[SSSD] [sssd PR#331][comment] KCM: temporary increase hardcoded buffers
URL: https://github.com/SSSD/sssd/pull/331 Title: #331: KCM: temporary increase hardcoded buffers frozencemetery commented: """ Per @simo5's comments in the linked bug, tickets can easily reach 65k, so this limit should maybe be higher. """ See the full comment at https://github.com/SSSD/sssd/pull/331#issuecomment-317082424 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#332][opened] sydb: index improvements
URL: https://github.com/SSSD/sssd/pull/332 Author: sumit-bose Title: #332: sydb: index improvements Action: opened PR body: """ This patch first adds some missing attributes to the index. The most important one here is 'ghost' which is used in the backed during group lookups. Additionally the index for one-level searches @IDXONE is removed. One level searches were only used in a few places and are replace by this patch with sub-tree searches. The main reason for the removal is that maintaining the index is quite costly because it is basically a single huge blob in the underlying tdb database. Finally this patch removes the index on the objectClass attribute and adds a new index on an new attribute called objectCategory which is used instead of objectClass for all objects expect user and group. Typically user and group searches are done by name or ID attributes which are more specific then objectClass. And since most of the objects in the cache will be users and groups a search for all users or groups will be near to a full database search so that the index won't help much in this case either. The reason for removing it are the costs to manage it when there are many users or groups. Due to the index changes some search results are returned in different order. I updated the related tests so that the checks do not depend on a specific order anymore. If 'LDB_WARN_UNINDEXED=1' is set in /etc/sysconfig/sssd full database searches are indicated with a 'ldb FULL SEARCH: ...' debug message. Since there are no extra costs we might want to enable this by default with a certain debug level. Currently there are two types of un-indexed searches. Searches with '(distinguishedName=*)' in the filter are related to sub-tree deletes and '(dataExpireTimestamp<=...)' are related to refresh and cleanup tasks. Please note that '<=' and sub-string searches cannot be indexed. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/332/head:pr332 git checkout pr332 From ccf05b56aaff734ed084829f48cd1b6286618cbf Mon Sep 17 00:00:00 2001 From: Sumit BoseDate: Thu, 29 Jun 2017 11:54:05 +0200 Subject: [PATCH] sydb: index improvements This patch first adds some missing attributes to the index. The most important one here is 'ghost' which is used in the backed during group lookups. Additionally the index for one-level searches @IDXONE is removed. One level searches were only used in a few places and are replace by this patch with sub-tree searches. The main reason for the removal is that maintaining the index is quite costly because it is basically a single huge blob in the underlying tdb database. Finally this patch removes the index on the objectClass attribute and adds a new index on an new attribute called objectCategory which is used instead of objectClass for all objects expect user and group. Typically user and group searches are done by name or ID attributes which are more specific then objectClass. And since most of the objects in the cache will be users and groups a search for all users or groups will be near to a full database search so that the index won't help much in this case either. The reason for removing it are the costs to manage it when there are many users or groups. Due to the index changes some search results are returned in different order. I updated the related tests so that the checks do not depend on a specific order anymore. If 'LDB_WARN_UNINDEXED=1' is set in /etc/sysconfig/sssd full database searches are indicated with a 'ldb FULL SEARCH: ...' debug message. Since there are no extra costs we might want to enable this by default with a certain debug level. Currently there are two types of un-indexed searches. Searches with '(distinguishedName=*)' in the filter are related to sub-tree deletes and '(dataExpireTimestamp<=...)' are related to refresh and cleanup tasks. Please note that '<=' and sub-string searches cannot be indexed. --- src/db/sysdb.h| 1 + src/db/sysdb_autofs.c | 13 +- src/db/sysdb_certmap.c| 4 +- src/db/sysdb_init.c | 50 - src/db/sysdb_private.h| 18 +- src/db/sysdb_ranges.c | 7 +- src/db/sysdb_selinux.c| 4 +- src/db/sysdb_subdomains.c | 11 +- src/db/sysdb_upgrade.c| 265 ++ src/providers/ipa/ipa_access.c| 3 +- src/providers/ipa/ipa_hbac_rules.c| 9 + src/responder/ifp/ifp_users.c | 2 +- src/tests/cmocka/test_ipa_subdomains_server.c | 233 -- src/tests/cmocka/test_sysdb_views.c | 192 ++- src/tests/sysdb-tests.c | 45 - 15 files changed, 677 insertions(+), 180 deletions(-) diff --git a/src/db/sysdb.h b/src/db/sysdb.h
[SSSD] [sssd PR#225][comment] SECRETS: Apply separate quotas for cn=secrets and cn=kcm
URL: https://github.com/SSSD/sssd/pull/225 Title: #225: SECRETS: Apply separate quotas for cn=secrets and cn=kcm lslebodn commented: """ BTW I would prefer at least "CRYPTO: Do not call NSS_Shutdown after every operation" in 1.15.3 """ See the full comment at https://github.com/SSSD/sssd/pull/225#issuecomment-317069831 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#331][opened] KCM: temporary increase hardcoded buffers
URL: https://github.com/SSSD/sssd/pull/331 Author: lslebodn Title: #331: KCM: temporary increase hardcoded buffers Action: opened PR body: """ Temporary workaround: https://pagure.io/SSSD/sssd/issue/3386 I would prefer to have at least partially usable kcm in official release due to downstream distributions. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/331/head:pr331 git checkout pr331 From 3e971e5107b7203b2d827a91232880f188ae2e1e Mon Sep 17 00:00:00 2001 From: Lukas SlebodnikDate: Fri, 21 Jul 2017 17:54:23 +0200 Subject: [PATCH] KCM: temporary increase hardcoded buffers Temporary workaround: https://pagure.io/SSSD/sssd/issue/3386 --- src/responder/kcm/kcmsrv_ops.c | 2 +- src/util/tev_curl.c| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c index 2feaf51f2..7a78e9d6b 100644 --- a/src/responder/kcm/kcmsrv_ops.c +++ b/src/responder/kcm/kcmsrv_ops.c @@ -31,7 +31,7 @@ #include "responder/kcm/kcmsrv_ops.h" #include "responder/kcm/kcmsrv_ccache.h" -#define KCM_REPLY_MAX 2048 +#define KCM_REPLY_MAX 16384 struct kcm_op_ctx { struct kcm_resp_ctx *kcm_data; diff --git a/src/util/tev_curl.c b/src/util/tev_curl.c index 8faf07c71..52c86adde 100644 --- a/src/util/tev_curl.c +++ b/src/util/tev_curl.c @@ -35,7 +35,7 @@ #include "util/tev_curl.h" #define TCURL_IOBUF_CHUNK 1024 -#define TCURL_IOBUF_MAX 4096 +#define TCURL_IOBUF_MAX16384 static bool global_is_curl_initialized; ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#327][comment] RESPONDERS: Fix terminating idle connections
URL: https://github.com/SSSD/sssd/pull/327 Title: #327: RESPONDERS: Fix terminating idle connections lslebodn commented: """ master: * 74e2415f00d0cb27ae935c7d81aaf15d906cc927 * d24335e9bd611e6626a57da28ad8ed621bb473c1 * 422217c7ea5fbe94b386c93c19e2c1928151faa0 """ See the full comment at https://github.com/SSSD/sssd/pull/327#issuecomment-31702 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#327][closed] RESPONDERS: Fix terminating idle connections
URL: https://github.com/SSSD/sssd/pull/327 Author: jhrozek Title: #327: RESPONDERS: Fix terminating idle connections Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/327/head:pr327 git checkout pr327 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#327][+Pushed] RESPONDERS: Fix terminating idle connections
URL: https://github.com/SSSD/sssd/pull/327 Title: #327: RESPONDERS: Fix terminating idle connections Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#330][comment] ad_account_can_shortcut: shortcut if ID is unknown
URL: https://github.com/SSSD/sssd/pull/330 Title: #330: ad_account_can_shortcut: shortcut if ID is unknown lslebodn commented: """ On (21/07/17 07:14), Jakub Hrozek wrote: >I would prefer to push the commit " ad_account_can_shortcut: shortcut if ID is >unknown" before the 1.15.3 release because it's a regression. The second one >can IMO wait until 1.15.4. > The 2nd one is obviously good and can be pushed together. Do we have an idea then the regression was introduced? LS """ See the full comment at https://github.com/SSSD/sssd/pull/330#issuecomment-317018281 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#330][comment] ad_account_can_shortcut: shortcut if ID is unknown
URL: https://github.com/SSSD/sssd/pull/330 Title: #330: ad_account_can_shortcut: shortcut if ID is unknown jhrozek commented: """ I would prefer to push the commit " ad_account_can_shortcut: shortcut if ID is unknown" before the 1.15.3 release because it's a regression. The second one can IMO wait until 1.15.4. """ See the full comment at https://github.com/SSSD/sssd/pull/330#issuecomment-317012559 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#330][comment] ad_account_can_shortcut: shortcut if ID is unknown
URL: https://github.com/SSSD/sssd/pull/330 Title: #330: ad_account_can_shortcut: shortcut if ID is unknown lslebodn commented: """ On (21/07/17 11:16), sumit-bose wrote: >The idmap part of not needed in 1.15.3. Good to know. I was not sure about severity of related ticket. LS """ See the full comment at https://github.com/SSSD/sssd/pull/330#issuecomment-316976939 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#330][comment] ad_account_can_shortcut: shortcut if ID is unknown
URL: https://github.com/SSSD/sssd/pull/330 Title: #330: ad_account_can_shortcut: shortcut if ID is unknown sumit-bose commented: """ The idmap part of not needed in 1.15.3. If we decide we want the shortcut patch in 1.15.3 I can drop the idmap part from this PR and create another one. """ See the full comment at https://github.com/SSSD/sssd/pull/330#issuecomment-316975394 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] About https://pagure.io/SSSD/sssd/issue/1898
Dear Devels, The requirement I understand is to move files used by both client(sss_client) & server to some special directory may be src/shared? I believe these are common files used by both server & client(sss_client) Hence movement is required? I find 3 files having the header specified in Bug: ./src/util/murmurhash3.h ./src/util/io.h ./src/util/util_safealign.h Is this the only task to be carried or addons on it? -- Thanks Amit Kumar !!If you stumble, get back up. What happened yesterday, no longer matters. Today is another day to move closer to your GOAL!! ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#330][comment] ad_account_can_shortcut: shortcut if ID is unknown
URL: https://github.com/SSSD/sssd/pull/330 Title: #330: ad_account_can_shortcut: shortcut if ID is unknown lslebodn commented: """ On (20/07/17 18:15), sumit-bose wrote: >Additionally this PR adds some missing descriptions for idmap error codes. >You can view, comment on, or merge this pull request online at: > I would appreciate an unit test for error codes. We already have something similar for sssd error codes: https://pagure.io/SSSD/sssd/c/7650ded4ffa87fcf7ce5adf00920fecf89cffcf5 BTW do we want to have this patch in 1.15.3. If yes then please bump version-info for library. LS """ See the full comment at https://github.com/SSSD/sssd/pull/330#issuecomment-316971762 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#225][comment] SECRETS: Apply separate quotas for cn=secrets and cn=kcm
URL: https://github.com/SSSD/sssd/pull/225 Title: #225: SECRETS: Apply separate quotas for cn=secrets and cn=kcm fidencio commented: """ Adding the "Changes Requested" label as per @lslebodn's comment. As I plan to go (one more time) through those patches Today, I'll provide a fixup (unless @jhrozek is faster than I am). """ See the full comment at https://github.com/SSSD/sssd/pull/225#issuecomment-316911468 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#225][+Changes requested] SECRETS: Apply separate quotas for cn=secrets and cn=kcm
URL: https://github.com/SSSD/sssd/pull/225 Title: #225: SECRETS: Apply separate quotas for cn=secrets and cn=kcm Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org