> Ok, so there was a LOT happening in this thread, so I'd use some quick > summary. > Since what I'd like to know:
> 1) Does this cyrus-sasl2 fix both the adcli and sssd regressions? > Since we reverted both as people were reporting regressions first for sssd > and then for adcli - not sure which one was the actual cause of it though The cyrus-sasl2 fix fixes the adcli regression, due to adcli changing to using GSS-SPNEGO by default, which was broken. sssd never had a regression in the first place, due to the changes having nothing to do with GSS-SPNEGO. The confusion with sssd came from confused users who did not know that adcli is the program under the hood of realm, and thought that sssd had broken, when in reality, it was adcli. > 2) Does it need fixing for all the stable series where we updated adcli and > (additionally) sssd? cyrus-sasl2 is only broken in Bionic. Focal onward already have the patch and work fine. Let me know if you have any more questions, happy to answer. Thanks, Matthew On Tue, Dec 8, 2020 at 4:57 PM Matthew Ruffell <matthew.ruff...@canonical.com> wrote: > > Hello Eric and Lukasz, > > I have created new debdiffs for adcli. Please review and also sponsor one > of them to -proposed. > > Since there are multiple versions of adcli floating around I made two > debdiffs. > > Please choose the one most convenient / cleanest to apply. > > The first simply builds ontop of 0.8.2-1ubuntu1 currently in -proposed, and is > the version pull-lp-source pulls down. It simply adds the dependency > to the fixed > libsasl2-modules-gssapi-mit package with a greater than or equal to > relationship. > > Use of this debdiff requires 0.8.2-1ubuntu2 to be deleted from the upload > queue, > and treated as 0.8.2-1ubuntu2 never existed. > > https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1906627/+attachment/5441872/+files/lp1906627_adcli_option_one.debdiff > > Option two builds upon 0.8.2-1ubuntu2, and re-applies all of the --use-ldaps > patches from the previous SRU which 0.8.2-1ubuntu2 reverts. It also adds the > dependency to the fixed libsasl2-modules-gssapi-mit package with a > greater than > or equal to relationship. > > https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1906627/+attachment/5441873/+files/lp1906627_adcli_option_two.debdiff > > My preference is for option one, but use whatever is required. I only made > both > of these to lower round trip time due to timezones if you don't like the > option > one idea. > > Thanks, > Matthew > > On Mon, Dec 7, 2020 at 3:25 PM Matthew Ruffell > <matthew.ruff...@canonical.com> wrote: > > > > Hi Eric, Lukasz, > > > > Please review and potentially sponsor the cyrus-sasl2 debdff attached > > to LP1906627. > > > > [1] https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1906627 > > > > It fixes the root cause of the GSS-SPNEGO implementation being incompatible > > with > > Microsoft's implementation in Active Directory. > > > > If you are still planning to re-release adcli and sssd to -security, then > > you > > should also build cyrus-sasl2 in the same way: > > > > https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4336/+packages > > > > Again, I am sorry for causing the regression and these patches should fix > > the > > underlying cause. > > > > Thanks, > > Matthew -- Mailing list: https://launchpad.net/~sts-sponsors Post to : sts-sponsors@lists.launchpad.net Unsubscribe : https://launchpad.net/~sts-sponsors More help : https://help.launchpad.net/ListHelp
