date:20170330

[SSSD] [sssd PR#218][edited] TEST: Adding krb5-kdc to dependencies

2017-03-30 Thread celestian

   URL: https://github.com/SSSD/sssd/pull/218
Author: celestian
 Title: #218: TEST: Adding krb5-kdc to dependencies
Action: edited

 Changed field: title
Original value:
"""
TEST: Adding paython-requests to dependencies
"""

___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#218][synchronized] TEST: Adding paython-requests to dependencies

2017-03-30 Thread celestian

   URL: https://github.com/SSSD/sssd/pull/218
Author: celestian
 Title: #218: TEST: Adding paython-requests to dependencies
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/218/head:pr218
git checkout pr218
From 41e8d65437087625d6f1fa3b3eade89545aec45c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= 
Date: Thu, 30 Mar 2017 12:05:08 +0200
Subject: [PATCH] TEST: Adding krb5-kdc to dependencies

Resolves:
https://pagure.io/SSSD/sssd/issue/3353
---
 contrib/ci/deps.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh
index 4467e11..2ffb606 100644
--- a/contrib/ci/deps.sh
+++ b/contrib/ci/deps.sh
@@ -45,7 +45,7 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then
 pyldb
 rpm-build
 uid_wrapper
-python-requests
+krb5-kdc
 curl-devel
 krb5-server
 krb5-workstation
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] OK to just push converted docs from fedorahosted wiki to the pagure docs repo?

2017-03-30 Thread Jakub Hrozek

Hi,

would anyone complain if I just push converted content from fedorahosted
to the docs repo w/o review as long as there are no changes OR the
changes are just alingnment of 1.15 design documents with the actual
implementation?

As 1.15 is making its way to downstreams, there are people interested in
what we've accomplished in this release and we should make sure the
changes are documented.

For totally new content, I think we should have at least spot-check the
docs during a review.
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: Data Provider is offline

2017-03-30 Thread Jakub Hrozek

On Wed, Mar 22, 2017 at 05:39:52PM +0100, Michaël Van de Borne wrote:
> Hi all,
> 
> So I have 2 Centos7 hosts, with same sssd and nsswitch configs.
> One does find the users in IPA, and the other doesn't.
> Looks like the Data Provider is offline.
> I sent the SIGUSR2 signal to sssd which is supposed to bring him online.
> Didn't help.
> The hosts can resolve the IPA server hostname. SElinux is enforced. Iptables
> is disabled.

For the record, this was replied to on freeipa-users:
https://www.redhat.com/archives/freeipa-users/2017-March/msg00299.html
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Remove https://github.com/SSSD/gh-mailinglist-notifications, add https://github.com/SSSD/docs

2017-03-30 Thread Jakub Hrozek

Hi,

I'd like to remove https://github.com/SSSD/gh-mailinglist-notifications
-- we're not currently using it, but we're rather using Martin Basti's
mail notifier.

At the same time, I'd like to add a mirror of
https://pagure.io/SSSD/docs to github in order to follow the same
process for both docs and code. Right now it's quite confusing to have
PRs for code on one place and PRs for docs on another.

Anyone against?
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#200][comment] Improve PAM test client

2017-03-30 Thread sumit-bose

  URL: https://github.com/SSSD/sssd/pull/200
Title: #200: Improve PAM test client

sumit-bose commented:
"""
A successful CI run can be found at 
http://sssd-ci.duckdns.org/logs/job/66/81/summary.html.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/200#issuecomment-290515031
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#200][comment] Improve PAM test client

2017-03-30 Thread sumit-bose

  URL: https://github.com/SSSD/sssd/pull/200
Title: #200: Improve PAM test client

sumit-bose commented:
"""
The new version integrated pam_test_client into sssctl in the last patch.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/200#issuecomment-290513921
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#200][synchronized] Improve PAM test client

2017-03-30 Thread sumit-bose

   URL: https://github.com/SSSD/sssd/pull/200
Author: sumit-bose
 Title: #200: Improve PAM test client
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/200/head:pr200
git checkout pr200
From 74177fc8c6353863b8a6b41ec422df3f1b89ce6f Mon Sep 17 00:00:00 2001
From: Sumit Bose 
Date: Tue, 24 Jan 2017 14:50:20 +0100
Subject: [PATCH 1/6] pam_test_client: add service and environment to PAM test
 client

Related to https://pagure.io/SSSD/sssd/issue/3292
---
 src/sss_client/pam_test_client.c | 51 ++--
 1 file changed, 39 insertions(+), 12 deletions(-)

diff --git a/src/sss_client/pam_test_client.c b/src/sss_client/pam_test_client.c
index 29d1fcb..edd5e0c 100644
--- a/src/sss_client/pam_test_client.c
+++ b/src/sss_client/pam_test_client.c
@@ -48,34 +48,44 @@ static struct pam_conv conv = {
 # error "Missing text based pam conversation function"
 #endif
 
+#define DEFAULT_ACTION "acct"
+#define DEFAULT_SERVICE "system-auth"
+
 int main(int argc, char *argv[]) {
 
 pam_handle_t *pamh;
 char *user;
 char *action;
+char *service;
 int ret;
+size_t c;
+char **pam_env;
 
 if (argc == 1) {
-fprintf(stderr, "missing action and user name, using default\n");
-action = strdup("auth");
-user = strdup("dummy");
+fprintf(stderr, "Usage: pam_test_client USERNAME "
+"[auth|acct|setc|chau|open|clos] [pam_service]\n");
+return 0;
 } else if (argc == 2) {
-fprintf(stdout, "using first argument as action and default user name\n");
-action = strdup(argv[1]);
-user = strdup("dummy");
-} else {
-action = strdup(argv[1]);
-user = strdup(argv[2]);
+fprintf(stderr,"using first argument as user name and default action "
+   "and service\n");
+} else if (argc == 3) {
+fprintf(stderr, "using first argument as user name, second as action "
+"and default service\n");
 }
 
-if (action == NULL || user == NULL) {
+user = strdup(argv[1]);
+action =  argc > 2 ? strdup(argv[2]) : strdup(DEFAULT_ACTION);
+service = argc > 3 ? strdup(argv[3]) : strdup(DEFAULT_SERVICE);
+
+if (action == NULL || user == NULL || service == NULL) {
 fprintf(stderr, "Out of memory!\n");
 return 1;
 }
 
-fprintf(stdout, "action: %s\nuser: %s\n", action,user);
+fprintf(stdout, "user: %s\naction: %s\nservice: %s\n",
+user, action, service);
 
-ret = pam_start("sss_test", user, , );
+ret = pam_start(service, user, , );
 if (ret != PAM_SUCCESS) {
 fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, ret));
 return 1;
@@ -109,7 +119,24 @@ int main(int argc, char *argv[]) {
 fprintf(stderr, "unknown action\n");
 }
 
+fprintf(stderr, "PAM Environment:\n");
+pam_env = pam_getenvlist(pamh);
+if (pam_env != NULL && pam_env[0] != NULL) {
+for (c = 0; pam_env[c] != NULL; c++) {
+fprintf(stderr," - %s\n", pam_env[c]);
+free(pam_env[c]);
+}
+} else {
+fprintf(stderr," - no env -\n");
+}
+free(pam_env);
+
+
 pam_end(pamh, ret);
 
+free(user);
+free(action);
+free(service);
+
 return 0;
 }

From f328647bd8a2b3c3dc26ae5b0072472e405fca1e Mon Sep 17 00:00:00 2001
From: Sumit Bose 
Date: Wed, 25 Jan 2017 16:50:00 +0100
Subject: [PATCH 2/6] pam_test_client: add SSSD getpwnam lookup

Related to https://pagure.io/SSSD/sssd/issue/3292
---
 Makefile.am  | 10 --
 src/sss_client/pam_test_client.c | 75 
 2 files changed, 83 insertions(+), 2 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 4a414f7..368ebe5 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -3460,8 +3460,14 @@ if BUILD_WITH_LIBCURL
 noinst_PROGRAMS += tcurl-test-tool
 endif
 
-pam_test_client_SOURCES = src/sss_client/pam_test_client.c
-pam_test_client_LDADD = $(PAM_LIBS) $(PAM_MISC_LIBS)
+pam_test_client_SOURCES = \
+src/sss_client/pam_test_client.c \
+$(NULL)
+pam_test_client_LDADD = \
+$(PAM_LIBS) \
+$(PAM_MISC_LIBS) \
+$(LIBADD_DL) \
+$(NULL)
 
 if BUILD_AUTOFS
 autofs_test_client_SOURCES = \
diff --git a/src/sss_client/pam_test_client.c b/src/sss_client/pam_test_client.c
index edd5e0c..2b2c607 100644
--- a/src/sss_client/pam_test_client.c
+++ b/src/sss_client/pam_test_client.c
@@ -25,6 +25,11 @@
 #include 
 #include 
 #include 
+#include 
+#include 
+#include 
+#include 
+#include 
 
 #include 
 
@@ -51,6 +56,69 @@ static struct pam_conv conv = {
 #define DEFAULT_ACTION "acct"
 #define DEFAULT_SERVICE "system-auth"
 
+#define DEFAULT_BUFSIZE 4096
+
+static int sss_getpwnam_check(const char *user)
+{
+void *dl_handle = NULL;
+enum nss_status (*getpwnam_r)(const char *name, struct

[SSSD] [sssd PR#193][comment] UTIL: Use max 15 characters for AD host UPN

2017-03-30 Thread abbra

  URL: https://github.com/SSSD/sssd/pull/193
Title: #193: UTIL: Use max 15 characters for AD host UPN

abbra commented:
"""
I think the requirement for computer accounts comes from NT compatibility where 
it is based on NetBIOS spec. Note that samAccountName is not limited by 20 
characters but recommended to be less than 20 characters. This is only for 
users and groups. For machine accounts the real limit is a NetBIOS name limit. 
Thus, 15+$.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/193#issuecomment-290509971
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#193][comment] UTIL: Use max 15 characters for AD host UPN

2017-03-30 Thread sumit-bose

  URL: https://github.com/SSSD/sssd/pull/193
Title: #193: UTIL: Use max 15 characters for AD host UPN

sumit-bose commented:
"""
MSFT speaks about the size of NetBIOS names (16 characters, so 15 character 
plus the '$') e.g. in 
https://support.microsoft.com/en-us/help/163409/netbios-suffixes-16th-character-of-the-netbios-name.
 But since NetBIOS predates the usage by Microsoft there is also 
https://www.ietf.org/rfc/rfc1001.txt section 14.

There is a 20 character limit on sAMCcountName and the attribute is used in AD 
to store the NetBIOS name of a host as well because from the AD perspective 
hosts and users share various properties. But although user names can be up to 
20 characters the NetBIOS names are limited to 16 (15 + $) because of the 
restrictions of the NetBIOS protocol.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/193#issuecomment-290508874
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#198][+Pushed] secrets: support https in proxy provider

2017-03-30 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#198][closed] secrets: support https in proxy provider

2017-03-30 Thread lslebodn

   URL: https://github.com/SSSD/sssd/pull/198
Author: pbrezina
 Title: #198: secrets: support https in proxy provider
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/198/head:pr198
git checkout pr198
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#198][comment] secrets: support https in proxy provider

2017-03-30 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider

lslebodn commented:
"""
http://sssd-ci.duckdns.org/logs/job/66/78/summary.html

master:
* dc186bfe90665c13d589b3b4efd9009293e62c46
* 18e4fe9d836e8f7bee52724374ffc0011172329f
* 13d720de13e490850c1139eea865bcd5195a2630
* db826f57b4c2ee814823057cc536386889f7aa1d
* af026ea6a6e812b7d6c5c889dda64ba7b7c433ee
* 720e1a5b95a953a0f1c8315bbb7c9c1edf9fb417
* 06744bf5a47d5971a338281c8243b11cf72dac90
* df99d709c8cbef3c378c111944d83b7345e4c1ea
* 793f2573b2beaf8b48eab850429482acf68ec2b1
* 6698d40512e55e7c2d03e14c227c51b1edc77ffa
* ae6b11229d9961e26922918183c7c1de7780b8d6
* d1ed11fc50922aab2332758a9300f3fbf814f112
* c2ea75da72b426d98ba489039e220d417bfb4c2a
* 886e0f75e6f4c7877a23a3625f8a20c09109b09d
* 36e49a842e257ac9bde71728ee3bef4299b6e6e2
* b800a6d09244359959404aca81c6796a58cafbcb
* 300b9e9217ee1ed8d845ed2370c5ccf5c87afb36
* 7d73049884e3a96ca3b00b5bd4104f4edd6287ab
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/198#issuecomment-290479039
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#198][comment] secrets: support https in proxy provider

2017-03-30 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider

lslebodn commented:
"""
http://sssd-ci.duckdns.org/logs/job/66/78/summary.html

master:
* dc186bfe90665c13d589b3b4efd9009293e62c46
* 18e4fe9d836e8f7bee52724374ffc0011172329f
* 13d720de13e490850c1139eea865bcd5195a2630
* db826f57b4c2ee814823057cc536386889f7aa1d
* af026ea6a6e812b7d6c5c889dda64ba7b7c433ee
* 720e1a5b95a953a0f1c8315bbb7c9c1edf9fb417
* 06744bf5a47d5971a338281c8243b11cf72dac90
* df99d709c8cbef3c378c111944d83b7345e4c1ea
* 793f2573b2beaf8b48eab850429482acf68ec2b1
* 6698d40512e55e7c2d03e14c227c51b1edc77ffa
* ae6b11229d9961e26922918183c7c1de7780b8d6
* d1ed11fc50922aab2332758a9300f3fbf814f112
* c2ea75da72b426d98ba489039e220d417bfb4c2a
* 886e0f75e6f4c7877a23a3625f8a20c09109b09d
* 36e49a842e257ac9bde71728ee3bef4299b6e6e2
* b800a6d09244359959404aca81c6796a58cafbcb
* 300b9e9217ee1ed8d845ed2370c5ccf5c87afb36
* 7d73049884e3a96ca3b00b5bd4104f4edd6287ab
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/198#issuecomment-290479039
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: Regarding sssd.conf syntax check, going thru dinglib

2017-03-30 Thread amit kumar

Hello Lukas,

Thanks for response, yes we have ticket
https://pagure.io/SSSD/sssd/issue/416

But my query was regarding the design *how we parse smb.conf using
ding-lib.*

I am planing to provide a fix so that 'sssctl config-check' reports
something as this incorrect.
debug_level = uu
I found anything on RHS of = inside smb.conf is not validated?
Do we use # cat /root/ding-libs-0.6.0/ini/ini.d/mysssd.conf for
validation of contents, if yes {How}.

Hope I am clear with my question.

Many Thanks in Advance
Amit

On 03/29/2017 10:12 PM, Lukas Slebodnik wrote:
> On (29/03/17 19:13), amit kumar wrote:
>> Hello,
>>
>> *Present **Behavior*:
>> # vim  /usr/local/etc/sssd/sssd.conf
>> [sssd]
>> services = nss, pam
>> config_file_version = 2
>> domains = LDAP
>>
>> [domain/LDAP]
>> ldap_search_base = dc=example,dc=com
>> id_provider = ldap
>> *auth_provider = ldap9001**<== '**sssctl config_check' does not
>  ^^
> ATM it reports just an invalid option name
> and "auth_provider" is valid.
>
> Validating values need to be implemented.
> I think we have ticket somewhere.
>
> LS
> ___
> sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
> To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

-- 
Thanks
Amit Kumar
There are three ways to get something done:
  (1) Do it yourself.
  (2) Hire someone to do it for you.
  (3) Forbid your kids to do it.

___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#217][closed] KCM: Fix off-by-one error in secrets key validation

2017-03-30 Thread lslebodn

   URL: https://github.com/SSSD/sssd/pull/217
Author: jhrozek
 Title: #217: KCM: Fix off-by-one error in secrets key validation
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/217/head:pr217
git checkout pr217
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#217][+Pushed] KCM: Fix off-by-one error in secrets key validation

2017-03-30 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/217
Title: #217: KCM: Fix off-by-one error in secrets key validation

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#217][comment] KCM: Fix off-by-one error in secrets key validation

2017-03-30 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/217
Title: #217: KCM: Fix off-by-one error in secrets key validation

lslebodn commented:
"""
http://sssd-ci.duckdns.org/logs/job/66/77/summary.html

master:
* 7d73049884e3a96ca3b00b5bd4104f4edd6287ab
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/217#issuecomment-290464500
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#193][comment] UTIL: Use max 15 characters for AD host UPN

2017-03-30 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/193
Title: #193: UTIL: Use max 15 characters for AD host UPN

lslebodn commented:
"""
Thank you for review after two weeks.

I was able to find in msdn documentation that `sAMAccountName`  must be less 
than 20 characters and computers have to have '$' sign at the end; + that it 
should be derived from netbios name.

https://msdn.microsoft.com/en-us/library/ms677605(v=vs.85).aspx#sAMAccountName
https://msdn.microsoft.com/en-us/library/cc245685.aspx
https://msdn.microsoft.com/en-us/library/cc220838.aspx

I was not able to find anything about 15 characters (maybe it is a limitation 
of netbios name). But samba and adcli uses at most 15 characters for UPN.

@abbra I know you are very familiar with AD related documentation. Could you 
help us?

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/193#issuecomment-290456967
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#198][-Changes requested] secrets: support https in proxy provider

2017-03-30 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#198][comment] secrets: support https in proxy provider

2017-03-30 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider

pbrezina commented:
"""
I changed `POST` method from `CURLOPT_POST` to `CURLOPT_CUSTOMREQUEST = "POST"` 
since it the first option uses different options to pass data and data length 
to curl. Now it works even on rhel7.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/198#issuecomment-290394404
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#215][+Pushed] Support for non-POSIX users and groups

2017-03-30 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#215][comment] Support for non-POSIX users and groups

2017-03-30 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups

jhrozek commented:
"""
* master:
* 861ab44e8148208425b67c4711bc8fade10fd3ed
* 3e39806177e1cd383743ff596cb96df44a6ce8c9
* ed0cdfcacc44e4e13e1524e254efa744610a87c2
* 901396366075dc3e3fcc0894345af1b51052ac69
* 5f7f249f2a8a1c7284e991aa64dbf850d482b0aa
* 3e789aa0bd6b7bb6e62f91458b76753498030fb5
* 57eeec5d735c7a3bbe58299fded97414626d85f1
* b010f24f4d96d15c5c85021bb4aa83db25cd3df5
* 35f0f5ff9dac790f6c947190fcdc00d01ae9077c
* cee85e8fb9534ec997e5388fce59f392cf029573
* 825e8bf2f73a815c2eceb36ae805145fcbacf74d
* 6324eaf1fb321c41ca9883966118df6d45259b7e
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/215#issuecomment-290392226
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#214][+Changes requested] UTIL: Set udp_preference_limit=0 in krb5 snippet

2017-03-30 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/214
Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#218][+Changes requested] TEST: Adding paython-requests to dependencies

2017-03-30 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/218
Title: #218: TEST: Adding paython-requests to dependencies

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#218][comment] TEST: Adding paython-requests to dependencies

2017-03-30 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/218
Title: #218: TEST: Adding paython-requests to dependencies

lslebodn commented:
"""
It does not work for me:
```
sh$ rpm -q python-requests python2-requests python3-requests
package python-requests is not installed
python2-requests-2.13.0-1.fc26.noarch
python3-requests-2.13.0-1.fc26.noarch
```

```
checking for CMOCKA... yes
checking for uid_wrapper... yes
checking for nss_wrapper... yes
configure: error: cannot enable integration tests: python-requests not found
make: *** [Makefile:33181: intgcheck-prepare] Error 1
```
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/218#issuecomment-290390906
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#215][+Accepted] Support for non-POSIX users and groups

2017-03-30 Thread sumit-bose

  URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#208][comment] IFP: Filter with * in Users.ListByName method

2017-03-30 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/208
Title: #208: IFP: Filter with * in Users.ListByName method

jhrozek commented:
"""
On Thu, Mar 30, 2017 at 03:46:20AM -0700, Pavel Březina wrote:
> @jhrozek I agree there is a bug there. I just want to confirm one thing -- do 
> we want to allow filter without any character in it? Something tells me it 
> was a design decision that we won't allow "*" as filter since it basically 
> triggers enumeration which is not desirable.

Of course the wildcard is what the patch is about :)

I don't think we specifically disallowed '*', but we introduced the
limit to avoid full enumeration, see
https://fedorahosted.org/sssd/wiki/DesignDocs/WildcardRefresh

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/208#issuecomment-290376972
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#208][comment] IFP: Filter with * in Users.ListByName method

2017-03-30 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/208
Title: #208: IFP: Filter with * in Users.ListByName method

jhrozek commented:
"""
On Thu, Mar 30, 2017 at 03:46:20AM -0700, Pavel Březina wrote:
> @jhrozek I agree there is a bug there. I just want to confirm one thing -- do 
> we want to allow filter without any character in it? Something tells me it 
> was a design decision that we won't allow "*" as filter since it basically 
> triggers enumeration which is not desirable.

I'm not sure, does it work now with '*' ?

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/208#issuecomment-290376593
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#208][comment] IFP: Filter with * in Users.ListByName method

2017-03-30 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/208
Title: #208: IFP: Filter with * in Users.ListByName method

pbrezina commented:
"""
@jhrozek I agree there is a bug there. I just want to confirm one thing -- do 
we want to allow filter without any character in it? Something tells me it was 
a design decision that we won't allow "*" as filter since it basically triggers 
enumeration which is not desirable.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/208#issuecomment-290374762
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#215][comment] Support for non-POSIX users and groups

2017-03-30 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups

jhrozek commented:
"""
the new PR just amends the manpage description of the non-POSIX domains
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/215#issuecomment-290368513
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#218][opened] TEST: Adding paython-requests to dependencies

2017-03-30 Thread celestian

   URL: https://github.com/SSSD/sssd/pull/218
Author: celestian
 Title: #218: TEST: Adding paython-requests to dependencies
Action: opened

PR body:
"""
Resolves:
https://pagure.io/SSSD/sssd/issue/3353

Note:
I am not sure if this is the correct dependency which we were looking for. But 
it is needed anyway. If we need more don't hesitate to write me. 
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/218/head:pr218
git checkout pr218
From 8cf9aad8914e7a99a03eadfe1e4b09ac7fd98f30 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= 
Date: Thu, 30 Mar 2017 12:05:08 +0200
Subject: [PATCH] TEST: Adding paython-requests to dependencies

Resolves:
https://pagure.io/SSSD/sssd/issue/3353
---
 src/external/intgcheck.m4 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/external/intgcheck.m4 b/src/external/intgcheck.m4
index ac68b85..e38401c 100644
--- a/src/external/intgcheck.m4
+++ b/src/external/intgcheck.m4
@@ -29,5 +29,6 @@ AC_DEFUN([SSS_ENABLE_INTGCHECK_REQS], [
 SSS_INTGCHECK_REQ([HAVE_PYTEST], [pytest])
 SSS_INTGCHECK_REQ([HAVE_PY2MOD_LDAP], [python-ldap])
 SSS_INTGCHECK_REQ([HAVE_PY2MOD_LDAP], [pyldb])
+SSS_INTGCHECK_REQ([HAVE_PYT2MOD-REQUESTS], [python-requests])
 fi
 ])
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#215][comment] Support for non-POSIX users and groups

2017-03-30 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups

jhrozek commented:
"""
On Thu, Mar 30, 2017 at 02:53:18AM -0700, sumit-bose wrote:
> I tested the patches with a plain LDAP setup and with and AD. In general they 
> work as expected and since I think the current code is ok I would ACK the 
> patches so that the following observations can be fixed later.
> 
> First I have a question about the usage of [application/...] domains. Is
> it expected that [application/...] requires inherit_from and cannot be
> configured explicitly? If I use [domain/] and domain_type = application
> it work, but if I replace those two line by [application/...] SSSD won't
> start.

I didn't think about testing this, frankly. I tested a separate domain
with the application type which might be useful if you want to e.g. use
a different bind method but no this. I think it's a valid case that can
be fixed later.

> 
> 'sssctl config-check' does not like if [application/...] has other options 
> then inherit_from, even the example from the man page causes 
> '[rule/allowed_application_options]: Attribute 'ldap_user_extra_attrs' is not 
> allowed in section 'application/ad-app-2'. Check for typos.'

Hmm, the regex uses (domain|application) in the rules, but I'm not sure
if the regex supports the OR..apparently not..

> 
> When using [application/...] with the ad provider other domains than the one 
> the client is joined to are treated as POSIX domains even if only the 
> application domain is listed in in the domains option of sssd.conf.
> 
> Given the last observation it might be useful to say in the man page that 
> currently the primary and mainly tested use-case is together with the ldap 
> provider and more complex use cases will be evaluated in upcoming releases?

Yes, this is what we talked about with the ManageIQ developers. Since
for now the use-case is a replacement for their LDAP connector, I think
we should document this and check later. But with the autodiscovered
domains, we also need to do some tricks to rename the autodiscovered
domains to avoid clashes with subdomains from POSIX domains in a mixed
setup.

So if you agree, I will file three tickets for each of the cases and fix
them later. I will just fix the manpage for now to make it clear only
LDAP domains are supported now.

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/215#issuecomment-290364050
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#215][comment] Support for non-POSIX users and groups

2017-03-30 Thread sumit-bose

  URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups

sumit-bose commented:
"""
I tested the patches with a plain LDAP setup and with and AD. In general they 
work as expected and since I think the current code is ok I would ACK the 
patches so that the following observations can be fixed later.

First I have a question about the usage of [application/...] domains. Is it 
expected that [application/...] requires inherit_from and cannot be configured 
explicitly? If I use [domain/] and domain_type = application it work, but 
if I replace those two line by [application/...] SSSD won't start.

'sssctl config-check' does not like if [application/...] has other options then 
inherit_from, even the example from the man page causes 
'[rule/allowed_application_options]: Attribute 'ldap_user_extra_attrs' is not 
allowed in section 'application/ad-app-2'. Check for typos.'

When using [application/...] with the ad provider other domains than the one 
the client is joined to are treated as POSIX domains even if only the 
application domain is listed in in the domains option of sssd.conf.

Given the last observation it might be useful to say in the man page that 
currently the primary and mainly tested use-case is together with the ldap 
provider and more complex use cases will be evaluated in upcoming releases?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/215#issuecomment-290360748
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#215][comment] Support for non-POSIX users and groups

2017-03-30 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups

pbrezina commented:
"""
On 03/30/2017 11:23 AM, Jakub Hrozek wrote:
> On Thu, Mar 30, 2017 at 01:59:20AM -0700, Pavel Březina wrote:
>> I got error in enumeration as well with my secrets patch (definitely
> not related), but on debian and in different test:
>>
> http://sssd-ci.duckdns.org/logs/job/66/45/debian_testing/ci-build-debug/ci-make-intgcheck.log
>
> And this was with the non-POSIX patches applied as well? Should I look
> into the enumeration issues with non-POSIX or does it mean the
> enumeration tests are flaky?

No, it was only with the secrets patches.


"""

See the full comment at 
https://github.com/SSSD/sssd/pull/215#issuecomment-290355914
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#215][comment] Support for non-POSIX users and groups

2017-03-30 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups

fidencio commented:
"""
On Thu, Mar 30, 2017 at 11:23 AM, Jakub Hrozek 
wrote:

> On Thu, Mar 30, 2017 at 01:59:20AM -0700, Pavel Březina wrote:
> > I got error in enumeration as well with my secrets patch (definitely not
> related), but on debian and in different test:
> > http://sssd-ci.duckdns.org/logs/job/66/45/debian_testing/
> ci-build-debug/ci-make-intgcheck.log
>
> And this was with the non-POSIX patches applied as well? Should I look
> into the enumeration issues with non-POSIX or does it mean the
> enumeration tests are flaky?
>

I've personally been notice random issues with the enumeration tests
lately. Usually different ones on each commit and usually just happening in
one distro (and, AFAIR, it's not even consistent about in which distro it
does happen).

Best Regards,
--
Fabiano Fidêncio

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/215#issuecomment-290354411
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#215][comment] Support for non-POSIX users and groups

2017-03-30 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups

jhrozek commented:
"""
On Thu, Mar 30, 2017 at 01:59:20AM -0700, Pavel Březina wrote:
> I got error in enumeration as well with my secrets patch (definitely not 
> related), but on debian and in different test:
> http://sssd-ci.duckdns.org/logs/job/66/45/debian_testing/ci-build-debug/ci-make-intgcheck.log

And this was with the non-POSIX patches applied as well? Should I look
into the enumeration issues with non-POSIX or does it mean the
enumeration tests are flaky?

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/215#issuecomment-290353372
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#215][comment] Support for non-POSIX users and groups

2017-03-30 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups

pbrezina commented:
"""
I got error in enumeration as well with my secrets patch (definitely not 
related), but on debian and in different test:
http://sssd-ci.duckdns.org/logs/job/66/45/debian_testing/ci-build-debug/ci-make-intgcheck.log
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/215#issuecomment-290347387
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

38 matches

Mail list logo