[SSSD] [sssd PR#402][synchronized] LDAP: Allow autogenerating user-private groups

2017-10-21 Thread jhrozek 
   URL: https://github.com/SSSD/sssd/pull/402
Author: jhrozek
 Title: #402: LDAP: Allow autogenerating user-private groups
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/402/head:pr402
git checkout pr402
From 4efaf9129f363c6248cc962cb9f92216ff416954 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Tue, 3 Oct 2017 12:34:33 +0200
Subject: [PATCH 1/6] CONFIG: Add a new option auto_private_groups

The auto_private_groups option is used to configure the domain->mpg flag
which was already set automatically for subdomains, but for some time was
not settable by the admin via the configuration file.

The new option name, instead of the old magic_private_groups, was chosen
purely because this name would hopefully be better understood by admins.

The option doesn't do anything yet, it is just added to all the places a
new option should be added to.

Related:
https://pagure.io/SSSD/sssd/issue/1872
---
 src/confdb/confdb.c  |  8 
 src/confdb/confdb.h  |  1 +
 src/config/SSSDConfig/__init__.py.in |  1 +
 src/config/SSSDConfigTest.py |  6 --
 src/config/cfg_rules.ini |  1 +
 src/config/etc/sssd.api.conf |  1 +
 src/man/sssd.conf.5.xml  | 20 
 7 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index fefecc03d..a02822481 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -936,6 +936,14 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
 goto done;
 }
 
+ret = get_entry_as_bool(res->msgs[0], &domain->mpg,
+CONFDB_DOMAIN_AUTO_UPG, 0);
+if (ret != EOK) {
+DEBUG(SSSDBG_FATAL_FAILURE,
+  "Invalid value for %s\n", CONFDB_DOMAIN_AUTO_UPG);
+goto done;
+}
+
 if (strcasecmp(domain->provider, "local") == 0) {
 /* If this is the local provider, we need to ensure that
  * no other provider was specified for other types, since
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index bcea99ae4..2539b9069 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -198,6 +198,7 @@
 #define CONFDB_DEFAULT_CACHE_CREDS_MIN_FF_LENGTH 8
 #define CONFDB_DOMAIN_LEGACY_PASS "store_legacy_passwords"
 #define CONFDB_DOMAIN_MPG "magic_private_groups"
+#define CONFDB_DOMAIN_AUTO_UPG "auto_private_groups"
 #define CONFDB_DOMAIN_FQ "use_fully_qualified_names"
 #define CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT "entry_cache_timeout"
 #define CONFDB_DOMAIN_ACCOUNT_CACHE_EXPIRATION "account_cache_expiration"
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index d99b718e0..d2bb709d6 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -195,6 +195,7 @@ option_strings = {
 'cached_auth_timeout' : _('How long can cached credentials be used for cached authentication'),
 'full_name_format' : _('Printf-compatible format for displaying fully-qualified names'),
 're_expression' : _('Regex to parse username and domain'),
+'auto_private_groups' : _('Whether to automatically create private groups for users'),
 
 # [provider/ipa]
 'ipa_domain' : _('IPA domain'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 4a583bdd3..87d1f6e64 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -624,7 +624,8 @@ def testListOptions(self):
 'subdomain_homedir',
 'full_name_format',
 're_expression',
-'cached_auth_timeout']
+'cached_auth_timeout',
+'auto_private_groups']
 
 self.assertTrue(type(options) == dict,
 "Options should be a dictionary")
@@ -994,7 +995,8 @@ def testRemoveProvider(self):
 'subdomain_homedir',
 'full_name_format',
 're_expression',
-'cached_auth_timeout']
+'cached_auth_timeout',
+'auto_private_groups']
 
 self.assertTrue(type(options) == dict,
 "Options should be a dictionary")
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index e49e8d43f..4e70bf7b6 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -382,6 +382,7 @@ option = cached_auth_timeout
 option = wildcard_limit
 option = full_name_format
 option = re_expression
+option = auto_private_groups
 
 #Entry cache timeouts
 option = entry_cache_user_timeout
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 7f2b8977b..2be2e3e68 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -185,6 +185,7 @@ subdomain_homedir = str, None, false
 cached_auth_timeout = int, None, false
 full_name_format = str, None, false
 re_expression = str, None, false
+auto_private_groups = str, None, false
 
 #Entry

[SSSD] [sssd PR#402][comment] LDAP: Allow autogenerating user-private groups

2017-10-21 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/402
Title: #402: LDAP: Allow autogenerating user-private groups

jhrozek commented:
"""
OK, so one of the test failures was a bug in my patches, actually. This version 
passed all the tests I ran so far:
 * 2106158 - local provider
 * 2106157 - tests against openldap
 * 2106156 - multidomain tests
 * 2106155 - ldap id/auth tests
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/402#issuecomment-338432323
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#402][comment] LDAP: Allow autogenerating user-private groups

2017-10-21 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/402
Title: #402: LDAP: Allow autogenerating user-private groups

jhrozek commented:
"""
I will be running some more tests, but these are the ones that should cover the 
majority of what I've changed. Please review the patches again, thank you.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/402#issuecomment-338432384
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#402][-Changes requested] LDAP: Allow autogenerating user-private groups

2017-10-21 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/402
Title: #402: LDAP: Allow autogenerating user-private groups

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: Design page: Automatic private group creation for the LDAP provider

2017-10-21 Thread Jakub Hrozek 
On Tue, Oct 10, 2017 at 09:42:16PM +0200, Jakub Hrozek wrote:
> Hi,
> 
> I wrote a design page about exposing the functionality that creates the
> user private groups based on the user entry only:
> 
> https://pagure.io/fork/jhrozek/SSSD/docs/blob/mpg/f/design_pages/auto_private_groups.rst
> 
> For your convenience, I'm also copying the design text in the RST format
> below.
> 
> Once the design is approved, I'll propose a PR against the sssd/docs
> repository.

Since there were no comments about the overall design here or in the PR, I 
submitted a docs PR:
https://pagure.io/SSSD/docs/pull-request/52
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org