[SSSD] Re: [PATCH] LDAP: Print port in sdap_print_server
On Fri, Apr 22, 2016 at 05:04:21PM +0200, Lukas Slebodnik wrote: > On (22/04/16 15:57), Jakub Hrozek wrote: > >On Mon, Apr 11, 2016 at 03:35:52PM +0200, Jakub Hrozek wrote: > >> On Mon, Apr 11, 2016 at 02:58:06PM +0200, Lukas Slebodnik wrote: > >> > On (11/04/16 13:39), Jakub Hrozek wrote: > >> > >On Mon, Apr 11, 2016 at 01:12:51PM +0200, Lukas Slebodnik wrote: > >> > >> ehlo, > >> > >> > >> > >> following patch help me to find out issues with GPO. > >> > >> I think it might be useful also in other cases. > >> > >> > >> > >> But ideal would be if fail-over code would print port as well. > >> > >> ATM "0" is logged as a port with AD. > >> > > > >> > >That's because 'port' has a special meaning in the failover code. > >> > >It's not the networking port, but just an abstract object that binds > >> > >together > >> > >services. And we chose server 0 in the past for AD and IPA because we > >> > >wanted to make sure that identity lookups and authentication are always > >> > >performed against the same server to make sure we don't hit replication > >> > >issues. Otherwise we might be talking to one DC for LDAP lookups and > >> > >another for KDC.. > >> > Thank you for explanation. > >> > It was very confusing to me that "server" has port but "service" > >> > does not have a port. I would expect other way. > >> > > >> > And I would say ti might be confusing for users when they try to > >> > troubleshoot > >> > something. We might use different name then "port" > >> > >> Yes, feel free to file a ticket to rename the internal terminology. I > >> already saw some users confused about using port 0, too. > > > >btw your patch works fine, so ACK, but I'll add your redhat.com address > >before pushing and also wait for CI to satisfy the protocol :) > I noticed wrong email as well but I expected some comments and next version > of patch :-) I didn't find anything else. I tested the patch against an AD DC and made sure that for user lookups, port 389 was printed and for universal group lookups that use a Global Catalog, port 3268 is printed. If you'd like me to do some more testing, just ask, otherwise I'm going to push: https://github.com/jhrozek/sssd/commit/30d66da4485336442c3a4c09f95f15115fec1575 CI: http://sssd-ci.duckdns.org/logs/job/42/64/summary.html (I tested multiple patches together there, but yours was included as well) ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] IPA: terminate properly if view name lookup fails
On Fri, Apr 22, 2016 at 05:41:31PM +0200, Jakub Hrozek wrote: > On Fri, Apr 22, 2016 at 05:34:47PM +0200, Sumit Bose wrote: > > On Fri, Apr 22, 2016 at 05:17:29PM +0200, Jakub Hrozek wrote: > > > On Fri, Apr 22, 2016 at 05:03:06PM +0200, Lukas Slebodnik wrote: > > > > On (22/04/16 15:41), Jakub Hrozek wrote: > > > > >On Tue, Apr 19, 2016 at 04:11:54PM +0200, Sumit Bose wrote: > > > > >> Hi, > > > > >> > > > > >> this is a follow-up patch to 5a5f1e1053415efaa99bb4d5bc7ce7ac0a95b757 > > > > >> which removes another call to ipa_check_master() which might cause an > > > > >> infinite loop on an IPA client if the server does not support views. > > > > >> > > > > >> Please note that this patch is a different one than the one I used > > > > >> for > > > > >> the first test build in > > > > >> https://bugzilla.redhat.com/show_bug.cgi?id=1328108. See comment #12 > > > > >> for > > > > >> details. > > > > >> > > > > >> bye, > > > > >> Sumit > > > > > > > > > >I tested the patch with an SSSD client enrolled against an IPA 3.x > > > > >server without views. Lookups and authentication worked fine. > > > > > > > > > >So ACK from me, but it would be nice to wait for a couple of more days > > > > >for confirmation from the original reporter.. > > > > Timo confirmed this patch on IRC few day(s) ago. > > > > Is it enough? > > > > > > But IIRC it was a first version of the patch, then Sumit changed it.. > > > > no, Timo used the new version, the reporter from rhbz#1328108 tested the > > old version. > > > > bye, > > Sumit > > Ah, OK. Then ACK. * master: 57d8b4b9254442a568838cb60ea16068965f2df0 * sssd-1-13: e5fbaf42f87725e42a40e542c06d5f4cdf4c52c2 ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] IPA: terminate properly if view name lookup fails
On Fri, Apr 22, 2016 at 05:34:47PM +0200, Sumit Bose wrote: > On Fri, Apr 22, 2016 at 05:17:29PM +0200, Jakub Hrozek wrote: > > On Fri, Apr 22, 2016 at 05:03:06PM +0200, Lukas Slebodnik wrote: > > > On (22/04/16 15:41), Jakub Hrozek wrote: > > > >On Tue, Apr 19, 2016 at 04:11:54PM +0200, Sumit Bose wrote: > > > >> Hi, > > > >> > > > >> this is a follow-up patch to 5a5f1e1053415efaa99bb4d5bc7ce7ac0a95b757 > > > >> which removes another call to ipa_check_master() which might cause an > > > >> infinite loop on an IPA client if the server does not support views. > > > >> > > > >> Please note that this patch is a different one than the one I used for > > > >> the first test build in > > > >> https://bugzilla.redhat.com/show_bug.cgi?id=1328108. See comment #12 > > > >> for > > > >> details. > > > >> > > > >> bye, > > > >> Sumit > > > > > > > >I tested the patch with an SSSD client enrolled against an IPA 3.x > > > >server without views. Lookups and authentication worked fine. > > > > > > > >So ACK from me, but it would be nice to wait for a couple of more days > > > >for confirmation from the original reporter.. > > > Timo confirmed this patch on IRC few day(s) ago. > > > Is it enough? > > > > But IIRC it was a first version of the patch, then Sumit changed it.. > > no, Timo used the new version, the reporter from rhbz#1328108 tested the > old version. > > bye, > Sumit Ah, OK. Then ACK. ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] IPA: terminate properly if view name lookup fails
On Fri, Apr 22, 2016 at 05:17:29PM +0200, Jakub Hrozek wrote: > On Fri, Apr 22, 2016 at 05:03:06PM +0200, Lukas Slebodnik wrote: > > On (22/04/16 15:41), Jakub Hrozek wrote: > > >On Tue, Apr 19, 2016 at 04:11:54PM +0200, Sumit Bose wrote: > > >> Hi, > > >> > > >> this is a follow-up patch to 5a5f1e1053415efaa99bb4d5bc7ce7ac0a95b757 > > >> which removes another call to ipa_check_master() which might cause an > > >> infinite loop on an IPA client if the server does not support views. > > >> > > >> Please note that this patch is a different one than the one I used for > > >> the first test build in > > >> https://bugzilla.redhat.com/show_bug.cgi?id=1328108. See comment #12 for > > >> details. > > >> > > >> bye, > > >> Sumit > > > > > >I tested the patch with an SSSD client enrolled against an IPA 3.x > > >server without views. Lookups and authentication worked fine. > > > > > >So ACK from me, but it would be nice to wait for a couple of more days > > >for confirmation from the original reporter.. > > Timo confirmed this patch on IRC few day(s) ago. > > Is it enough? > > But IIRC it was a first version of the patch, then Sumit changed it.. no, Timo used the new version, the reporter from rhbz#1328108 tested the old version. bye, Sumit > ___ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] IPA: terminate properly if view name lookup fails
On Fri, Apr 22, 2016 at 05:03:06PM +0200, Lukas Slebodnik wrote: > On (22/04/16 15:41), Jakub Hrozek wrote: > >On Tue, Apr 19, 2016 at 04:11:54PM +0200, Sumit Bose wrote: > >> Hi, > >> > >> this is a follow-up patch to 5a5f1e1053415efaa99bb4d5bc7ce7ac0a95b757 > >> which removes another call to ipa_check_master() which might cause an > >> infinite loop on an IPA client if the server does not support views. > >> > >> Please note that this patch is a different one than the one I used for > >> the first test build in > >> https://bugzilla.redhat.com/show_bug.cgi?id=1328108. See comment #12 for > >> details. > >> > >> bye, > >> Sumit > > > >I tested the patch with an SSSD client enrolled against an IPA 3.x > >server without views. Lookups and authentication worked fine. > > > >So ACK from me, but it would be nice to wait for a couple of more days > >for confirmation from the original reporter.. > Timo confirmed this patch on IRC few day(s) ago. > Is it enough? But IIRC it was a first version of the patch, then Sumit changed it.. ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] LDAP: Print port in sdap_print_server
On (22/04/16 15:57), Jakub Hrozek wrote: >On Mon, Apr 11, 2016 at 03:35:52PM +0200, Jakub Hrozek wrote: >> On Mon, Apr 11, 2016 at 02:58:06PM +0200, Lukas Slebodnik wrote: >> > On (11/04/16 13:39), Jakub Hrozek wrote: >> > >On Mon, Apr 11, 2016 at 01:12:51PM +0200, Lukas Slebodnik wrote: >> > >> ehlo, >> > >> >> > >> following patch help me to find out issues with GPO. >> > >> I think it might be useful also in other cases. >> > >> >> > >> But ideal would be if fail-over code would print port as well. >> > >> ATM "0" is logged as a port with AD. >> > > >> > >That's because 'port' has a special meaning in the failover code. >> > >It's not the networking port, but just an abstract object that binds >> > >together >> > >services. And we chose server 0 in the past for AD and IPA because we >> > >wanted to make sure that identity lookups and authentication are always >> > >performed against the same server to make sure we don't hit replication >> > >issues. Otherwise we might be talking to one DC for LDAP lookups and >> > >another for KDC.. >> > Thank you for explanation. >> > It was very confusing to me that "server" has port but "service" >> > does not have a port. I would expect other way. >> > >> > And I would say ti might be confusing for users when they try to >> > troubleshoot >> > something. We might use different name then "port" >> >> Yes, feel free to file a ticket to rename the internal terminology. I >> already saw some users confused about using port 0, too. > >btw your patch works fine, so ACK, but I'll add your redhat.com address >before pushing and also wait for CI to satisfy the protocol :) I noticed wrong email as well but I expected some comments and next version of patch :-) LS ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] IPA: terminate properly if view name lookup fails
On (22/04/16 15:41), Jakub Hrozek wrote: >On Tue, Apr 19, 2016 at 04:11:54PM +0200, Sumit Bose wrote: >> Hi, >> >> this is a follow-up patch to 5a5f1e1053415efaa99bb4d5bc7ce7ac0a95b757 >> which removes another call to ipa_check_master() which might cause an >> infinite loop on an IPA client if the server does not support views. >> >> Please note that this patch is a different one than the one I used for >> the first test build in >> https://bugzilla.redhat.com/show_bug.cgi?id=1328108. See comment #12 for >> details. >> >> bye, >> Sumit > >I tested the patch with an SSSD client enrolled against an IPA 3.x >server without views. Lookups and authentication worked fine. > >So ACK from me, but it would be nice to wait for a couple of more days >for confirmation from the original reporter.. Timo confirmed this patch on IRC few day(s) ago. Is it enough? LS ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] AD: use krb5_keytab for subdomain initialization
On Fri, Apr 22, 2016 at 03:20:56PM +0200, Jakub Hrozek wrote: > On Wed, Apr 13, 2016 at 03:45:22PM +0200, Sumit Bose wrote: > > Hi, > > > > this is a bit of a follow-up patch to "subdomains: inherit > > ldap_krb5_keytab". It turned out that if the default keytab contains > > some completely unrelated keys the SASL initialization might e.g. pick a > > wrong realm name because the alternative keytab was only added later > > during the initialization. > > > > bye, > > Sumit > > > > How do I test this patch? I tried to set: > krb5_keytab = /tmp/another.keytab > which was just a copy of the ordinary host keytab, but then lookups of > users from trusted domains stopped working.. did you set 'subdomain_inherit = ldap_krb5_keytab' as well? bye, Sumit > ___ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] LDAP: Print port in sdap_print_server
On Mon, Apr 11, 2016 at 03:35:52PM +0200, Jakub Hrozek wrote: > On Mon, Apr 11, 2016 at 02:58:06PM +0200, Lukas Slebodnik wrote: > > On (11/04/16 13:39), Jakub Hrozek wrote: > > >On Mon, Apr 11, 2016 at 01:12:51PM +0200, Lukas Slebodnik wrote: > > >> ehlo, > > >> > > >> following patch help me to find out issues with GPO. > > >> I think it might be useful also in other cases. > > >> > > >> But ideal would be if fail-over code would print port as well. > > >> ATM "0" is logged as a port with AD. > > > > > >That's because 'port' has a special meaning in the failover code. > > >It's not the networking port, but just an abstract object that binds > > >together > > >services. And we chose server 0 in the past for AD and IPA because we > > >wanted to make sure that identity lookups and authentication are always > > >performed against the same server to make sure we don't hit replication > > >issues. Otherwise we might be talking to one DC for LDAP lookups and > > >another for KDC.. > > Thank you for explanation. > > It was very confusing to me that "server" has port but "service" > > does not have a port. I would expect other way. > > > > And I would say ti might be confusing for users when they try to > > troubleshoot > > something. We might use different name then "port" > > Yes, feel free to file a ticket to rename the internal terminology. I > already saw some users confused about using port 0, too. btw your patch works fine, so ACK, but I'll add your redhat.com address before pushing and also wait for CI to satisfy the protocol :) ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] intg: Use different uid range for add_remove tests
On Wed, Apr 20, 2016 at 01:35:03PM +0200, Petr Cech wrote: > On 04/20/2016 12:52 PM, Lukas Slebodnik wrote: > > On (20/04/16 12:36), Petr Cech wrote: > > > >On 04/18/2016 10:34 AM, Lukas Slebodnik wrote: > > > > >>ehlo, > > > > >> > > > > >>I use special local user for building srpms in mock > > > > >>and it caused failures for me with running integration tests. > > > > >> > > > > >>Attached patch is a workaround. The proper solution would be to wrap > > > > >>detection of active users in CWRAP enviroment. > > > > >> > > > > >>LS > > > > > > > >Hi Lukas, > > > > > > > >I see it is Subject: [PATCH 2/3] intg: Use different... Is this one > > > >patch all > > It is a single patch. > > I just generated more patches together:-) > > OK :-) > > > LS > > > > > >what you want to attached? I just check it. > > > > > > > >The code looks good to me => I will add final ACK after CI passed. > > > > > > > >CI hash: b3ca357..eb352af > > > > > > thank you for review > > You're welcome. > > > LS > > CI passed: > http://sssd-ci.duckdns.org/logs/job/42/49/summary.html > > ACK (final) * master: e97d9972e8ad05dff1a3b99468ee5728c2c183a8 ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] IPA: terminate properly if view name lookup fails
On Tue, Apr 19, 2016 at 04:11:54PM +0200, Sumit Bose wrote: > Hi, > > this is a follow-up patch to 5a5f1e1053415efaa99bb4d5bc7ce7ac0a95b757 > which removes another call to ipa_check_master() which might cause an > infinite loop on an IPA client if the server does not support views. > > Please note that this patch is a different one than the one I used for > the first test build in > https://bugzilla.redhat.com/show_bug.cgi?id=1328108. See comment #12 for > details. > > bye, > Sumit I tested the patch with an SSSD client enrolled against an IPA 3.x server without views. Lookups and authentication worked fine. So ACK from me, but it would be nice to wait for a couple of more days for confirmation from the original reporter.. ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] [PATCH SET] Make the negcache timeout part of nc_ctx
Hi,
attached patch set resolves ticket [1].
It is a refactor of negative cache. I prepared patch set step by step,
so reviewer can do review simpler. If you prefer two bigger patches
please write me.
Notice: This patch set is applicable after [2]
[1] https://fedorahosted.org/sssd/ticket/2317
[2]
https://www.mail-archive.com/sssd-devel@lists.fedorahosted.org/msg26506.html
Regards
--
Petr^4 Čech
>From cbb73503b07ef3776a72f90c6f4e2a34c9a3323a Mon Sep 17 00:00:00 2001
From: Petr Cech
Date: Fri, 22 Apr 2016 04:27:47 -0400
Subject: [PATCH 1/8] NEGCACHE: Adding timeout to struct sss_nc_ctx
It adds timeout of negative cache to handling
struct sss_nc_ctx.
There is one change in API of negatice cache:
* int sss_ncache_init(TALLOC_CTX *memctx,
uint32_t timeout, <- new
struct sss_nc_ctx **_ctx);
There is also one new function in common/responder:
* int responder_get_neg_timeout_from_confdb(struct confdb_ctx *cdb,
uint32_t *neg_timeout);
Resolves:
https://fedorahosted.org/sssd/ticket/2317
---
src/responder/common/negcache.c | 6 +-
src/responder/common/negcache.h | 3 ++-
src/responder/common/responder.h| 4
src/responder/common/responder_common.c | 28
src/responder/ifp/ifpsrv.c | 6 +-
src/responder/nss/nsssrv.c | 6 +-
src/responder/pac/pacsrv.c | 6 +-
src/responder/pam/pamsrv.c | 6 +-
src/responder/sudo/sudosrv.c| 6 +-
src/tests/cmocka/test_negcache.c| 6 +++---
src/tests/cmocka/test_nss_srv.c | 2 +-
src/tests/cmocka/test_pam_srv.c | 2 +-
src/tests/cmocka/test_responder_cache_req.c | 4 ++--
13 files changed, 71 insertions(+), 14 deletions(-)
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index 1617bf8c5cf7d36e7091a000f6473d1bcfe44f3f..57d1969023d109a6e9ec88c95ae902a7e01f4e0d 100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -39,6 +39,7 @@
struct sss_nc_ctx {
struct tdb_context *tdb;
+uint32_t timeout;
};
typedef int (*ncache_set_byname_fn_t)(struct sss_nc_ctx *, bool,
@@ -58,7 +59,8 @@ static int string_to_tdb_data(char *str, TDB_DATA *ret)
return EOK;
}
-int sss_ncache_init(TALLOC_CTX *memctx, struct sss_nc_ctx **_ctx)
+int sss_ncache_init(TALLOC_CTX *memctx, uint32_t timeout,
+struct sss_nc_ctx **_ctx)
{
struct sss_nc_ctx *ctx;
@@ -70,6 +72,8 @@ int sss_ncache_init(TALLOC_CTX *memctx, struct sss_nc_ctx **_ctx)
ctx->tdb = tdb_open("memcache", 0, TDB_INTERNAL, O_RDWR|O_CREAT, 0);
if (!ctx->tdb) return errno;
+ctx->timeout = timeout;
+
*_ctx = ctx;
return EOK;
};
diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h
index 46e66d503e45da0ee61735a17e88cbb84bd4ea49..bad8e5109de3b11672a3698dc91d1d1ee622376e 100644
--- a/src/responder/common/negcache.h
+++ b/src/responder/common/negcache.h
@@ -25,7 +25,8 @@
struct sss_nc_ctx;
/* init the in memory negative cache */
-int sss_ncache_init(TALLOC_CTX *memctx, struct sss_nc_ctx **_ctx);
+int sss_ncache_init(TALLOC_CTX *memctx, uint32_t timeout,
+struct sss_nc_ctx **_ctx);
/* check if the user is expired according to the passed in time to live */
int sss_ncache_check_user(struct sss_nc_ctx *ctx, int ttl,
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 1fa6fc60c62986a9b58c19f97c00e3ad0efc728e..fc07c60b776a291d33c28146db776bd7765c9c26 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -344,4 +344,8 @@ errno_t sss_parse_inp_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
const char **parse_attr_list_ex(TALLOC_CTX *mem_ctx, const char *conf_str,
const char **defaults);
+
+int responder_get_neg_timeout_from_confdb(struct confdb_ctx *cdb,
+ uint32_t *neg_timeout);
+
#endif /* __SSS_RESPONDER_H__ */
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 982318647ee9ee7d6795621c03ad8cf53fb78f43..c55b55f15622d819c70357835a4561fd5efe5366 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -1082,3 +1082,31 @@ void responder_set_fd_limit(rlim_t fd_limit)
"Proceeding with system values\n");
}
}
+
+int responder_get_neg_timeout_from_confdb(struct confdb_ctx *cdb,
+ uint32_t *neg_timeout)
+{
+int value;
+int ret = EOK;
+
+ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
+ CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15,
+ &value);
+if (ret != EOK) {
+DEBUG(SSSDBG_FATAL_FAILURE,
+
[SSSD] Re: [PATCH] AD: use krb5_keytab for subdomain initialization
On Wed, Apr 13, 2016 at 03:45:22PM +0200, Sumit Bose wrote: > Hi, > > this is a bit of a follow-up patch to "subdomains: inherit > ldap_krb5_keytab". It turned out that if the default keytab contains > some completely unrelated keys the SASL initialization might e.g. pick a > wrong realm name because the alternative keytab was only added later > during the initialization. > > bye, > Sumit > How do I test this patch? I tried to set: krb5_keytab = /tmp/another.keytab which was just a copy of the ordinary host keytab, but then lookups of users from trusted domains stopped working.. ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PRELIMINARY] Data Provider changes
On Fri, Apr 22, 2016 at 09:07:09AM +0200, Lukas Slebodnik wrote: > On (21/04/16 18:10), Pavel Reichl wrote: > > > > > >On 04/21/2016 03:24 PM, Pavel Březina wrote: > >> Hi, > >> the data provider code is basically ready for someone to start looking > >> into it. I'm in the process of converting old handlers to the new > >> interface (sudo and hostid is finished) and at this moment I don't plan to > >> do further changes to the dp interface > >> itself unless something shows up during the conversion. > >> > >> I tried to keep the code separated for the moment so it can be split into > >> more commits to simplify review and current functionality and even some > >> future bisecting is not broken. For this the DP code itself is quite > >> self-contained and changes in the > >> modules are done in separate files (marked as $orig_new.c). The last > >> commit switches the old files for the new ones in the makefile so new code > >> can be compiled, though at this moment is is only for development purpose. > >> > >> There are too many patches to be sent to the list at this incomplete > >> stage, you can check it out either from my fedorapeople repo [1] or github > >> repo [2], which Pavel forced me to create (meh :-)). > >> > >> Pavel Reichl is currently working on unit tests -- thank you! > >> > >> [1] > >> https://fedorapeople.org/cgit/pbrezina/public_git/sssd.git/log/?h=backend > >> [2] https://github.com/pbrezina/sssd/tree/backend > >Thanks, I added some more comments on the github. > > > I think it would be good to finish mail notifications from github. > So everyone will see comments/new pull requests > and people whi prefer github workflow can use github. > > Nudge nudge Jakub Yeah, but I need help with setting up a mailserver on sssd-ci.duckdns.org. The deamon we forked from samba already picks up notifications after some work me and Nick did, now we just need to send them to the list. ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PRELIMINARY] Data Provider changes
On (21/04/16 18:10), Pavel Reichl wrote: > > >On 04/21/2016 03:24 PM, Pavel Březina wrote: >> Hi, >> the data provider code is basically ready for someone to start looking into >> it. I'm in the process of converting old handlers to the new interface (sudo >> and hostid is finished) and at this moment I don't plan to do further >> changes to the dp interface >> itself unless something shows up during the conversion. >> >> I tried to keep the code separated for the moment so it can be split into >> more commits to simplify review and current functionality and even some >> future bisecting is not broken. For this the DP code itself is quite >> self-contained and changes in the >> modules are done in separate files (marked as $orig_new.c). The last commit >> switches the old files for the new ones in the makefile so new code can be >> compiled, though at this moment is is only for development purpose. >> >> There are too many patches to be sent to the list at this incomplete stage, >> you can check it out either from my fedorapeople repo [1] or github repo >> [2], which Pavel forced me to create (meh :-)). >> >> Pavel Reichl is currently working on unit tests -- thank you! >> >> [1] https://fedorapeople.org/cgit/pbrezina/public_git/sssd.git/log/?h=backend >> [2] https://github.com/pbrezina/sssd/tree/backend >Thanks, I added some more comments on the github. > I think it would be good to finish mail notifications from github. So everyone will see comments/new pull requests and people whi prefer github workflow can use github. Nudge nudge Jakub LS ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] ldap_test.py: Modify enum cache timeouts
On (02/12/15 17:10), Michal Židek wrote: >Hi! > >I saw some integration tests failures recently, >and I think there is a race condition between the >enumeration refresh timeout and the sleeps >after some operations that wait for this timeout. >SSSD fails to populate changes from LDAP in time >and some asserts can fail because of this. > >So far I saw 4 tests to fail like this, which >is already quite a lot. > >The attached patch modifies the timeout values >and hopefully removes the issue. > >Michal >From b724db15ce0c1593cfdd7b4da8e0c39e97942e8c Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Michal=20=C5=BDidek?= >Date: Wed, 2 Dec 2015 16:44:48 +0100 >Subject: [PATCH] ldap_test.py: Modify enum cache timeouts > >There is a race condation between ldap >enumeration refresh timeout and the sleeps >that wait for the ldap changes to populate >to SSSD if the timeout and the sleeps have >the same value. >--- > src/tests/intg/ldap_test.py | 30 +- > 1 file changed, 17 insertions(+), 13 deletions(-) > Houston, we have a problem. You patch does nto work either :-( http://sssd-ci.duckdns.org/logs/job/42/59/summary.html rhel6 make-intgcheck ldap_test.py:496: test_add_remove_group_rfc2307_bis FAILED http://sssd-ci.duckdns.org/logs/job/42/60/summary.html rhel6 make-intgcheck ldap_test.py:466: test_add_remove_user FAILED http://sssd-ci.duckdns.org/logs/job/42/61/summary.html rhel6 make-intgcheck ldap_test.py:481: test_add_remove_group_rfc2307 FAILED LS ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
