Menu
▾
▴
[Opensc-commits] [OpenSC/pam_pkcs11] f7e4ef: Move building the LDAP filter into a subfunction
|
From: GitHub <no...@gi...> - 2014-08-28 07:58:46
|
Branch: refs/heads/master Home: https://github.com/OpenSC/pam_pkcs11 Commit: f7e4ef273f22c514591d8fb35b2adfb72fdf8c48 https://github.com/OpenSC/pam_pkcs11/commit/f7e4ef273f22c514591d8fb35b2adfb72fdf8c48 Author: Nalin Dahyabhai <na...@re...> Date: 2014-08-27 (Wed, 27 Aug 2014) Changed paths: M src/mappers/ldap_mapper.c Log Message: ----------- Move building the LDAP filter into a subfunction Move building the filter that we use to find the user's entry into a subfunction, in preparation for giving it more capabilities. Commit: e4e023e6710c7e1ed4a7390aa0e66dc12df6422a https://github.com/OpenSC/pam_pkcs11/commit/e4e023e6710c7e1ed4a7390aa0e66dc12df6422a Author: Nalin Dahyabhai <na...@re...> Date: 2014-08-27 (Wed, 27 Aug 2014) Changed paths: M src/mappers/ldap_mapper.c Log Message: ----------- When searching LDAP, filter on the certificate When searching LDAP for an entry for a user, incorporate the contents of the certificate in the filter that we send to the directory server. Now that we let the directory server look for entries with the certificate in them, we don't need to walk the list of certificates in the retrieved entry to check for matches, because the server says they're there. Commit: 95fdf12d66cee3af0cdcc8ff9704f220b7317c08 https://github.com/OpenSC/pam_pkcs11/commit/95fdf12d66cee3af0cdcc8ff9704f220b7317c08 Author: Nalin Dahyabhai <na...@re...> Date: 2014-08-27 (Wed, 27 Aug 2014) Changed paths: M src/mappers/ldap_mapper.c Log Message: ----------- Skip reading user certificates from LDAP Since we're letting the server handle matching the user's certificate, we don't need to bother with caching certificates that we've read from the directory server. Commit: 3f1f9adb32475cc1bfc9016d5c8f723cef8d8d3d https://github.com/OpenSC/pam_pkcs11/commit/3f1f9adb32475cc1bfc9016d5c8f723cef8d8d3d Author: Nalin Dahyabhai <na...@re...> Date: 2014-08-27 (Wed, 27 Aug 2014) Changed paths: M doc/README.ldap_mapper M doc/pam_pkcs11.xml M src/mappers/ldap_mapper.c Log Message: ----------- Add an LDAP "uid_attribute", use it to speed up Add an option to name an attribute of a user entry in the directory server which contains the user name. If it's specified, search for entries that just match the certificate, and read the user name from a matching entry. If not, fall back to the old method of iterating through all user names to find an entry that matches both the user name and the certificate. The first method should be faster. Commit: 75f819358dd7ffed0cc5e5738d64cdf8c8619c50 https://github.com/OpenSC/pam_pkcs11/commit/75f819358dd7ffed0cc5e5738d64cdf8c8619c50 Author: Nalin Dahyabhai <na...@re...> Date: 2014-08-27 (Wed, 27 Aug 2014) Changed paths: M doc/README.ldap_mapper M src/mappers/ldap_mapper.c Log Message: ----------- Add "attribute_map" to LDAP mapping Add an "attribute_map" list setting. Items in the list take the form "ldap_attribute_name=cert_attribute", where "ldap_attribute_name" is an attribute that we'll name in a search filter, and cert_attribute is one of "cn", "subject", "kpn", "email", "upn", "uid", or "cert". When searching the directory, we'll try the configured map attribute pairs before falling back to the traditional map: the attribute named by the "attribute" configuration setting should contain the certificate. Commit: c42da2ab7832e7e935fdc0493effd420a00b299d https://github.com/OpenSC/pam_pkcs11/commit/c42da2ab7832e7e935fdc0493effd420a00b299d Author: Nalin Dahyabhai <na...@re...> Date: 2014-08-27 (Wed, 27 Aug 2014) Changed paths: M doc/README.ldap_mapper M doc/pam_pkcs11.xml M src/mappers/ldap_mapper.c Log Message: ----------- Treat "attribute_map" as a list of ANDed clauses As before, an "attribute_map" entry can specify a single LDAP attribute and type of certificate data to compare it with. Modify this so that a list entry can include multiple clauses joined by an '&' character. Commit: c7f4a9a6dda7dc10287f489d9cba1b39e852cbeb https://github.com/OpenSC/pam_pkcs11/commit/c7f4a9a6dda7dc10287f489d9cba1b39e852cbeb Author: Ludovic Rousseau <lud...@gm...> Date: 2014-08-28 (Thu, 28 Aug 2014) Changed paths: M doc/README.ldap_mapper M doc/pam_pkcs11.xml M src/mappers/ldap_mapper.c Log Message: ----------- Merge pull request #6 from nalind/master Changes (most of them optional) to how the LDAP mapper does matching Compare: https://github.com/OpenSC/pam_pkcs11/compare/97855e85a8b5...c7f4a9a6dda7 |
