date:20170721

[SSSD] [sssd PR#331][comment] KCM: temporary increase hardcoded buffers

2017-07-21 Thread frozencemetery

  URL: https://github.com/SSSD/sssd/pull/331
Title: #331: KCM: temporary increase hardcoded buffers

frozencemetery commented:
"""
Per @simo5's comments in the linked bug, tickets can easily reach 65k, so this 
limit should maybe be higher.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/331#issuecomment-317082424
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#332][opened] sydb: index improvements

2017-07-21 Thread sumit-bose

   URL: https://github.com/SSSD/sssd/pull/332
Author: sumit-bose
 Title: #332: sydb: index improvements
Action: opened

PR body:
"""
This patch first adds some missing attributes to the index. The most
important one here is 'ghost' which is used in the backed during group
lookups.

Additionally the index for one-level searches @IDXONE is removed. One
level searches were only used in a few places and are replace by this
patch with sub-tree searches. The main reason for the removal is that
maintaining the index is quite costly because it is basically a single
huge blob in the underlying tdb database.

Finally this patch removes the index on the objectClass attribute and
adds a new index on an new attribute called objectCategory which is used
instead of objectClass for all objects expect user and group. Typically
user and group searches are done by name or ID attributes which are more
specific then objectClass. And since most of the objects in the cache
will be users and groups a search for all users or groups will be near
to a full database search so that the index won't help much in this case
either. The reason for removing it are the costs to manage it when there
are many users or groups.

Due to the index changes some search results are returned in different
order. I updated the related tests so that the checks do not depend on a
specific order anymore.

If 'LDB_WARN_UNINDEXED=1' is set in /etc/sysconfig/sssd full database
searches are indicated with a 'ldb FULL SEARCH: ...' debug message.
Since there are no extra costs we might want to enable this by default
with a certain debug level.

Currently there are two types of un-indexed searches. Searches with
'(distinguishedName=*)' in the filter are related to sub-tree deletes
and '(dataExpireTimestamp<=...)' are related to refresh and cleanup
tasks. Please note that '<=' and sub-string searches cannot be indexed.
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/332/head:pr332
git checkout pr332
From ccf05b56aaff734ed084829f48cd1b6286618cbf Mon Sep 17 00:00:00 2001
From: Sumit Bose 
Date: Thu, 29 Jun 2017 11:54:05 +0200
Subject: [PATCH] sydb: index improvements

This patch first adds some missing attributes to the index. The most
important one here is 'ghost' which is used in the backed during group
lookups.

Additionally the index for one-level searches @IDXONE is removed. One
level searches were only used in a few places and are replace by this
patch with sub-tree searches. The main reason for the removal is that
maintaining the index is quite costly because it is basically a single
huge blob in the underlying tdb database.

Finally this patch removes the index on the objectClass attribute and
adds a new index on an new attribute called objectCategory which is used
instead of objectClass for all objects expect user and group. Typically
user and group searches are done by name or ID attributes which are more
specific then objectClass. And since most of the objects in the cache
will be users and groups a search for all users or groups will be near
to a full database search so that the index won't help much in this case
either. The reason for removing it are the costs to manage it when there
are many users or groups.

Due to the index changes some search results are returned in different
order. I updated the related tests so that the checks do not depend on a
specific order anymore.

If 'LDB_WARN_UNINDEXED=1' is set in /etc/sysconfig/sssd full database
searches are indicated with a 'ldb FULL SEARCH: ...' debug message.
Since there are no extra costs we might want to enable this by default
with a certain debug level.

Currently there are two types of un-indexed searches. Searches with
'(distinguishedName=*)' in the filter are related to sub-tree deletes
and '(dataExpireTimestamp<=...)' are related to refresh and cleanup
tasks. Please note that '<=' and sub-string searches cannot be indexed.
---
 src/db/sysdb.h|   1 +
 src/db/sysdb_autofs.c |  13 +-
 src/db/sysdb_certmap.c|   4 +-
 src/db/sysdb_init.c   |  50 -
 src/db/sysdb_private.h|  18 +-
 src/db/sysdb_ranges.c |   7 +-
 src/db/sysdb_selinux.c|   4 +-
 src/db/sysdb_subdomains.c |  11 +-
 src/db/sysdb_upgrade.c| 265 ++
 src/providers/ipa/ipa_access.c|   3 +-
 src/providers/ipa/ipa_hbac_rules.c|   9 +
 src/responder/ifp/ifp_users.c |   2 +-
 src/tests/cmocka/test_ipa_subdomains_server.c | 233 --
 src/tests/cmocka/test_sysdb_views.c   | 192 ++-
 src/tests/sysdb-tests.c   |  45 -
 15 files changed, 677 insertions(+), 180 deletions(-)

diff --git a/src/db/sysdb.h b/src/db/sysdb.h

[SSSD] [sssd PR#225][comment] SECRETS: Apply separate quotas for cn=secrets and cn=kcm

2017-07-21 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/225
Title: #225: SECRETS: Apply separate quotas for cn=secrets and cn=kcm

lslebodn commented:
"""
BTW I would prefer at least "CRYPTO: Do not call NSS_Shutdown after every 
operation"
in 1.15.3
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/225#issuecomment-317069831
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#331][opened] KCM: temporary increase hardcoded buffers

2017-07-21 Thread lslebodn

   URL: https://github.com/SSSD/sssd/pull/331
Author: lslebodn
 Title: #331: KCM: temporary increase hardcoded buffers
Action: opened

PR body:
"""
Temporary workaround:
https://pagure.io/SSSD/sssd/issue/3386

I would prefer to have at least partially usable kcm in official release
due to downstream distributions.
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/331/head:pr331
git checkout pr331
From 3e971e5107b7203b2d827a91232880f188ae2e1e Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Fri, 21 Jul 2017 17:54:23 +0200
Subject: [PATCH] KCM: temporary increase hardcoded buffers

Temporary workaround:
https://pagure.io/SSSD/sssd/issue/3386
---
 src/responder/kcm/kcmsrv_ops.c | 2 +-
 src/util/tev_curl.c| 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c
index 2feaf51f2..7a78e9d6b 100644
--- a/src/responder/kcm/kcmsrv_ops.c
+++ b/src/responder/kcm/kcmsrv_ops.c
@@ -31,7 +31,7 @@
 #include "responder/kcm/kcmsrv_ops.h"
 #include "responder/kcm/kcmsrv_ccache.h"
 
-#define KCM_REPLY_MAX   2048
+#define KCM_REPLY_MAX 16384
 
 struct kcm_op_ctx {
 struct kcm_resp_ctx *kcm_data;
diff --git a/src/util/tev_curl.c b/src/util/tev_curl.c
index 8faf07c71..52c86adde 100644
--- a/src/util/tev_curl.c
+++ b/src/util/tev_curl.c
@@ -35,7 +35,7 @@
 #include "util/tev_curl.h"
 
 #define TCURL_IOBUF_CHUNK   1024
-#define TCURL_IOBUF_MAX 4096
+#define TCURL_IOBUF_MAX16384
 
 static bool global_is_curl_initialized;
 
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#327][comment] RESPONDERS: Fix terminating idle connections

2017-07-21 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/327
Title: #327: RESPONDERS: Fix terminating idle connections

lslebodn commented:
"""
master:
* 74e2415f00d0cb27ae935c7d81aaf15d906cc927
* d24335e9bd611e6626a57da28ad8ed621bb473c1
* 422217c7ea5fbe94b386c93c19e2c1928151faa0
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/327#issuecomment-31702
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#327][closed] RESPONDERS: Fix terminating idle connections

2017-07-21 Thread lslebodn

   URL: https://github.com/SSSD/sssd/pull/327
Author: jhrozek
 Title: #327: RESPONDERS: Fix terminating idle connections
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/327/head:pr327
git checkout pr327
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#327][+Pushed] RESPONDERS: Fix terminating idle connections

2017-07-21 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/327
Title: #327: RESPONDERS: Fix terminating idle connections

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#330][comment] ad_account_can_shortcut: shortcut if ID is unknown

2017-07-21 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/330
Title: #330: ad_account_can_shortcut: shortcut if ID is unknown

lslebodn commented:
"""
On (21/07/17 07:14), Jakub Hrozek wrote:
>I would prefer to push the commit " ad_account_can_shortcut: shortcut if ID is 
>unknown" before the 1.15.3 release because it's a regression. The second one 
>can IMO wait until 1.15.4.
>
The 2nd one is obviously good and can be pushed together.

Do we have an idea then the regression was introduced?

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/330#issuecomment-317018281
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#330][comment] ad_account_can_shortcut: shortcut if ID is unknown

2017-07-21 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/330
Title: #330: ad_account_can_shortcut: shortcut if ID is unknown

jhrozek commented:
"""
I would prefer to push the commit " ad_account_can_shortcut: shortcut if ID is 
unknown" before the 1.15.3 release because it's a regression. The second one 
can IMO wait until 1.15.4.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/330#issuecomment-317012559
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#330][comment] ad_account_can_shortcut: shortcut if ID is unknown

2017-07-21 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/330
Title: #330: ad_account_can_shortcut: shortcut if ID is unknown

lslebodn commented:
"""
On (21/07/17 11:16), sumit-bose wrote:
>The idmap part of not needed in 1.15.3.

Good to know. I was not sure about severity of related ticket.

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/330#issuecomment-316976939
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#330][comment] ad_account_can_shortcut: shortcut if ID is unknown

2017-07-21 Thread sumit-bose

  URL: https://github.com/SSSD/sssd/pull/330
Title: #330: ad_account_can_shortcut: shortcut if ID is unknown

sumit-bose commented:
"""
The idmap part of not needed in 1.15.3. If we decide we want the shortcut patch 
in 1.15.3 I can drop the idmap part from this PR and create another one.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/330#issuecomment-316975394
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] About https://pagure.io/SSSD/sssd/issue/1898

2017-07-21 Thread amit kumar

Dear Devels,

The requirement I understand is to move files used by both
client(sss_client) & server to some special directory may be src/shared?
I believe these are common files used by both server &
client(sss_client) Hence movement is required?

I find 3 files having the header specified in Bug:
./src/util/murmurhash3.h
./src/util/io.h
./src/util/util_safealign.h

Is this the only task to be carried or addons on it?

-- 
Thanks
Amit Kumar
!!If you stumble, get back up. 
What happened yesterday, no longer matters.
Today is another day to move closer to your GOAL!!

___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#330][comment] ad_account_can_shortcut: shortcut if ID is unknown

2017-07-21 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/330
Title: #330: ad_account_can_shortcut: shortcut if ID is unknown

lslebodn commented:
"""
On (20/07/17 18:15), sumit-bose wrote:
>Additionally this PR adds some missing descriptions for idmap error codes.
>You can view, comment on, or merge this pull request online at:
>
I would appreciate an unit test for error codes.
We already have something similar for sssd error codes:
https://pagure.io/SSSD/sssd/c/7650ded4ffa87fcf7ce5adf00920fecf89cffcf5

BTW do we want to have this patch in 1.15.3.
If yes then please bump version-info for library.

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/330#issuecomment-316971762
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#225][comment] SECRETS: Apply separate quotas for cn=secrets and cn=kcm

2017-07-21 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/225
Title: #225: SECRETS: Apply separate quotas for cn=secrets and cn=kcm

fidencio commented:
"""
Adding the "Changes Requested" label as per @lslebodn's comment.

As I plan to go (one more time) through those patches Today, I'll provide a 
fixup (unless @jhrozek is faster than I am).
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/225#issuecomment-316911468
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#225][+Changes requested] SECRETS: Apply separate quotas for cn=secrets and cn=kcm

2017-07-21 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/225
Title: #225: SECRETS: Apply separate quotas for cn=secrets and cn=kcm

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#331][comment] KCM: temporary increase hardcoded buffers

[SSSD] [sssd PR#332][opened] sydb: index improvements

[SSSD] [sssd PR#225][comment] SECRETS: Apply separate quotas for cn=secrets and cn=kcm

[SSSD] [sssd PR#331][opened] KCM: temporary increase hardcoded buffers

[SSSD] [sssd PR#327][comment] RESPONDERS: Fix terminating idle connections

[SSSD] [sssd PR#327][closed] RESPONDERS: Fix terminating idle connections

[SSSD] [sssd PR#327][+Pushed] RESPONDERS: Fix terminating idle connections

[SSSD] [sssd PR#330][comment] ad_account_can_shortcut: shortcut if ID is unknown

[SSSD] [sssd PR#330][comment] ad_account_can_shortcut: shortcut if ID is unknown

[SSSD] [sssd PR#330][comment] ad_account_can_shortcut: shortcut if ID is unknown

[SSSD] [sssd PR#330][comment] ad_account_can_shortcut: shortcut if ID is unknown

[SSSD] About https://pagure.io/SSSD/sssd/issue/1898

[SSSD] [sssd PR#330][comment] ad_account_can_shortcut: shortcut if ID is unknown

[SSSD] [sssd PR#225][comment] SECRETS: Apply separate quotas for cn=secrets and cn=kcm

[SSSD] [sssd PR#225][+Changes requested] SECRETS: Apply separate quotas for cn=secrets and cn=kcm

15 matches

Site Navigation

Mail list logo

Footer information