[SSSD] [sssd PR#5600][comment] [WIP] SSSD Log: log_bad_address_msg_modification

[elkoniu]

  URL: https://github.com/SSSD/sssd/pull/5600
Title: #5600: [WIP] SSSD Log: log_bad_address_msg_modification

elkoniu commented:
"""
@DeepakDas7 as we discussed on IRC ping me any time this PR will be ready for 
review :)
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5600#issuecomment-842707488
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5625][comment] [WIP] SSSD Log: log_error_reading_file_msg_modification

[elkoniu]

  URL: https://github.com/SSSD/sssd/pull/5625
Title: #5625: [WIP] SSSD Log: log_error_reading_file_msg_modification

elkoniu commented:
"""
@DeepakDas7 as we discussed on IRC ping me any time this PR will be ready for 
review :)
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5625#issuecomment-842706925
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5636][opened] Improve assertion when verifying paths for Python modules

[sergiodj]

   URL: https://github.com/SSSD/sssd/pull/5636
Author: sergiodj
 Title: #5636: Improve assertion when verifying paths for Python modules
Action: opened

PR body:
"""
In Ubuntu we're facing a problem where the 3 Python tests under
src/tests/*-test.py are failing due to cosmetical differences between
what the '.__file__' method returns and what 'MODPATH' ends up being.

I have not been able to pinpoint exactly what is causing this issue;
it only happens when SSSD is built inside a chroot environment (with
sbuild, for example).  The logs look like this:

```python
F
==
FAIL: testImport (__main__.PyHbacImport)
Import the module and assert it comes from tree
--
Traceback (most recent call last):
  File "/<>/src/tests/pyhbac-test.py", line 91, in testImport
self.assertEqual(pyhbac.__file__, MODPATH + "/pyhbac.so")
AssertionError: '/<>/build/./tp_pyhbac_xw2omut2/pyhbac.so' != 
'./tp_pyhbac_xw2omut2/pyhbac.so'
- /<>/build/./tp_pyhbac_xw2omut2/pyhbac.so
+ ./tp_pyhbac_xw2omut2/pyhbac.so
```

Given that the intention of the test is to verify that the two paths
are equal, I suggest that we do this slight improvement and call
'os.path.realpath' before comparing both paths.  This way we guarantee
that they're both properly canonicalized.

I have verified that the tests still pass with this change.
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5636/head:pr5636
git checkout pr5636
From b4c6d0374531fcb821febdde1e9d8f1f4e1b4bd9 Mon Sep 17 00:00:00 2001
From: Sergio Durigan Junior 
Date: Mon, 17 May 2021 19:09:14 -0400
Subject: [PATCH] Improve assertion when verifying paths for Python modules

In Ubuntu we're facing a problem where the 3 Python tests under
src/tests/*-test.py are failing due to cosmetical differences between
what the '.__file__' method returns and what 'MODPATH' ends up being.

I have not been able to pinpoint exactly what is causing this issue;
it only happens when SSSD is built inside a chroot environment (with
sbuild, for example).  The logs look like this:

F
==
FAIL: testImport (__main__.PyHbacImport)
Import the module and assert it comes from tree
--
Traceback (most recent call last):
  File "/<>/src/tests/pyhbac-test.py", line 91, in testImport
self.assertEqual(pyhbac.__file__, MODPATH + "/pyhbac.so")
AssertionError: '/<>/build/./tp_pyhbac_xw2omut2/pyhbac.so' != './tp_pyhbac_xw2omut2/pyhbac.so'
- /<>/build/./tp_pyhbac_xw2omut2/pyhbac.so
+ ./tp_pyhbac_xw2omut2/pyhbac.so

Given that the intention of the test is to verify that the two paths
are equal, I suggest that we do this slight improvement and call
'os.path.realpath' before comparing both paths.  This way we guarantee
that they're both properly canonicalized.

I have verified that the tests still pass with this change.

Signed-off-by: Sergio Durigan Junior 
---
 src/tests/pyhbac-test.py   | 3 ++-
 src/tests/pysss-test.py| 3 ++-
 src/tests/pysss_murmur-test.py | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/tests/pyhbac-test.py b/src/tests/pyhbac-test.py
index 06163afc50..c8ce47fee4 100755
--- a/src/tests/pyhbac-test.py
+++ b/src/tests/pyhbac-test.py
@@ -88,7 +88,8 @@ def testImport(self):
 print("Could not load the pyhbac module. Please check if it is "
   "compiled", file=sys.stderr)
 raise e
-self.assertEqual(pyhbac.__file__, MODPATH + "/pyhbac.so")
+self.assertEqual(os.path.realpath(pyhbac.__file__),
+ os.path.realpath(MODPATH + "/pyhbac.so"))
 
 
 class PyHbacRuleElementTest(unittest.TestCase):
diff --git a/src/tests/pysss-test.py b/src/tests/pysss-test.py
index 30bc074abd..20ef0abc65 100755
--- a/src/tests/pysss-test.py
+++ b/src/tests/pysss-test.py
@@ -58,7 +58,8 @@ def test_import(self):
 print("Could not load the pysss module. Please check if it is "
   "compiled", file=sys.stderr)
 raise ex
-self.assertEqual(pysss.__file__, MODPATH + "/pysss.so")
+self.assertEqual(os.path.realpath(pysss.__file__),
+ os.path.realpath(MODPATH + "/pysss.so"))
 
 
 class PysssEncryptTest(unittest.TestCase):
diff --git a/src/tests/pysss_murmur-test.py b/src/tests/pysss_murmur-test.py
index 531f8b55f6..75b46518ac 100755
--- a/src/tests/pysss_murmur-test.py
+++ b/src/tests/pysss_murmur-test.py
@@ -59,7 +59,8 @@ def testImport(self):
 print("Could not load the pysss_murmur module. "
   "Please check if it is compiled", file=sys.stderr)
 raise e
-self.assertEqual(pysss_murmur.__file__, MODPATH + "/pysss_murmur.so")
+self.assertEqual(os.path.realpath(pysss_murmur.__file__),
+

[SSSD] [sssd PR#5608][comment] nss: fix getsidbyname for IPA user-private-groups

[elkoniu]

  URL: https://github.com/SSSD/sssd/pull/5608
Title: #5608: nss: fix getsidbyname for IPA user-private-groups

elkoniu commented:
"""
Use case from source bugzilla 
(https://bugzilla.redhat.com/show_bug.cgi?id=1837090):
```
[root@master ~]# ipa user-add some-user
First name: Some
Last name: User
--
Added user "some-user"
--
  User login: some-user
  First name: Some
  Last name: User
  Full name: Some User
  Display name: Some User
  Initials: SU
  Home directory: /home/some-user
  GECOS: Some User
  Login shell: /bin/sh
  Principal name: some-u...@ipa.test
  Principal alias: some-u...@ipa.test
  Email address: some-u...@ipa.test
  UID: 1908200011
  GID: 1908200011
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

[root@master ~]# id IPA\\some-user
uid=1908200011(some-user) gid=1908200011(some-user) groups=1908200011(some-user)

[root@master ~]# python
Python 3.8.2 (default, Feb 28 2020, 00:00:00) 
[GCC 10.0.1 20200216 (Red Hat 10.0.1-0.8)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pysss_nss_idmap
>>> pysss_nss_idmap.getsidbyname('IPA\\admin')
{'IPA\\admin': {'sid': 'S-1-5-21-3787809381-104084847-3373960542-500', 'type': 
1}}
>>> pysss_nss_idmap.getsidbyname('IPA\\some-user')
{}
```

Result of this PR build deployed:
```
[vagr...@master.ipa.vm /build/sssd/x86_64 (PR-5608 *%)]$ ipa user-add elmer2
First name: Elmer
Last name: Second
---
Added user "elmer2"
---
  User login: elmer2
  First name: Elmer
  Last name: Second
  Full name: Elmer Second
  Display name: Elmer Second
  Initials: ES
  Home directory: /home/elmer2
  GECOS: Elmer Second
  Login shell: /bin/sh
  Principal name: elm...@ipa.vm
  Principal alias: elm...@ipa.vm
  Email address: elm...@ipa.vm
  UID: 35606
  GID: 35606
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

[vagr...@master.ipa.vm /build/sssd/x86_64 (PR-5608 *%)]$ id IPA\\elmer2
uid=35606(elmer2) gid=35606(elmer2) groups=35606(elmer2)

[vagr...@master.ipa.vm /build/sssd/x86_64 (PR-5608 *%)]$ python
Python 3.7.9 (default, Aug 19 2020, 17:05:11) 
[GCC 9.3.1 20200408 (Red Hat 9.3.1-2)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pysss_nss_idmap
>>> pysss_nss_idmap.getsidbyname('IPA\\admin')
{'IPA\\admin': {'sid': 'S-1-5-21-1923584740-778949710-2051978183-500', 'type': 
1}}
>>> pysss_nss_idmap.getsidbyname('IPA\\elmer2')
{'IPA\\elmer2': {'sid': 'S-1-5-21-1923584740-778949710-2051978183-1006', 
'type': 1}}
```
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5608#issuecomment-842701820
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5608][comment] nss: fix getsidbyname for IPA user-private-groups

[elkoniu]

  URL: https://github.com/SSSD/sssd/pull/5608
Title: #5608: nss: fix getsidbyname for IPA user-private-groups

elkoniu commented:
"""
Use case from source bugzilla 
(https://bugzilla.redhat.com/show_bug.cgi?id=1837090):
```
[root@master ~]# ipa user-add some-user
First name: Some
Last name: User
--
Added user "some-user"
--
  User login: some-user
  First name: Some
  Last name: User
  Full name: Some User
  Display name: Some User
  Initials: SU
  Home directory: /home/some-user
  GECOS: Some User
  Login shell: /bin/sh
  Principal name: some-u...@ipa.test
  Principal alias: some-u...@ipa.test
  Email address: some-u...@ipa.test
  UID: 1908200011
  GID: 1908200011
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

[root@master ~]# id IPA\\some-user
uid=1908200011(some-user) gid=1908200011(some-user) groups=1908200011(some-user)

[root@master ~]# python
Python 3.8.2 (default, Feb 28 2020, 00:00:00) 
[GCC 10.0.1 20200216 (Red Hat 10.0.1-0.8)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pysss_nss_idmap
>>> pysss_nss_idmap.getsidbyname('IPA\\admin')
{'IPA\\admin': {'sid': 'S-1-5-21-3787809381-104084847-3373960542-500', 'type': 
1}}
>>> pysss_nss_idmap.getsidbyname('IPA\\some-user')
{}
>>> pysss_nss_idmap.getsidbyname('IPA\\some-user')
{}
>>> 
```

Result of this PR build deployed:
```
[vagr...@master.ipa.vm /build/sssd/x86_64 (PR-5608 *%)]$ ipa user-add elmer2
First name: Elmer
Last name: Second
---
Added user "elmer2"
---
  User login: elmer2
  First name: Elmer
  Last name: Second
  Full name: Elmer Second
  Display name: Elmer Second
  Initials: ES
  Home directory: /home/elmer2
  GECOS: Elmer Second
  Login shell: /bin/sh
  Principal name: elm...@ipa.vm
  Principal alias: elm...@ipa.vm
  Email address: elm...@ipa.vm
  UID: 35606
  GID: 35606
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

[vagr...@master.ipa.vm /build/sssd/x86_64 (PR-5608 *%)]$ id IPA\\elmer2
uid=35606(elmer2) gid=35606(elmer2) groups=35606(elmer2)

[vagr...@master.ipa.vm /build/sssd/x86_64 (PR-5608 *%)]$ python
Python 3.7.9 (default, Aug 19 2020, 17:05:11) 
[GCC 9.3.1 20200408 (Red Hat 9.3.1-2)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pysss_nss_idmap
>>> pysss_nss_idmap.getsidbyname('IPA\\admin')
{'IPA\\admin': {'sid': 'S-1-5-21-1923584740-778949710-2051978183-500', 'type': 
1}}
>>> pysss_nss_idmap.getsidbyname('IPA\\elmer2')
{'IPA\\elmer2': {'sid': 'S-1-5-21-1923584740-778949710-2051978183-1006', 
'type': 1}}
```
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5608#issuecomment-842701820
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5608][comment] nss: fix getsidbyname for IPA user-private-groups

[elkoniu]

  URL: https://github.com/SSSD/sssd/pull/5608
Title: #5608: nss: fix getsidbyname for IPA user-private-groups

elkoniu commented:
"""
Use case from source bugzilla 
(https://bugzilla.redhat.com/show_bug.cgi?id=1837090):
```
[root@master ~]# ipa user-add some-user
First name: Some
Last name: User
--
Added user "some-user"
--
  User login: some-user
  First name: Some
  Last name: User
  Full name: Some User
  Display name: Some User
  Initials: SU
  Home directory: /home/some-user
  GECOS: Some User
  Login shell: /bin/sh
  Principal name: some-u...@ipa.test
  Principal alias: some-u...@ipa.test
  Email address: some-u...@ipa.test
  UID: 1908200011
  GID: 1908200011
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

[root@master ~]# id IPA\\some-user
uid=1908200011(some-user) gid=1908200011(some-user) groups=1908200011(some-user)

[root@master ~]# python
Python 3.8.2 (default, Feb 28 2020, 00:00:00) 
[GCC 10.0.1 20200216 (Red Hat 10.0.1-0.8)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pysss_nss_idmap
>>> pysss_nss_idmap.getsidbyname('IPA\\admin')
{'IPA\\admin': {'sid': 'S-1-5-21-3787809381-104084847-3373960542-500', 'type': 
1}}
>>> pysss_nss_idmap.getsidbyname('IPA\\some-user')
{}
>>> pysss_nss_idmap.getsidbyname('IPA\\some-user')
{}
>>> 
```

Result of this PR build deployed (`elmer2` - existing user, `elmer3` - non 
existing user):
```
[vagr...@master.ipa.vm /build/sssd/x86_64 (PR-5608 *%)]$ ipa user-add elmer2
First name: Elmer
Last name: Second
---
Added user "elmer2"
---
  User login: elmer2
  First name: Elmer
  Last name: Second
  Full name: Elmer Second
  Display name: Elmer Second
  Initials: ES
  Home directory: /home/elmer2
  GECOS: Elmer Second
  Login shell: /bin/sh
  Principal name: elm...@ipa.vm
  Principal alias: elm...@ipa.vm
  Email address: elm...@ipa.vm
  UID: 35606
  GID: 35606
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

[vagr...@master.ipa.vm /build/sssd/x86_64 (PR-5608 *%)]$ id IPA\\elmer3
id: ‘IPA\\elmer3’: no such user

[vagr...@master.ipa.vm /build/sssd/x86_64 (PR-5608 *%)]$ id IPA\\elmer2
uid=35606(elmer2) gid=35606(elmer2) groups=35606(elmer2)

[vagr...@master.ipa.vm /build/sssd/x86_64 (PR-5608 *%)]$ python
Python 3.7.9 (default, Aug 19 2020, 17:05:11) 
[GCC 9.3.1 20200408 (Red Hat 9.3.1-2)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pysss_nss_idmap
>>> pysss_nss_idmap.getsidbyname('IPA\\admin')
{'IPA\\admin': {'sid': 'S-1-5-21-1923584740-778949710-2051978183-500', 'type': 
1}}
>>> pysss_nss_idmap.getsidbyname('IPA\\elmer2')
{'IPA\\elmer2': {'sid': 'S-1-5-21-1923584740-778949710-2051978183-1006', 
'type': 1}}
>>> pysss_nss_idmap.getsidbyname('IPA\\elmer3')
{}
```
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5608#issuecomment-842701820
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5608][-Waiting for review] nss: fix getsidbyname for IPA user-private-groups

[elkoniu]

  URL: https://github.com/SSSD/sssd/pull/5608
Title: #5608: nss: fix getsidbyname for IPA user-private-groups

Label: -Waiting for review
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5608][+Changes requested] nss: fix getsidbyname for IPA user-private-groups

[elkoniu]

  URL: https://github.com/SSSD/sssd/pull/5608
Title: #5608: nss: fix getsidbyname for IPA user-private-groups

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5613][+Waiting for review] ipa: read auto_private_groups from id range if available

[pbrezina]

  URL: https://github.com/SSSD/sssd/pull/5613
Title: #5613: ipa: read auto_private_groups from id range if available

Label: +Waiting for review
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5613][synchronized] ipa: read auto_private_groups from id range if available

[pbrezina]

   URL: https://github.com/SSSD/sssd/pull/5613
Author: pbrezina
 Title: #5613: ipa: read auto_private_groups from id range if available
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5613/head:pr5613
git checkout pr5613
From c1424513e48c7a002e1745c002c6a48144ab2c01 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= 
Date: Wed, 28 Apr 2021 14:17:40 +0200
Subject: [PATCH 1/2] ipa: read auto_private_groups from id range if available

Resolves: https://github.com/SSSD/sssd/issues/4216

:feature: `auto_private_groups` option can be set centrally through
  ID range setting in IPA (see `ipa idrange` commands family). This
  feature requires SSSD update on both client and server.
---
 src/confdb/confdb.h  |  1 +
 src/db/sysdb.h   | 12 +
 src/db/sysdb_ranges.c| 46 +++
 src/db/sysdb_subdomains.c| 66 
 src/providers/ipa/ipa_common.h   |  1 +
 src/providers/ipa/ipa_idmap.c| 10 +
 src/providers/ipa/ipa_subdomains.c   | 54 +--
 src/responder/nss/nss_protocol_sid.c |  6 +--
 src/tests/cmocka/test_ipa_idmap.c| 28 ++--
 src/util/domain_info_utils.c | 10 +
 src/util/util.h  |  2 +
 11 files changed, 207 insertions(+), 29 deletions(-)

diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 437a473d5e..155b8a9f04 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -354,6 +354,7 @@ enum sss_domain_mpg_mode {
 MPG_DISABLED,
 MPG_ENABLED,
 MPG_HYBRID,
+MPG_DEFAULT, /* Use default value for given id mapping. */
 };
 
 /**
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 0043ca01d8..94b91cf3fe 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -165,6 +165,7 @@
 #define SYSDB_SECONDARY_BASE_RID "secondaryBaseRID"
 #define SYSDB_DOMAIN_ID "domainID"
 #define SYSDB_ID_RANGE_TYPE "idRangeType"
+#define SYSDB_ID_RANGE_MPG "idRangeMPG"
 
 #define SYSDB_CERTMAP_PRIORITY "priority"
 #define SYSDB_CERTMAP_MATCHING_RULE "matchingRule"
@@ -344,6 +345,7 @@ struct range_info {
 uint32_t secondary_base_rid;
 char *trusted_dom_sid;
 char *range_type;
+enum sss_domain_mpg_mode mpg_mode;
 };
 
 struct certmap_info {
@@ -563,6 +565,12 @@ errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name);
 errno_t sysdb_subdomain_content_delete(struct sysdb_ctx *sysdb,
const char *name);
 
+errno_t
+sysdb_subdomain_get_id_by_name(TALLOC_CTX *mem_ctx,
+   struct sysdb_ctx *sysdb,
+   const char *name,
+   const char **_id);
+
 /* The utility function to create a subdomain sss_domain_info object is handy
  * for unit tests, so it should be available in a headerr.
  */
@@ -584,6 +592,10 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
 errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
  size_t *range_count,
  struct range_info ***range_list);
+errno_t sysdb_get_range(TALLOC_CTX *mem_ctx,
+struct sysdb_ctx *sysdb,
+const char *forest,
+struct range_info **_range);
 errno_t sysdb_range_create(struct sysdb_ctx *sysdb, struct range_info *range);
 errno_t sysdb_update_ranges(struct sysdb_ctx *sysdb,
 struct range_info **ranges);
diff --git a/src/db/sysdb_ranges.c b/src/db/sysdb_ranges.c
index be3a0d3722..3172a64939 100644
--- a/src/db/sysdb_ranges.c
+++ b/src/db/sysdb_ranges.c
@@ -54,6 +54,7 @@ errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
SYSDB_SECONDARY_BASE_RID,
SYSDB_DOMAIN_ID,
SYSDB_ID_RANGE_TYPE,
+   SYSDB_ID_RANGE_MPG,
NULL};
 struct range_info **list;
 struct ldb_dn *basedn;
@@ -152,6 +153,9 @@ errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
 }
 }
 
+tmp_str = ldb_msg_find_attr_as_string(res->msgs[c], SYSDB_ID_RANGE_MPG,
+  "default");
+list[c]->mpg_mode = str_to_domain_mpg_mode(tmp_str);
 }
 list[res->count] = NULL;
 
@@ -164,6 +168,44 @@ errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
 return ret;
 }
 
+errno_t sysdb_get_range(TALLOC_CTX *mem_ctx,
+struct sysdb_ctx *sysdb,
+const char *forest,
+struct range_info **_range)
+{
+struct range_info **list;
+struct range_info *range;
+size_t count;
+size_t i;
+errno_t ret;
+
+ret = sysdb_get_ranges(NULL, sysdb, &count, &list);
+if (ret != EOK) {
+return 

[SSSD] [sssd PR#5613][synchronized] ipa: read auto_private_groups from id range if available

[pbrezina]

   URL: https://github.com/SSSD/sssd/pull/5613
Author: pbrezina
 Title: #5613: ipa: read auto_private_groups from id range if available
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5613/head:pr5613
git checkout pr5613
From e6eb69650efffc30f938803c6bafb06c9151b0fb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= 
Date: Wed, 28 Apr 2021 14:17:40 +0200
Subject: [PATCH 1/2] ipa: read auto_private_groups from id range if available

Resolves: https://github.com/SSSD/sssd/issues/4216

:feature: `auto_private_groups` option can be set centrally through
  ID range setting in IPA (see `ipa idrange` commands family)
---
 src/confdb/confdb.h  |  1 +
 src/db/sysdb.h   | 12 +
 src/db/sysdb_ranges.c| 46 +++
 src/db/sysdb_subdomains.c| 66 
 src/providers/ipa/ipa_common.h   |  1 +
 src/providers/ipa/ipa_idmap.c| 10 +
 src/providers/ipa/ipa_subdomains.c   | 54 +--
 src/responder/nss/nss_protocol_sid.c |  6 +--
 src/tests/cmocka/test_ipa_idmap.c| 28 ++--
 src/util/domain_info_utils.c | 10 +
 src/util/util.h  |  2 +
 11 files changed, 207 insertions(+), 29 deletions(-)

diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 437a473d5e..155b8a9f04 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -354,6 +354,7 @@ enum sss_domain_mpg_mode {
 MPG_DISABLED,
 MPG_ENABLED,
 MPG_HYBRID,
+MPG_DEFAULT, /* Use default value for given id mapping. */
 };
 
 /**
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 0043ca01d8..94b91cf3fe 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -165,6 +165,7 @@
 #define SYSDB_SECONDARY_BASE_RID "secondaryBaseRID"
 #define SYSDB_DOMAIN_ID "domainID"
 #define SYSDB_ID_RANGE_TYPE "idRangeType"
+#define SYSDB_ID_RANGE_MPG "idRangeMPG"
 
 #define SYSDB_CERTMAP_PRIORITY "priority"
 #define SYSDB_CERTMAP_MATCHING_RULE "matchingRule"
@@ -344,6 +345,7 @@ struct range_info {
 uint32_t secondary_base_rid;
 char *trusted_dom_sid;
 char *range_type;
+enum sss_domain_mpg_mode mpg_mode;
 };
 
 struct certmap_info {
@@ -563,6 +565,12 @@ errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name);
 errno_t sysdb_subdomain_content_delete(struct sysdb_ctx *sysdb,
const char *name);
 
+errno_t
+sysdb_subdomain_get_id_by_name(TALLOC_CTX *mem_ctx,
+   struct sysdb_ctx *sysdb,
+   const char *name,
+   const char **_id);
+
 /* The utility function to create a subdomain sss_domain_info object is handy
  * for unit tests, so it should be available in a headerr.
  */
@@ -584,6 +592,10 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
 errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
  size_t *range_count,
  struct range_info ***range_list);
+errno_t sysdb_get_range(TALLOC_CTX *mem_ctx,
+struct sysdb_ctx *sysdb,
+const char *forest,
+struct range_info **_range);
 errno_t sysdb_range_create(struct sysdb_ctx *sysdb, struct range_info *range);
 errno_t sysdb_update_ranges(struct sysdb_ctx *sysdb,
 struct range_info **ranges);
diff --git a/src/db/sysdb_ranges.c b/src/db/sysdb_ranges.c
index be3a0d3722..3172a64939 100644
--- a/src/db/sysdb_ranges.c
+++ b/src/db/sysdb_ranges.c
@@ -54,6 +54,7 @@ errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
SYSDB_SECONDARY_BASE_RID,
SYSDB_DOMAIN_ID,
SYSDB_ID_RANGE_TYPE,
+   SYSDB_ID_RANGE_MPG,
NULL};
 struct range_info **list;
 struct ldb_dn *basedn;
@@ -152,6 +153,9 @@ errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
 }
 }
 
+tmp_str = ldb_msg_find_attr_as_string(res->msgs[c], SYSDB_ID_RANGE_MPG,
+  "default");
+list[c]->mpg_mode = str_to_domain_mpg_mode(tmp_str);
 }
 list[res->count] = NULL;
 
@@ -164,6 +168,44 @@ errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
 return ret;
 }
 
+errno_t sysdb_get_range(TALLOC_CTX *mem_ctx,
+struct sysdb_ctx *sysdb,
+const char *forest,
+struct range_info **_range)
+{
+struct range_info **list;
+struct range_info *range;
+size_t count;
+size_t i;
+errno_t ret;
+
+ret = sysdb_get_ranges(NULL, sysdb, &count, &list);
+if (ret != EOK) {
+return ret;
+}
+
+for (i = 0; i < count; i++) {
+range 

[SSSD] [sssd PR#5632][synchronized] Translations update from Weblate

[weblate]

   URL: https://github.com/SSSD/sssd/pull/5632
Author: weblate
 Title: #5632: Translations update from Weblate
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5632/head:pr5632
git checkout pr5632
From f8e7fbb26912c4d112405b278b5026c2849cc158 Mon Sep 17 00:00:00 2001
From: Weblate 
Date: Mon, 17 May 2021 12:02:13 +0200
Subject: [PATCH] po: update translations

(Polish) currently translated at 100.0% (729 of 729 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/

Update translation files

Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/

po: update translations

(Russian) currently translated at 25.7% (188 of 729 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/
---
 po/pl.po |  6 +++---
 po/ru.po | 21 +++--
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/po/pl.po b/po/pl.po
index 72d6d0e207..3e701e4f50 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -16,7 +16,7 @@ msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
 "POT-Creation-Date: 2021-05-10 15:10+0200\n"
-"PO-Revision-Date: 2021-05-08 09:33+\n"
+"PO-Revision-Date: 2021-05-17 10:02+\n"
 "Last-Translator: Piotr Drąg \n"
 "Language-Team: Polish \n"
@@ -26,7 +26,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
 "|| n%100>=20) ? 1 : 2;\n"
-"X-Generator: Weblate 4.6.1\n"
+"X-Generator: Weblate 4.6.2\n"
 
 #: src/config/SSSDConfig/sssdoptions.py:20
 #: src/config/SSSDConfig/sssdoptions.py:21
@@ -2095,7 +2095,7 @@ msgstr "Opcja -g jest niezgodna z opcją -D lub -i\n"
 
 #: src/monitor/monitor.c:2480
 msgid "Running under %"
-msgstr ""
+msgstr "Uruchamianie jako %"
 
 #: src/monitor/monitor.c:2562
 msgid "SSSD is already running\n"
diff --git a/po/ru.po b/po/ru.po
index 004856af9a..a5b20e6ba8 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -5,22 +5,23 @@
 # Translators:
 # Stanislav Hanzhin , 2012
 # Oleksii Levan , 2016. #zanata
+# Evgeny Sinelnikov , 2021.
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
 "POT-Creation-Date: 2021-05-10 15:10+0200\n"
-"PO-Revision-Date: 2016-02-23 10:04-0500\n"
-"Last-Translator: Oleksii Levan \n"
-"Language-Team: Russian (http://www.transifex.com/projects/p/sssd/language/";
-"ru/)\n"
+"PO-Revision-Date: 2021-05-15 19:02+\n"
+"Last-Translator: Evgeny Sinelnikov \n"
+"Language-Team: Russian \n"
 "Language: ru\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
-"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-"X-Generator: Zanata 4.6.2\n"
+"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
+"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
+"X-Generator: Weblate 4.6.2\n"
 
 #: src/config/SSSDConfig/sssdoptions.py:20
 #: src/config/SSSDConfig/sssdoptions.py:21
@@ -37,11 +38,11 @@ msgstr "Указывать микросекунды в отметках врем
 
 #: src/config/SSSDConfig/sssdoptions.py:24
 msgid "Enable/disable debug backtrace"
-msgstr ""
+msgstr "Включить/отключить отладку трассировки"
 
 #: src/config/SSSDConfig/sssdoptions.py:25
 msgid "Watchdog timeout before restarting service"
-msgstr ""
+msgstr "Тайм-аут сторожевого таймера перед перезапуском службы"
 
 #: src/config/SSSDConfig/sssdoptions.py:26
 msgid "Command to start service"
@@ -61,7 +62,7 @@ msgstr "Время простоя до автоматического отсое
 
 #: src/config/SSSDConfig/sssdoptions.py:30
 msgid "Idle time before automatic shutdown of the responder"
-msgstr ""
+msgstr "Время простоя до автоматического отключения системных процессов"
 
 #: src/config/SSSDConfig/sssdoptions.py:31
 msgid "Always query all the caches before querying the Data Providers"
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure