 23:23:41 +01:00
Howard Chu	3770a2c1e3	tweak filter mapping in prev commit ... Don't bypass downcasing	2015-07-25 22:31:43 +01:00
Howard Chu	4cbd3b63c0	Add filter remapping	2015-07-25 22:23:46 +01:00
Howard Chu	a8491a63e6	Fix setting authTimestamp on non-TOTP binds	2015-07-16 03:28:37 +01:00
Howard Chu	34e7cbb6fe	Plug memleak on mismatched length	2015-07-13 17:17:42 +01:00
Howard Chu	1ab08d2f8e	Fix whitespace in manpage	2015-07-07 19:10:00 +01:00
Howard Chu	b6208a4474	New ADremap overlay	2015-07-03 20:11:25 +01:00
Howard Chu	e4278b5731	Fix cfg OID typos	2015-07-03 10:52:20 +01:00
Howard Chu	ea43ac38bf	Merge authTimestamp from lastbind overlay ... This code duplicates the basic function of lastbind. The two overlays cannot be used together. The timestamp Mod op is changed to require the old value to still be present at the end of the Bind. This allows us to detect collisions (multiple successful Binds in the same time window) and properly fail the extra Bind attempts.	2015-07-02 20:12:51 +01:00
Howard Chu	e069a79239	Add TOTP pw mechanism	2015-07-02 17:05:14 +01:00
Ryan Tandy	0146e3ddfc	ITS#8097 nssov: clean up some compiler warnings	2015-04-16 03:41:48 +01:00
Ryan Tandy	dc277009e2	ITS#8097 nssov: update to protocol version 2 ... This updates nssov for the protocol changes in nss-pam-ldapd commits 5f55781 and 6a74d8d. The protocol was changed to network byte order, uid_t and gid_t were changed to int32_t, and the READ_TYPE and WRITE_TYPE macros were removed. The PAM protocol was restructured to drop the DN field and to use a common basic set of fields for all requests.	2015-04-16 03:41:30 +01:00
Ryan Tandy	6a28f3dc20	ITS#8097 nssov: update nss-pam-ldapd files to 0.9.4	2015-04-16 03:41:05 +01:00
Howard Chu	2d9f33072b	ITS#8080 nssov: use old pwd if it's given	2015-03-18 20:50:19 +00:00
Ryan Tandy	0200c6d92c	ITS#8080 nssov: allow user pwmod without pwdmgr configured	2015-03-18 20:48:15 +00:00
Ryan Tandy	957d4770eb	ITS#8080 nssov: only allow root to become pwdmgr	2015-03-18 20:47:57 +00:00
Ryan Tandy	7e3177070a	ITS#8080 nssov: require old password unless pwdmgr	2015-03-18 20:47:32 +00:00
Ryan Tandy	05ea78703b	ITS#8079 nssov: fix compare for usergroup ... More for 5c527bc49e	2015-03-15 19:32:29 +00:00
Howard Chu	1859a6f069	ITS#8065 more for syncrepl compat ... Use opextra to detect our own internal ops, not a public control	2015-03-09 19:05:07 +00:00
Howard Chu	9655b23ce0	ITS#8006 more rootdn privs	2015-02-26 00:14:41 +00:00
Howard Chu	91f14e6c39	ITS#8065 don't log/replicate internal ops	2015-02-25 15:34:00 +00:00
Howard Chu	46c07bbfb5	More for prev commit	2015-02-25 00:39:14 +00:00
Howard Chu	79bbf05c5a	More for ITS#6970 ... modrdn had the same bug	2015-02-25 00:30:36 +00:00
Quanah Gibson-Mount	1705fa7e55	Happy New Year	2015-02-11 15:36:57 -06:00
Howard Chu	9232232397	More for ITS#6970	2015-02-02 19:28:59 +00:00
Hallvard Breien Furuseth	0528f9f923	Update wrap_slap_ops. ... Catch a new bi_op_bind[]() case. Silence warnings in END{}.	2015-01-27 23:37:46 +01:00
SATOH Fumiyasu	ea58e1ee55	ITS#7782 tweak contrib/slapd-modules/**/Makefile ... Set LDAP_BUILD=$(LDAP_SRC) by default	2014-12-16 19:52:44 +00:00
Howard Chu	a8bfed69fd	ITS#8006 Use rootdn consistently on internal ops	2014-12-15 20:20:23 +00:00
Howard Chu	b8912c33ba	ITS#8000 silence warnings	2014-12-10 22:24:25 +00:00
Howard Chu	62818acd0a	ITS#7998 silence warning	2014-12-10 21:59:45 +00:00
Howard Chu	f05a39268d	ITS#7997 silence warning	2014-12-10 21:57:44 +00:00
HAMANO Tsukasa	2a43a7d16f	ITS#7977 Add PBKDF2 -SHA256 and -SHA512	2014-11-05 09:29:31 +00:00
Howard Chu	7e7ce79bd7	ITS#6970 more error checks in add_group	2014-07-21 11:32:31 -07:00
Howard Chu	4a1b7556a2	ITS#6970 all attrset params are required	2014-07-21 11:08:03 -07:00