[SSSD] [sssd PR#5487][+Waiting for review] alltests: password_policy: Removing the log debug messages

2021-02-02 Thread madhuriupadhye 
  URL: https://github.com/SSSD/sssd/pull/5487
Title: #5487: alltests: password_policy: Removing the log debug messages

Label: +Waiting for review
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#5487][opened] alltests: password_policy: Removing the log debug messages

2021-02-02 Thread madhuriupadhye 
   URL: https://github.com/SSSD/sssd/pull/5487
Author: madhuriupadhye
 Title: #5487: alltests: password_policy: Removing the log debug messages
Action: opened

PR body:
"""
Removing the debug messages since it's neither from PAM, SSSD,
nor passwd and test does not depend on this dubug messages.

Signed-off-by: Madhuri Upadhye 
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5487/head:pr5487
git checkout pr5487
From 53758a7219ecd573391033cc4a55f2a15b3bd3aa Mon Sep 17 00:00:00 2001
From: Madhuri Upadhye 
Date: Wed, 3 Feb 2021 11:51:53 +0530
Subject: [PATCH] alltests: password_policy: Removing the log debug messages

Removing the debug messages since it's neither from PAM, SSSD,
nor passwd and test does not depend on this dubug messages.

Signed-off-by: Madhuri Upadhye 
---
 src/tests/multihost/alltests/test_password_policy.py | 9 -
 1 file changed, 9 deletions(-)

diff --git a/src/tests/multihost/alltests/test_password_policy.py b/src/tests/multihost/alltests/test_password_policy.py
index eeb668f7e8..f480c84346 100644
--- a/src/tests/multihost/alltests/test_password_policy.py
+++ b/src/tests/multihost/alltests/test_password_policy.py
@@ -73,15 +73,6 @@ def test_0002_newpassnotmatch(self, multihost):
  'bumblebee@123',
  'bumblebee')
 assert change_pass == 5
-log1 = re.compile(
-r'Failed\spreliminary\scheck\sby\spassword\sservice')
-time.sleep(10)
-test_str_log = multihost.client[0].get_file_contents(
-'/var/log/secure')
-# time.sleep(5)
-cat_cmd = 'cat /var/log/secure'
-multihost.client[0].run_command(cat_cmd)
-assert log1.search(test_str_log.decode())
 
 @pytest.mark.tier2
 def test_0003_smallnewpass(self, multihost):
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#5473][comment] Tests: alltests: Check default debug level of sssd and corresponding logs

2021-02-02 Thread alexey-tikhonov 
  URL: https://github.com/SSSD/sssd/pull/5473
Title: #5473: Tests: alltests: Check default debug level of sssd and 
corresponding logs

alexey-tikhonov commented:
"""
Could you please fix "Unable to rebase on master" issue?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5473#issuecomment-771723569
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#5365][synchronized] Translations update from Weblate

2021-02-02 Thread weblate 
   URL: https://github.com/SSSD/sssd/pull/5365
Author: weblate
 Title: #5365: Translations update from Weblate
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5365/head:pr5365
git checkout pr5365
From c6f432b21a52a1158f93263b37bfc4d8a7c1caad Mon Sep 17 00:00:00 2001
From: Weblate 
Date: Tue, 2 Feb 2021 15:40:13 +0100
Subject: [PATCH] Translated using Weblate (German)

Currently translated at 49.6% (1314 of 2647 strings)

Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/de/

Translated using Weblate (German)

Currently translated at 57.2% (414 of 723 strings)

Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/de/

Translated using Weblate (German)

Currently translated at 55.6% (402 of 723 strings)

Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/de/

Added translation using Weblate (Finnish)

Translated using Weblate (Spanish)

Currently translated at 71.5% (1893 of 2647 strings)

Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/es/

Translated using Weblate (Spanish)

Currently translated at 88.6% (641 of 723 strings)

Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/

Translated using Weblate (Finnish)

Currently translated at 1.1% (31 of 2671 strings)

Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/fi/
---
 po/LINGUAS   |1 +
 po/de.po |   51 +-
 po/es.po |   34 +-
 po/fi.po | 3196 ++
 src/man/po/de.po |   22 +-
 src/man/po/es.po |   11 +-
 src/man/po/fi.po |   15 +-
 7 files changed, 3285 insertions(+), 45 deletions(-)
 create mode 100644 po/fi.po

diff --git a/po/LINGUAS b/po/LINGUAS
index fe881e3f52..055a053ac8 100644
--- a/po/LINGUAS
+++ b/po/LINGUAS
@@ -22,3 +22,4 @@ uk
 zh_CN
 zh_TW
 
+fi
diff --git a/po/de.po b/po/de.po
index a6d191973f..ce412d6d17 100644
--- a/po/de.po
+++ b/po/de.po
@@ -7,21 +7,22 @@
 # Mario Blättermann , 2014
 # sgallagh , 2011
 # Ludek Janda , 2020. #zanata
+# Sumit Bose , 2021.
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
 "POT-Creation-Date: 2020-10-07 16:17+0200\n"
-"PO-Revision-Date: 2020-07-13 06:32-0400\n"
-"Last-Translator: Mario Blättermann \n"
-"Language-Team: German (http://www.transifex.com/projects/p/sssd/language/;
-"de/)\n"
+"PO-Revision-Date: 2021-02-02 14:40+\n"
+"Last-Translator: Sumit Bose \n"
+"Language-Team: German \n"
 "Language: de\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 4.6.2\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.4.2\n"
 
 #: src/config/SSSDConfig/sssdoptions.py:20
 #: src/config/SSSDConfig/sssdoptions.py:21
@@ -83,6 +84,8 @@ msgid ""
 "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
 "version 2."
 msgstr ""
+"gibt die Syntax der Konfigurationsdatei an. SSSD 0.6.0 und neuer benutzen "
+"Version 2."
 
 #: src/config/SSSDConfig/sssdoptions.py:39
 msgid "SSSD Services to start"
@@ -110,8 +113,7 @@ msgid ""
 "Directory on the filesystem where SSSD should store Kerberos replay cache "
 "files."
 msgstr ""
-"Verzeichnis im Dateisystem, in welchem SSSD Anwort-Zwischenspeicher-Dateien "
-"ablegt."
+"Verzeichnis im Dateisystem, in welchem SSSD den Kerberos Replay-Cache ablegt."
 
 #: src/config/SSSDConfig/sssdoptions.py:45
 msgid "Domain to add to names without a domain component."
@@ -154,6 +156,11 @@ msgid ""
 "this, and will fall back to polling resolv.conf every five seconds if "
 "inotify cannot be used."
 msgstr ""
+"SSSD überwacht den Status der »resolv.conf«, um festzustellen, wann es "
+"seinen internen DNS-Resolver aktualisieren muss. Standardmäßig werden wir "
+"versuchen, dafür Inotify zu benutzen. Falls Inotify nicht benutzt werden "
+"kann, werden wir darauf zurückgreifen, alle fünf Sekunden »resolv.conf« "
+"abzufragen."
 
 #: src/config/SSSDConfig/sssdoptions.py:59
 msgid "Enumeration cache timeout length (seconds)"
@@ -264,6 +271,8 @@ msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
+"gibt die Zeit in Sekunden an, während der die Liste der Subdomains als "
+"gültig erachtet wird."
 
 #: src/config/SSSDConfig/sssdoptions.py:82
 msgid ""
@@ -729,12 +738,14 @@ msgstr ""
 
 #: src/config/SSSDConfig/sssdoptions.py:222
 msgid "Display a warning N days before the password expires."
-msgstr ""
+msgstr "zeigt N Tage vor Ablauf des Passworts

[SSSD] [sssd PR#5486][synchronized] krb5: allow to use subdomain realm during authentication

2021-02-02 Thread mastersin 
   URL: https://github.com/SSSD/sssd/pull/5486
Author: mastersin
 Title: #5486: krb5: allow to use subdomain realm during authentication
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5486/head:pr5486
git checkout pr5486
From caf67cb2bc875d5516c9ee37d837405f92058c86 Mon Sep 17 00:00:00 2001
From: Evgeny Sinelnikov 
Date: Tue, 2 Feb 2021 00:04:06 +0400
Subject: [PATCH] krb5: allow to use subdomain realm during authentication

Resolves: https://github.com/SSSD/sssd/issues/4759

:feature: `krb5_use_subdomain_realm=True` can now be used then subdomain user
  principal names with different upnSuffixes not found in parent domain as it
  requires to be supported on serverside, but not implemented in samba yet.
---
 src/config/SSSDConfig/sssdoptions.py |  1 +
 src/config/SSSDConfigTest.py |  3 +++
 src/config/cfg_rules.ini |  1 +
 src/config/etc/sssd.api.d/sssd-ad.conf   |  1 +
 src/config/etc/sssd.api.d/sssd-ipa.conf  |  1 +
 src/config/etc/sssd.api.d/sssd-krb5.conf |  1 +
 src/man/sssd-krb5.5.xml  | 16 
 src/providers/ad/ad_opts.c   |  1 +
 src/providers/ipa/ipa_opts.c |  1 +
 src/providers/krb5/krb5_child_handler.c  | 12 ++--
 src/providers/krb5/krb5_common.h |  2 ++
 src/providers/krb5/krb5_opts.c   |  1 +
 src/tests/cmocka/test_krb5_common.c  | 17 ++---
 13 files changed, 49 insertions(+), 9 deletions(-)

diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py
index 5da52a9379..fb9a9aa43c 100644
--- a/src/config/SSSDConfig/sssdoptions.py
+++ b/src/config/SSSDConfig/sssdoptions.py
@@ -348,6 +348,7 @@ def __init__(self):
 'krb5_fast_principal': _("Selects the principal to use for FAST"),
 'krb5_canonicalize': _("Enables principal canonicalization"),
 'krb5_use_enterprise_principal': _("Enables enterprise principals"),
+'krb5_use_subdomain_realm': _("Enables using of subdomains realms for authentication"),
 'krb5_map_user': _('A mapping from user names to Kerberos principal names'),
 
 # [provider/krb5/chpass]
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index ea4e4f6c98..6a95e63dd1 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -738,6 +738,7 @@ def testListOptions(self):
  'krb5_fast_principal',
  'krb5_canonicalize',
  'krb5_use_enterprise_principal',
+ 'krb5_use_subdomain_realm',
  'krb5_use_kdcinfo',
  'krb5_map_user'])
 
@@ -901,6 +902,7 @@ def testListProviderOptions(self):
 'krb5_fast_principal',
 'krb5_canonicalize',
 'krb5_use_enterprise_principal',
+'krb5_use_subdomain_realm',
 'krb5_use_kdcinfo',
 'krb5_map_user']
 
@@ -1118,6 +1120,7 @@ def testRemoveProvider(self):
  'krb5_fast_principal',
  'krb5_canonicalize',
  'krb5_use_enterprise_principal',
+ 'krb5_use_subdomain_realm',
  'krb5_use_kdcinfo',
  'krb5_map_user'])
 
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 6642c63213..49ceb9a2ce 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -633,6 +633,7 @@ option = krb5_renew_interval
 option = krb5_server
 option = krb5_store_password_if_offline
 option = krb5_use_enterprise_principal
+option = krb5_use_subdomain_realm
 option = krb5_use_fast
 option = krb5_use_kdcinfo
 option = krb5_validate
diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf
index c778a50e0e..962c7ae696 100644
--- a/src/config/etc/sssd.api.d/sssd-ad.conf
+++ b/src/config/etc/sssd.api.d/sssd-ad.conf
@@ -152,6 +152,7 @@ krb5_renew_interval = str, None, false
 krb5_use_fast = str, None, false
 krb5_fast_principal = str, None, false
 krb5_use_enterprise_principal = bool, None, false
+krb5_use_subdomain_realm = bool, None, false
 krb5_map_user = str, None, false
 
 [provider/ad/access]
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
index 5a52ec7533..b79d1a3afd 100644
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -163,6 +163,7 @@ krb5_renew_interval = str, None, false
 krb5_use_fast = str, None, false
 krb5_fast_principal = str, None, false
 krb5_use_enterprise_principal = bool, None, false
+krb5_use_subdomain_realm = bool, None, false
 krb5_map_user = str, None, false
 
 [provider/ipa/access]
diff --git a/src/config/etc/sssd.api.d/sssd-krb5.conf b/src/config/etc/sssd.api.d/sssd-krb5.conf
index b7423b74f7..386555d914 100644
--- a/src/config/etc/sssd.api.d/sssd-krb5.conf
+++ b/src/config/etc/sssd.api.d/sssd-krb5.conf
@@ -21,6 +21,7 @@ krb5_use_fast = str, None, false
 krb5_fast_principal = str, None,

[SSSD] [sssd PR#5486][comment] krb5: allow to use subdomain realm during authentication

2021-02-02 Thread mastersin 
  URL: https://github.com/SSSD/sssd/pull/5486
Title: #5486: krb5: allow to use subdomain realm during authentication

mastersin commented:
"""
I rewrite code and don't modify krb5_ctx now.

More details for my use-case:
* We have special migration process to using SambaDC as domain controller:
  * original domain on WindowsDC
  * Samba domain with 2way trusts to original domain
  * Linux clients joins to Samba domain
  * original domain users logins via sssd on Linux clients
* For original domain users with upnSuffixes we have a problem:
  * Samba KDC don't support authentication with enterprise upns fully due it 
don't know about upnSuffixes in trusted domain
  * So, instead of answer WRONG REALM it reverts "not found in Kerberos 
database"
  * Solution for this serverside problem on client for users from trusted 
domain is not using WindowsDC indirectly (via libkrb5 process for enterprise 
user principal names) by Samba KDC, but send kerberos requests to WindowsDC 
directly

Option krb5_use_subdomain_realm allows to krb5 provider use subdomain realm for 
kerberos requests to trusted domain KDC directly.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5486#issuecomment-771635250
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#5486][synchronized] krb5: allow to use subdomain realm during authentication

2021-02-02 Thread mastersin 
   URL: https://github.com/SSSD/sssd/pull/5486
Author: mastersin
 Title: #5486: krb5: allow to use subdomain realm during authentication
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5486/head:pr5486
git checkout pr5486
From 784fdd2f34add6cabeb7025535bac807cede6c40 Mon Sep 17 00:00:00 2001
From: Evgeny Sinelnikov 
Date: Tue, 2 Feb 2021 00:04:06 +0400
Subject: [PATCH] krb5: allow to use subdomain realm during authentication

Resolves: https://github.com/SSSD/sssd/issues/4759

:feature: `krb5_use_subdomain_realm=True` can now be used then subdomain user
  principal names with different upnSuffixes not found in parent domain as it
  requires to be supported on serverside, but not implemented in samba yet.
---
 src/config/SSSDConfig/sssdoptions.py |  1 +
 src/config/SSSDConfigTest.py |  3 +++
 src/config/cfg_rules.ini |  1 +
 src/config/etc/sssd.api.d/sssd-ad.conf   |  1 +
 src/config/etc/sssd.api.d/sssd-ipa.conf  |  1 +
 src/config/etc/sssd.api.d/sssd-krb5.conf |  1 +
 src/providers/ad/ad_opts.c   |  1 +
 src/providers/ipa/ipa_opts.c |  1 +
 src/providers/krb5/krb5_child_handler.c  | 12 ++--
 src/providers/krb5/krb5_common.h |  2 ++
 src/providers/krb5/krb5_opts.c   |  1 +
 src/tests/cmocka/test_krb5_common.c  | 17 ++---
 12 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py
index 5da52a9379..fb9a9aa43c 100644
--- a/src/config/SSSDConfig/sssdoptions.py
+++ b/src/config/SSSDConfig/sssdoptions.py
@@ -348,6 +348,7 @@ def __init__(self):
 'krb5_fast_principal': _("Selects the principal to use for FAST"),
 'krb5_canonicalize': _("Enables principal canonicalization"),
 'krb5_use_enterprise_principal': _("Enables enterprise principals"),
+'krb5_use_subdomain_realm': _("Enables using of subdomains realms for authentication"),
 'krb5_map_user': _('A mapping from user names to Kerberos principal names'),
 
 # [provider/krb5/chpass]
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index ea4e4f6c98..6a95e63dd1 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -738,6 +738,7 @@ def testListOptions(self):
  'krb5_fast_principal',
  'krb5_canonicalize',
  'krb5_use_enterprise_principal',
+ 'krb5_use_subdomain_realm',
  'krb5_use_kdcinfo',
  'krb5_map_user'])
 
@@ -901,6 +902,7 @@ def testListProviderOptions(self):
 'krb5_fast_principal',
 'krb5_canonicalize',
 'krb5_use_enterprise_principal',
+'krb5_use_subdomain_realm',
 'krb5_use_kdcinfo',
 'krb5_map_user']
 
@@ -1118,6 +1120,7 @@ def testRemoveProvider(self):
  'krb5_fast_principal',
  'krb5_canonicalize',
  'krb5_use_enterprise_principal',
+ 'krb5_use_subdomain_realm',
  'krb5_use_kdcinfo',
  'krb5_map_user'])
 
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 6642c63213..49ceb9a2ce 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -633,6 +633,7 @@ option = krb5_renew_interval
 option = krb5_server
 option = krb5_store_password_if_offline
 option = krb5_use_enterprise_principal
+option = krb5_use_subdomain_realm
 option = krb5_use_fast
 option = krb5_use_kdcinfo
 option = krb5_validate
diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf
index c778a50e0e..962c7ae696 100644
--- a/src/config/etc/sssd.api.d/sssd-ad.conf
+++ b/src/config/etc/sssd.api.d/sssd-ad.conf
@@ -152,6 +152,7 @@ krb5_renew_interval = str, None, false
 krb5_use_fast = str, None, false
 krb5_fast_principal = str, None, false
 krb5_use_enterprise_principal = bool, None, false
+krb5_use_subdomain_realm = bool, None, false
 krb5_map_user = str, None, false
 
 [provider/ad/access]
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
index 5a52ec7533..b79d1a3afd 100644
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -163,6 +163,7 @@ krb5_renew_interval = str, None, false
 krb5_use_fast = str, None, false
 krb5_fast_principal = str, None, false
 krb5_use_enterprise_principal = bool, None, false
+krb5_use_subdomain_realm = bool, None, false
 krb5_map_user = str, None, false
 
 [provider/ipa/access]
diff --git a/src/config/etc/sssd.api.d/sssd-krb5.conf b/src/config/etc/sssd.api.d/sssd-krb5.conf
index b7423b74f7..386555d914 100644
--- a/src/config/etc/sssd.api.d/sssd-krb5.conf
+++ b/src/config/etc/sssd.api.d/sssd-krb5.conf
@@ -21,6 +21,7 @@ krb5_use_fast = str, None, false
 krb5_fast_principal = str, None, false
 krb5_canonicalize = bool, None, false

[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online

2021-02-02 Thread shridhargadekar 
   URL: https://github.com/SSSD/sssd/pull/5478
Author: shridhargadekar
 Title: #5478: Tests: alltests: fetch autofs maps after coming online
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5478/head:pr5478
git checkout pr5478
From 65b1394ac1bafca5fb4d24d5e80c2c0cca837761 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Thu, 28 Jan 2021 19:12:02 +0530
Subject: [PATCH] fetch autofs maps after coming online

SSSD is started in offline mode with no existing
cache. While coming online, SSSD should fetch
autofs maps from server without restarting D service.
---
 .../multihost/alltests/test_automount.py  | 80 +++
 1 file changed, 80 insertions(+)

diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py
index 33ed6b1563..e2eb46b0c8 100644
--- a/src/tests/multihost/alltests/test_automount.py
+++ b/src/tests/multihost/alltests/test_automount.py
@@ -342,3 +342,83 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps,
 # delete the pcap file
 del_pcap = 'rm -f %s' % auto_pcapfile
 multihost.client[0].run_command(del_pcap)
+
+@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True)
+@pytest.mark.tier1
+def test_009_fetch_maps_coming_online_from_offline(self, multihost,
+   add_nisobject):
+"""
+@Title: fetch autofs map after coming online from offline
+
+@ID: b9da6e0e-3d8b-4465-b435-338708d0d51e
+
+@Bugzilla:
+https://bugzilla.redhat.com/show_bug.cgi?id=1113639
+
+@Setup:
+1. edit sssd.conf and specify autofs_provider
+2. Install and configure firewall
+
+@Steps:
+1. firewall block 389 and 636
+2. stop sssd, autofs.
+3. remove sssd cache
+4. Start sssd
+5. remove firewall rule
+6. start autofs
+
+@Expectedresults:
+1. sssd should come online within 60 seconds
+2. autofs should start successfully
+"""
+multihost.master[0].run_command(['touch', '/export/nfs-test'])
+for service in ['sssd', 'autofs']:
+srv = 'systemctl stop %s' % service
+try:
+multihost.client[0].run_command(srv)
+except subprocess.CalledProcessError:
+pytest.fail("Unable to stop %s service" % service)
+client = sssdTools(multihost.client[0])
+domain_name = client.get_domain_section_name()
+client.clear_sssd_cache()
+cmd = 'dnf install -y firewalld'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+cmd = 'systemctl start firewalld'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_add0, raiseonerr=True)
+multihost.client[0].run_command(fw_add1, raiseonerr=True)
+multihost.client[0].run_command(fw_add2, raiseonerr=True)
+fw_rld = 'firewall-cmd --reload'
+multihost.client[0].run_command(fw_rld, raiseonerr=True)
+cmd = 'systemctl start sssd'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+time.sleep(10)
+cmd = 'sssctl domain-status %s' % domain_name
+multihost.client[0].run_command(cmd, raiseonerr=True)
+find = re.compile(r'Online status: Offline')
+result = find.search(cmd.stdout_text)
+assert result is not None
+fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_r0, raiseonerr=True)
+multihost.client[0].run_command(fw_r1, raiseonerr=True)
+multihost.client[0].run_command(fw_r2, raiseonerr=True)
+multihost.client[0].run_command(fw_rld, raiseonerr=True)
+cmd = 'systemctl stop firewalld'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+time.sleep(60)
+cmd1 = 'systemctl start autofs'
+cmd2 = multihost.client[0].run_command(cmd1, raiseonerr=False)
+cmd = 'dnf remove -y firewalld'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+assert cmd2.returncode == 0

[SSSD] [sssd PR#5474][comment] spec: synchronize with Fedora 34 spec file

2021-02-02 Thread alexey-tikhonov 
  URL: https://github.com/SSSD/sssd/pull/5474
Title: #5474: spec: synchronize with Fedora 34 spec file

alexey-tikhonov commented:
"""
Another thing: on "src/external/libcollection.m4" error message is "Please 
install libcollection-devel" but we do not require "-devel", merely binaries.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5474#issuecomment-771469930
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org