#
73492e0c |
| 18-Jul-2023 |
claudio <claudio@openbsd.org> |
Do not duplicate prototypes of log.h in ypldap.h (without the extra __format__ attribute on top). Also properly ignore SIGHUP in the child processes. OK jmatthew@
|
#
34d9787b |
| 22-May-2023 |
jmatthew <jmatthew@openbsd.org> |
Keep trying LDAP servers until we get full results from one, rather than just until one accepts the TCP connection. In multi server environments, this makes ypldap more resilient when some servers ar
Keep trying LDAP servers until we get full results from one, rather than just until one accepts the TCP connection. In multi server environments, this makes ypldap more resilient when some servers are misbehaving.
While here, add the server address to log messages relating to connection errors to make it easier to identify which server is failing.
ok tb@
show more ...
|
#
45c961fa |
| 31-Mar-2023 |
jmatthew <jmatthew@openbsd.org> |
Only send the used portion of struct idm_req in imsgs from the ldapclient process to the main process. This significantly reduces memory usage when updating larger directories.
ok aisha@
|
#
40c94266 |
| 13-Oct-2022 |
jmatthew <jmatthew@openbsd.org> |
Add client certificate authentication and optional SASL EXTERNAL bind, which allows the client to bind as the subject of the certificate in cases where the directory doesn't implicitly do that.
The
Add client certificate authentication and optional SASL EXTERNAL bind, which allows the client to bind as the subject of the certificate in cases where the directory doesn't implicitly do that.
The client certificate is configured with 'certfile' and 'keyfile' directives, and SASL EXTERNAL bind is configured with the 'bindext' directive.
ok tb@
show more ...
|
#
b245f644 |
| 22-Aug-2022 |
jmatthew <jmatthew@openbsd.org> |
log connect, TLS and bind errors more prominently
|
#
509b4fc5 |
| 05-Feb-2022 |
naddy <naddy@openbsd.org> |
ypldap: fix -Wunused-but-set-variable warnings
* wrlen has been write-only since the code was imported * removing "dns_pid" mirrors ntpd/ntp.c 1.122 * ifdef out unfinished code in yp_check()
ok mil
ypldap: fix -Wunused-but-set-variable warnings
* wrlen has been write-only since the code was imported * removing "dns_pid" mirrors ntpd/ntp.c 1.122 * ifdef out unfinished code in yp_check()
ok millert@ deraadt@
show more ...
|
#
df69c215 |
| 28-Jun-2019 |
deraadt <deraadt@openbsd.org> |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
show more ...
|
#
d464d0de |
| 27-Nov-2018 |
martijn <martijn@openbsd.org> |
Sync aldap and ber with ldap(1).
OK claudio@
|
#
8adff840 |
| 07-Dec-2017 |
zhuk <zhuk@openbsd.org> |
client_addr_init() never fails and its return value is never checked, so just make it void.
okay jmatthew@
|
#
84fa68ae |
| 07-Dec-2017 |
zhuk <zhuk@openbsd.org> |
Fix a potential fd leak in client_aldap_open().
okay jmatthew@
|
#
32814761 |
| 30-May-2017 |
jmatthew <jmatthew@openbsd.org> |
Teach ypldap to use tls when connecting to ldap servers. libtls help from jsing@, linker help from deraadt@
|
#
0be9c890 |
| 20-Jan-2017 |
benno <benno@openbsd.org> |
work on making log.c similar in all daemons:
reduce the (mostly whitespace) differences so that log.c's can be diffed easily. disclaimer change ok henning@.
ok krw@ jmatthew@
|
#
44aaf217 |
| 29-Nov-2016 |
mestre <mestre@openbsd.org> |
Use memset(3) instead of bzero(3)
OK deraadt@
|
#
441150e0 |
| 10-Apr-2016 |
jmatthew <jmatthew@openbsd.org> |
convert ypldap_addr list to a tailq
ok dlg@
|
#
96a267fb |
| 05-Dec-2015 |
claudio <claudio@openbsd.org> |
EAGAIN handling for imsg_read. OK henning@ benno@
|
#
e83a889d |
| 17-Nov-2015 |
deraadt <deraadt@openbsd.org> |
clean headers
|
#
30135bcb |
| 15-Nov-2015 |
jmatthew <jmatthew@openbsd.org> |
pledge for ypldap is easy because it's purely a network program. One process talks to yp clients, one talks to ldap servers, one does dns.
ok deraadt@
|
#
b9fc9a72 |
| 16-Jan-2015 |
deraadt <deraadt@openbsd.org> |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_N
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
show more ...
|
#
85198911 |
| 16-Nov-2014 |
tedu <tedu@openbsd.org> |
use sa_family instead of hard coded inet. from Yury Konovalov
|
#
f485ae0d |
| 13-Jul-2014 |
krw <krw@openbsd.org> |
Since the event(s) passed to a callback can be a mask of all events of interest and EV_WRITE is or'ed into the interesting events, it is more correct to check both events each time. Pointed out by Cl
Since the event(s) passed to a callback can be a mask of all events of interest and EV_WRITE is or'ed into the interesting events, it is more correct to check both events each time. Pointed out by Claudio.
ok henning@ claudio@
show more ...
|
#
42a8b0bc |
| 13-Jul-2014 |
krw <krw@openbsd.org> |
Close connection/remove event handler when msgbuf_write() hits an EOF.
ok jmatthew@ claudio@
|
#
2c6227f2 |
| 26-Nov-2013 |
henning <henning@openbsd.org> |
msgbuf_write EAGAIN, ok gilles benno all of these from a long train ride
|
#
1add6c26 |
| 30-Apr-2013 |
jmatthew <jmatthew@openbsd.org> |
ignore SIGPIPE so we don't fall over if an ldap connection breaks
ok dlg@
|
#
c89bbd07 |
| 30-Apr-2012 |
jmatthew <jmatthew@openbsd.org> |
Use paged searches so we can handle larger directories. Servers that don't understand paging, such as ldapd(8), ignore it and return a single set of results as before. from Jim Smith, some tweaks an
Use paged searches so we can handle larger directories. Servers that don't understand paging, such as ldapd(8), ignore it and return a single set of results as before. from Jim Smith, some tweaks and fixes by me, ok dlg@
show more ...
|
#
b8ccc478 |
| 30-Apr-2012 |
jmatthew <jmatthew@openbsd.org> |
add 'groupdn' option for specifying a separate base DN for group searches. from Jim Smith, ok dlg@
|