[SSSD] [sssd PR#218][edited] TEST: Adding krb5-kdc to dependencies
URL: https://github.com/SSSD/sssd/pull/218 Author: celestian Title: #218: TEST: Adding krb5-kdc to dependencies Action: edited Changed field: title Original value: """ TEST: Adding paython-requests to dependencies """ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#218][synchronized] TEST: Adding paython-requests to dependencies
URL: https://github.com/SSSD/sssd/pull/218 Author: celestian Title: #218: TEST: Adding paython-requests to dependencies Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/218/head:pr218 git checkout pr218 From 41e8d65437087625d6f1fa3b3eade89545aec45c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C4=8Cech?=Date: Thu, 30 Mar 2017 12:05:08 +0200 Subject: [PATCH] TEST: Adding krb5-kdc to dependencies Resolves: https://pagure.io/SSSD/sssd/issue/3353 --- contrib/ci/deps.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh index 4467e11..2ffb606 100644 --- a/contrib/ci/deps.sh +++ b/contrib/ci/deps.sh @@ -45,7 +45,7 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then pyldb rpm-build uid_wrapper -python-requests +krb5-kdc curl-devel krb5-server krb5-workstation ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] OK to just push converted docs from fedorahosted wiki to the pagure docs repo?
Hi, would anyone complain if I just push converted content from fedorahosted to the docs repo w/o review as long as there are no changes OR the changes are just alingnment of 1.15 design documents with the actual implementation? As 1.15 is making its way to downstreams, there are people interested in what we've accomplished in this release and we should make sure the changes are documented. For totally new content, I think we should have at least spot-check the docs during a review. ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] Re: Data Provider is offline
On Wed, Mar 22, 2017 at 05:39:52PM +0100, Michaël Van de Borne wrote: > Hi all, > > So I have 2 Centos7 hosts, with same sssd and nsswitch configs. > One does find the users in IPA, and the other doesn't. > Looks like the Data Provider is offline. > I sent the SIGUSR2 signal to sssd which is supposed to bring him online. > Didn't help. > The hosts can resolve the IPA server hostname. SElinux is enforced. Iptables > is disabled. For the record, this was replied to on freeipa-users: https://www.redhat.com/archives/freeipa-users/2017-March/msg00299.html ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] Remove https://github.com/SSSD/gh-mailinglist-notifications, add https://github.com/SSSD/docs
Hi, I'd like to remove https://github.com/SSSD/gh-mailinglist-notifications -- we're not currently using it, but we're rather using Martin Basti's mail notifier. At the same time, I'd like to add a mirror of https://pagure.io/SSSD/docs to github in order to follow the same process for both docs and code. Right now it's quite confusing to have PRs for code on one place and PRs for docs on another. Anyone against? ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#200][comment] Improve PAM test client
URL: https://github.com/SSSD/sssd/pull/200 Title: #200: Improve PAM test client sumit-bose commented: """ A successful CI run can be found at http://sssd-ci.duckdns.org/logs/job/66/81/summary.html. """ See the full comment at https://github.com/SSSD/sssd/pull/200#issuecomment-290515031 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#200][comment] Improve PAM test client
URL: https://github.com/SSSD/sssd/pull/200 Title: #200: Improve PAM test client sumit-bose commented: """ The new version integrated pam_test_client into sssctl in the last patch. """ See the full comment at https://github.com/SSSD/sssd/pull/200#issuecomment-290513921 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#200][synchronized] Improve PAM test client
URL: https://github.com/SSSD/sssd/pull/200 Author: sumit-bose Title: #200: Improve PAM test client Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/200/head:pr200 git checkout pr200 From 74177fc8c6353863b8a6b41ec422df3f1b89ce6f Mon Sep 17 00:00:00 2001 From: Sumit BoseDate: Tue, 24 Jan 2017 14:50:20 +0100 Subject: [PATCH 1/6] pam_test_client: add service and environment to PAM test client Related to https://pagure.io/SSSD/sssd/issue/3292 --- src/sss_client/pam_test_client.c | 51 ++-- 1 file changed, 39 insertions(+), 12 deletions(-) diff --git a/src/sss_client/pam_test_client.c b/src/sss_client/pam_test_client.c index 29d1fcb..edd5e0c 100644 --- a/src/sss_client/pam_test_client.c +++ b/src/sss_client/pam_test_client.c @@ -48,34 +48,44 @@ static struct pam_conv conv = { # error "Missing text based pam conversation function" #endif +#define DEFAULT_ACTION "acct" +#define DEFAULT_SERVICE "system-auth" + int main(int argc, char *argv[]) { pam_handle_t *pamh; char *user; char *action; +char *service; int ret; +size_t c; +char **pam_env; if (argc == 1) { -fprintf(stderr, "missing action and user name, using default\n"); -action = strdup("auth"); -user = strdup("dummy"); +fprintf(stderr, "Usage: pam_test_client USERNAME " +"[auth|acct|setc|chau|open|clos] [pam_service]\n"); +return 0; } else if (argc == 2) { -fprintf(stdout, "using first argument as action and default user name\n"); -action = strdup(argv[1]); -user = strdup("dummy"); -} else { -action = strdup(argv[1]); -user = strdup(argv[2]); +fprintf(stderr,"using first argument as user name and default action " + "and service\n"); +} else if (argc == 3) { +fprintf(stderr, "using first argument as user name, second as action " +"and default service\n"); } -if (action == NULL || user == NULL) { +user = strdup(argv[1]); +action = argc > 2 ? strdup(argv[2]) : strdup(DEFAULT_ACTION); +service = argc > 3 ? strdup(argv[3]) : strdup(DEFAULT_SERVICE); + +if (action == NULL || user == NULL || service == NULL) { fprintf(stderr, "Out of memory!\n"); return 1; } -fprintf(stdout, "action: %s\nuser: %s\n", action,user); +fprintf(stdout, "user: %s\naction: %s\nservice: %s\n", +user, action, service); -ret = pam_start("sss_test", user, , ); +ret = pam_start(service, user, , ); if (ret != PAM_SUCCESS) { fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, ret)); return 1; @@ -109,7 +119,24 @@ int main(int argc, char *argv[]) { fprintf(stderr, "unknown action\n"); } +fprintf(stderr, "PAM Environment:\n"); +pam_env = pam_getenvlist(pamh); +if (pam_env != NULL && pam_env[0] != NULL) { +for (c = 0; pam_env[c] != NULL; c++) { +fprintf(stderr," - %s\n", pam_env[c]); +free(pam_env[c]); +} +} else { +fprintf(stderr," - no env -\n"); +} +free(pam_env); + + pam_end(pamh, ret); +free(user); +free(action); +free(service); + return 0; } From f328647bd8a2b3c3dc26ae5b0072472e405fca1e Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 25 Jan 2017 16:50:00 +0100 Subject: [PATCH 2/6] pam_test_client: add SSSD getpwnam lookup Related to https://pagure.io/SSSD/sssd/issue/3292 --- Makefile.am | 10 -- src/sss_client/pam_test_client.c | 75 2 files changed, 83 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index 4a414f7..368ebe5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3460,8 +3460,14 @@ if BUILD_WITH_LIBCURL noinst_PROGRAMS += tcurl-test-tool endif -pam_test_client_SOURCES = src/sss_client/pam_test_client.c -pam_test_client_LDADD = $(PAM_LIBS) $(PAM_MISC_LIBS) +pam_test_client_SOURCES = \ +src/sss_client/pam_test_client.c \ +$(NULL) +pam_test_client_LDADD = \ +$(PAM_LIBS) \ +$(PAM_MISC_LIBS) \ +$(LIBADD_DL) \ +$(NULL) if BUILD_AUTOFS autofs_test_client_SOURCES = \ diff --git a/src/sss_client/pam_test_client.c b/src/sss_client/pam_test_client.c index edd5e0c..2b2c607 100644 --- a/src/sss_client/pam_test_client.c +++ b/src/sss_client/pam_test_client.c @@ -25,6 +25,11 @@ #include #include #include +#include +#include +#include +#include +#include #include @@ -51,6 +56,69 @@ static struct pam_conv conv = { #define DEFAULT_ACTION "acct" #define DEFAULT_SERVICE "system-auth" +#define DEFAULT_BUFSIZE 4096 + +static int sss_getpwnam_check(const char *user) +{ +void *dl_handle = NULL; +enum nss_status (*getpwnam_r)(const char *name, struct
[SSSD] [sssd PR#193][comment] UTIL: Use max 15 characters for AD host UPN
URL: https://github.com/SSSD/sssd/pull/193 Title: #193: UTIL: Use max 15 characters for AD host UPN abbra commented: """ I think the requirement for computer accounts comes from NT compatibility where it is based on NetBIOS spec. Note that samAccountName is not limited by 20 characters but recommended to be less than 20 characters. This is only for users and groups. For machine accounts the real limit is a NetBIOS name limit. Thus, 15+$. """ See the full comment at https://github.com/SSSD/sssd/pull/193#issuecomment-290509971 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#193][comment] UTIL: Use max 15 characters for AD host UPN
URL: https://github.com/SSSD/sssd/pull/193 Title: #193: UTIL: Use max 15 characters for AD host UPN sumit-bose commented: """ MSFT speaks about the size of NetBIOS names (16 characters, so 15 character plus the '$') e.g. in https://support.microsoft.com/en-us/help/163409/netbios-suffixes-16th-character-of-the-netbios-name. But since NetBIOS predates the usage by Microsoft there is also https://www.ietf.org/rfc/rfc1001.txt section 14. There is a 20 character limit on sAMCcountName and the attribute is used in AD to store the NetBIOS name of a host as well because from the AD perspective hosts and users share various properties. But although user names can be up to 20 characters the NetBIOS names are limited to 16 (15 + $) because of the restrictions of the NetBIOS protocol. """ See the full comment at https://github.com/SSSD/sssd/pull/193#issuecomment-290508874 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#198][+Pushed] secrets: support https in proxy provider
URL: https://github.com/SSSD/sssd/pull/198 Title: #198: secrets: support https in proxy provider Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#198][closed] secrets: support https in proxy provider
URL: https://github.com/SSSD/sssd/pull/198 Author: pbrezina Title: #198: secrets: support https in proxy provider Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/198/head:pr198 git checkout pr198 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#198][comment] secrets: support https in proxy provider
URL: https://github.com/SSSD/sssd/pull/198 Title: #198: secrets: support https in proxy provider lslebodn commented: """ http://sssd-ci.duckdns.org/logs/job/66/78/summary.html master: * dc186bfe90665c13d589b3b4efd9009293e62c46 * 18e4fe9d836e8f7bee52724374ffc0011172329f * 13d720de13e490850c1139eea865bcd5195a2630 * db826f57b4c2ee814823057cc536386889f7aa1d * af026ea6a6e812b7d6c5c889dda64ba7b7c433ee * 720e1a5b95a953a0f1c8315bbb7c9c1edf9fb417 * 06744bf5a47d5971a338281c8243b11cf72dac90 * df99d709c8cbef3c378c111944d83b7345e4c1ea * 793f2573b2beaf8b48eab850429482acf68ec2b1 * 6698d40512e55e7c2d03e14c227c51b1edc77ffa * ae6b11229d9961e26922918183c7c1de7780b8d6 * d1ed11fc50922aab2332758a9300f3fbf814f112 * c2ea75da72b426d98ba489039e220d417bfb4c2a * 886e0f75e6f4c7877a23a3625f8a20c09109b09d * 36e49a842e257ac9bde71728ee3bef4299b6e6e2 * b800a6d09244359959404aca81c6796a58cafbcb * 300b9e9217ee1ed8d845ed2370c5ccf5c87afb36 * 7d73049884e3a96ca3b00b5bd4104f4edd6287ab """ See the full comment at https://github.com/SSSD/sssd/pull/198#issuecomment-290479039 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#198][comment] secrets: support https in proxy provider
URL: https://github.com/SSSD/sssd/pull/198 Title: #198: secrets: support https in proxy provider lslebodn commented: """ http://sssd-ci.duckdns.org/logs/job/66/78/summary.html master: * dc186bfe90665c13d589b3b4efd9009293e62c46 * 18e4fe9d836e8f7bee52724374ffc0011172329f * 13d720de13e490850c1139eea865bcd5195a2630 * db826f57b4c2ee814823057cc536386889f7aa1d * af026ea6a6e812b7d6c5c889dda64ba7b7c433ee * 720e1a5b95a953a0f1c8315bbb7c9c1edf9fb417 * 06744bf5a47d5971a338281c8243b11cf72dac90 * df99d709c8cbef3c378c111944d83b7345e4c1ea * 793f2573b2beaf8b48eab850429482acf68ec2b1 * 6698d40512e55e7c2d03e14c227c51b1edc77ffa * ae6b11229d9961e26922918183c7c1de7780b8d6 * d1ed11fc50922aab2332758a9300f3fbf814f112 * c2ea75da72b426d98ba489039e220d417bfb4c2a * 886e0f75e6f4c7877a23a3625f8a20c09109b09d * 36e49a842e257ac9bde71728ee3bef4299b6e6e2 * b800a6d09244359959404aca81c6796a58cafbcb * 300b9e9217ee1ed8d845ed2370c5ccf5c87afb36 * 7d73049884e3a96ca3b00b5bd4104f4edd6287ab """ See the full comment at https://github.com/SSSD/sssd/pull/198#issuecomment-290479039 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] Re: Regarding sssd.conf syntax check, going thru dinglib
Hello Lukas, Thanks for response, yes we have ticket https://pagure.io/SSSD/sssd/issue/416 But my query was regarding the design *how we parse smb.conf using ding-lib.* I am planing to provide a fix so that 'sssctl config-check' reports something as this incorrect. debug_level = uu I found anything on RHS of = inside smb.conf is not validated? Do we use # cat /root/ding-libs-0.6.0/ini/ini.d/mysssd.conf for validation of contents, if yes {How}. Hope I am clear with my question. Many Thanks in Advance Amit On 03/29/2017 10:12 PM, Lukas Slebodnik wrote: > On (29/03/17 19:13), amit kumar wrote: >> Hello, >> >> *Present **Behavior*: >> # vim /usr/local/etc/sssd/sssd.conf >> [sssd] >> services = nss, pam >> config_file_version = 2 >> domains = LDAP >> >> [domain/LDAP] >> ldap_search_base = dc=example,dc=com >> id_provider = ldap >> *auth_provider = ldap9001**<== '**sssctl config_check' does not > ^^ > ATM it reports just an invalid option name > and "auth_provider" is valid. > > Validating values need to be implemented. > I think we have ticket somewhere. > > LS > ___ > sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org > To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org -- Thanks Amit Kumar There are three ways to get something done: (1) Do it yourself. (2) Hire someone to do it for you. (3) Forbid your kids to do it. ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#217][closed] KCM: Fix off-by-one error in secrets key validation
URL: https://github.com/SSSD/sssd/pull/217 Author: jhrozek Title: #217: KCM: Fix off-by-one error in secrets key validation Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/217/head:pr217 git checkout pr217 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#217][+Pushed] KCM: Fix off-by-one error in secrets key validation
URL: https://github.com/SSSD/sssd/pull/217 Title: #217: KCM: Fix off-by-one error in secrets key validation Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#217][comment] KCM: Fix off-by-one error in secrets key validation
URL: https://github.com/SSSD/sssd/pull/217 Title: #217: KCM: Fix off-by-one error in secrets key validation lslebodn commented: """ http://sssd-ci.duckdns.org/logs/job/66/77/summary.html master: * 7d73049884e3a96ca3b00b5bd4104f4edd6287ab """ See the full comment at https://github.com/SSSD/sssd/pull/217#issuecomment-290464500 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#193][comment] UTIL: Use max 15 characters for AD host UPN
URL: https://github.com/SSSD/sssd/pull/193 Title: #193: UTIL: Use max 15 characters for AD host UPN lslebodn commented: """ Thank you for review after two weeks. I was able to find in msdn documentation that `sAMAccountName` must be less than 20 characters and computers have to have '$' sign at the end; + that it should be derived from netbios name. https://msdn.microsoft.com/en-us/library/ms677605(v=vs.85).aspx#sAMAccountName https://msdn.microsoft.com/en-us/library/cc245685.aspx https://msdn.microsoft.com/en-us/library/cc220838.aspx I was not able to find anything about 15 characters (maybe it is a limitation of netbios name). But samba and adcli uses at most 15 characters for UPN. @abbra I know you are very familiar with AD related documentation. Could you help us? """ See the full comment at https://github.com/SSSD/sssd/pull/193#issuecomment-290456967 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#198][-Changes requested] secrets: support https in proxy provider
URL: https://github.com/SSSD/sssd/pull/198 Title: #198: secrets: support https in proxy provider Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#198][comment] secrets: support https in proxy provider
URL: https://github.com/SSSD/sssd/pull/198 Title: #198: secrets: support https in proxy provider pbrezina commented: """ I changed `POST` method from `CURLOPT_POST` to `CURLOPT_CUSTOMREQUEST = "POST"` since it the first option uses different options to pass data and data length to curl. Now it works even on rhel7. """ See the full comment at https://github.com/SSSD/sssd/pull/198#issuecomment-290394404 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#215][+Pushed] Support for non-POSIX users and groups
URL: https://github.com/SSSD/sssd/pull/215 Title: #215: Support for non-POSIX users and groups Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#215][comment] Support for non-POSIX users and groups
URL: https://github.com/SSSD/sssd/pull/215 Title: #215: Support for non-POSIX users and groups jhrozek commented: """ * master: * 861ab44e8148208425b67c4711bc8fade10fd3ed * 3e39806177e1cd383743ff596cb96df44a6ce8c9 * ed0cdfcacc44e4e13e1524e254efa744610a87c2 * 901396366075dc3e3fcc0894345af1b51052ac69 * 5f7f249f2a8a1c7284e991aa64dbf850d482b0aa * 3e789aa0bd6b7bb6e62f91458b76753498030fb5 * 57eeec5d735c7a3bbe58299fded97414626d85f1 * b010f24f4d96d15c5c85021bb4aa83db25cd3df5 * 35f0f5ff9dac790f6c947190fcdc00d01ae9077c * cee85e8fb9534ec997e5388fce59f392cf029573 * 825e8bf2f73a815c2eceb36ae805145fcbacf74d * 6324eaf1fb321c41ca9883966118df6d45259b7e """ See the full comment at https://github.com/SSSD/sssd/pull/215#issuecomment-290392226 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#214][+Changes requested] UTIL: Set udp_preference_limit=0 in krb5 snippet
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#218][+Changes requested] TEST: Adding paython-requests to dependencies
URL: https://github.com/SSSD/sssd/pull/218 Title: #218: TEST: Adding paython-requests to dependencies Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#218][comment] TEST: Adding paython-requests to dependencies
URL: https://github.com/SSSD/sssd/pull/218 Title: #218: TEST: Adding paython-requests to dependencies lslebodn commented: """ It does not work for me: ``` sh$ rpm -q python-requests python2-requests python3-requests package python-requests is not installed python2-requests-2.13.0-1.fc26.noarch python3-requests-2.13.0-1.fc26.noarch ``` ``` checking for CMOCKA... yes checking for uid_wrapper... yes checking for nss_wrapper... yes configure: error: cannot enable integration tests: python-requests not found make: *** [Makefile:33181: intgcheck-prepare] Error 1 ``` """ See the full comment at https://github.com/SSSD/sssd/pull/218#issuecomment-290390906 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#215][+Accepted] Support for non-POSIX users and groups
URL: https://github.com/SSSD/sssd/pull/215 Title: #215: Support for non-POSIX users and groups Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#208][comment] IFP: Filter with * in Users.ListByName method
URL: https://github.com/SSSD/sssd/pull/208 Title: #208: IFP: Filter with * in Users.ListByName method jhrozek commented: """ On Thu, Mar 30, 2017 at 03:46:20AM -0700, Pavel Březina wrote: > @jhrozek I agree there is a bug there. I just want to confirm one thing -- do > we want to allow filter without any character in it? Something tells me it > was a design decision that we won't allow "*" as filter since it basically > triggers enumeration which is not desirable. Of course the wildcard is what the patch is about :) I don't think we specifically disallowed '*', but we introduced the limit to avoid full enumeration, see https://fedorahosted.org/sssd/wiki/DesignDocs/WildcardRefresh """ See the full comment at https://github.com/SSSD/sssd/pull/208#issuecomment-290376972 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#208][comment] IFP: Filter with * in Users.ListByName method
URL: https://github.com/SSSD/sssd/pull/208 Title: #208: IFP: Filter with * in Users.ListByName method jhrozek commented: """ On Thu, Mar 30, 2017 at 03:46:20AM -0700, Pavel Březina wrote: > @jhrozek I agree there is a bug there. I just want to confirm one thing -- do > we want to allow filter without any character in it? Something tells me it > was a design decision that we won't allow "*" as filter since it basically > triggers enumeration which is not desirable. I'm not sure, does it work now with '*' ? """ See the full comment at https://github.com/SSSD/sssd/pull/208#issuecomment-290376593 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#208][comment] IFP: Filter with * in Users.ListByName method
URL: https://github.com/SSSD/sssd/pull/208 Title: #208: IFP: Filter with * in Users.ListByName method pbrezina commented: """ @jhrozek I agree there is a bug there. I just want to confirm one thing -- do we want to allow filter without any character in it? Something tells me it was a design decision that we won't allow "*" as filter since it basically triggers enumeration which is not desirable. """ See the full comment at https://github.com/SSSD/sssd/pull/208#issuecomment-290374762 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#215][comment] Support for non-POSIX users and groups
URL: https://github.com/SSSD/sssd/pull/215 Title: #215: Support for non-POSIX users and groups jhrozek commented: """ the new PR just amends the manpage description of the non-POSIX domains """ See the full comment at https://github.com/SSSD/sssd/pull/215#issuecomment-290368513 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#218][opened] TEST: Adding paython-requests to dependencies
URL: https://github.com/SSSD/sssd/pull/218 Author: celestian Title: #218: TEST: Adding paython-requests to dependencies Action: opened PR body: """ Resolves: https://pagure.io/SSSD/sssd/issue/3353 Note: I am not sure if this is the correct dependency which we were looking for. But it is needed anyway. If we need more don't hesitate to write me. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/218/head:pr218 git checkout pr218 From 8cf9aad8914e7a99a03eadfe1e4b09ac7fd98f30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C4=8Cech?=Date: Thu, 30 Mar 2017 12:05:08 +0200 Subject: [PATCH] TEST: Adding paython-requests to dependencies Resolves: https://pagure.io/SSSD/sssd/issue/3353 --- src/external/intgcheck.m4 | 1 + 1 file changed, 1 insertion(+) diff --git a/src/external/intgcheck.m4 b/src/external/intgcheck.m4 index ac68b85..e38401c 100644 --- a/src/external/intgcheck.m4 +++ b/src/external/intgcheck.m4 @@ -29,5 +29,6 @@ AC_DEFUN([SSS_ENABLE_INTGCHECK_REQS], [ SSS_INTGCHECK_REQ([HAVE_PYTEST], [pytest]) SSS_INTGCHECK_REQ([HAVE_PY2MOD_LDAP], [python-ldap]) SSS_INTGCHECK_REQ([HAVE_PY2MOD_LDAP], [pyldb]) +SSS_INTGCHECK_REQ([HAVE_PYT2MOD-REQUESTS], [python-requests]) fi ]) ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#215][comment] Support for non-POSIX users and groups
URL: https://github.com/SSSD/sssd/pull/215 Title: #215: Support for non-POSIX users and groups jhrozek commented: """ On Thu, Mar 30, 2017 at 02:53:18AM -0700, sumit-bose wrote: > I tested the patches with a plain LDAP setup and with and AD. In general they > work as expected and since I think the current code is ok I would ACK the > patches so that the following observations can be fixed later. > > First I have a question about the usage of [application/...] domains. Is > it expected that [application/...] requires inherit_from and cannot be > configured explicitly? If I use [domain/] and domain_type = application > it work, but if I replace those two line by [application/...] SSSD won't > start. I didn't think about testing this, frankly. I tested a separate domain with the application type which might be useful if you want to e.g. use a different bind method but no this. I think it's a valid case that can be fixed later. > > 'sssctl config-check' does not like if [application/...] has other options > then inherit_from, even the example from the man page causes > '[rule/allowed_application_options]: Attribute 'ldap_user_extra_attrs' is not > allowed in section 'application/ad-app-2'. Check for typos.' Hmm, the regex uses (domain|application) in the rules, but I'm not sure if the regex supports the OR..apparently not.. > > When using [application/...] with the ad provider other domains than the one > the client is joined to are treated as POSIX domains even if only the > application domain is listed in in the domains option of sssd.conf. > > Given the last observation it might be useful to say in the man page that > currently the primary and mainly tested use-case is together with the ldap > provider and more complex use cases will be evaluated in upcoming releases? Yes, this is what we talked about with the ManageIQ developers. Since for now the use-case is a replacement for their LDAP connector, I think we should document this and check later. But with the autodiscovered domains, we also need to do some tricks to rename the autodiscovered domains to avoid clashes with subdomains from POSIX domains in a mixed setup. So if you agree, I will file three tickets for each of the cases and fix them later. I will just fix the manpage for now to make it clear only LDAP domains are supported now. """ See the full comment at https://github.com/SSSD/sssd/pull/215#issuecomment-290364050 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#215][comment] Support for non-POSIX users and groups
URL: https://github.com/SSSD/sssd/pull/215 Title: #215: Support for non-POSIX users and groups sumit-bose commented: """ I tested the patches with a plain LDAP setup and with and AD. In general they work as expected and since I think the current code is ok I would ACK the patches so that the following observations can be fixed later. First I have a question about the usage of [application/...] domains. Is it expected that [application/...] requires inherit_from and cannot be configured explicitly? If I use [domain/] and domain_type = application it work, but if I replace those two line by [application/...] SSSD won't start. 'sssctl config-check' does not like if [application/...] has other options then inherit_from, even the example from the man page causes '[rule/allowed_application_options]: Attribute 'ldap_user_extra_attrs' is not allowed in section 'application/ad-app-2'. Check for typos.' When using [application/...] with the ad provider other domains than the one the client is joined to are treated as POSIX domains even if only the application domain is listed in in the domains option of sssd.conf. Given the last observation it might be useful to say in the man page that currently the primary and mainly tested use-case is together with the ldap provider and more complex use cases will be evaluated in upcoming releases? """ See the full comment at https://github.com/SSSD/sssd/pull/215#issuecomment-290360748 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#215][comment] Support for non-POSIX users and groups
URL: https://github.com/SSSD/sssd/pull/215 Title: #215: Support for non-POSIX users and groups pbrezina commented: """ On 03/30/2017 11:23 AM, Jakub Hrozek wrote: > On Thu, Mar 30, 2017 at 01:59:20AM -0700, Pavel Březina wrote: >> I got error in enumeration as well with my secrets patch (definitely > not related), but on debian and in different test: >> > http://sssd-ci.duckdns.org/logs/job/66/45/debian_testing/ci-build-debug/ci-make-intgcheck.log > > And this was with the non-POSIX patches applied as well? Should I look > into the enumeration issues with non-POSIX or does it mean the > enumeration tests are flaky? No, it was only with the secrets patches. """ See the full comment at https://github.com/SSSD/sssd/pull/215#issuecomment-290355914 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#215][comment] Support for non-POSIX users and groups
URL: https://github.com/SSSD/sssd/pull/215 Title: #215: Support for non-POSIX users and groups fidencio commented: """ On Thu, Mar 30, 2017 at 11:23 AM, Jakub Hrozekwrote: > On Thu, Mar 30, 2017 at 01:59:20AM -0700, Pavel Březina wrote: > > I got error in enumeration as well with my secrets patch (definitely not > related), but on debian and in different test: > > http://sssd-ci.duckdns.org/logs/job/66/45/debian_testing/ > ci-build-debug/ci-make-intgcheck.log > > And this was with the non-POSIX patches applied as well? Should I look > into the enumeration issues with non-POSIX or does it mean the > enumeration tests are flaky? > I've personally been notice random issues with the enumeration tests lately. Usually different ones on each commit and usually just happening in one distro (and, AFAIR, it's not even consistent about in which distro it does happen). Best Regards, -- Fabiano Fidêncio """ See the full comment at https://github.com/SSSD/sssd/pull/215#issuecomment-290354411 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#215][comment] Support for non-POSIX users and groups
URL: https://github.com/SSSD/sssd/pull/215 Title: #215: Support for non-POSIX users and groups jhrozek commented: """ On Thu, Mar 30, 2017 at 01:59:20AM -0700, Pavel Březina wrote: > I got error in enumeration as well with my secrets patch (definitely not > related), but on debian and in different test: > http://sssd-ci.duckdns.org/logs/job/66/45/debian_testing/ci-build-debug/ci-make-intgcheck.log And this was with the non-POSIX patches applied as well? Should I look into the enumeration issues with non-POSIX or does it mean the enumeration tests are flaky? """ See the full comment at https://github.com/SSSD/sssd/pull/215#issuecomment-290353372 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#215][comment] Support for non-POSIX users and groups
URL: https://github.com/SSSD/sssd/pull/215 Title: #215: Support for non-POSIX users and groups pbrezina commented: """ I got error in enumeration as well with my secrets patch (definitely not related), but on debian and in different test: http://sssd-ci.duckdns.org/logs/job/66/45/debian_testing/ci-build-debug/ci-make-intgcheck.log """ See the full comment at https://github.com/SSSD/sssd/pull/215#issuecomment-290347387 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org