subject:"Re\: \[SSSD\] \[PATCH\] Slight change for ipa options"

Re: [SSSD] [PATCH] Slight change for ipa options

2009-10-29 Thread Stephen Gallagher

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/29/2009 03:11 PM, Simo Sorce wrote:
> On Thu, 2009-10-29 at 14:03 -0400, Stephen Gallagher wrote:
>> You forgot to also add ldap_search_base to sssd-ldap.conf
> 
> sigh ...
> 
> 
> 
> 
> 
> ___
> sssd-devel mailing list
> sssd-devel@lists.fedorahosted.org
> https://fedorahosted.org/mailman/listinfo/sssd-devel

Ack and pushed to master.

- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkrp7HoACgkQeiVVYja6o6MatQCgkl9iNT2m1pbo4H35o6L8LCcN
vKsAoI0uMt3NDhMxIBr3Q1GoMc8UqtTX
=nVYQ
-END PGP SIGNATURE-
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel

Re: [SSSD] [PATCH] Slight change for ipa options

2009-10-29 Thread Simo Sorce

On Thu, 2009-10-29 at 14:03 -0400, Stephen Gallagher wrote:
> You forgot to also add ldap_search_base to sssd-ldap.conf

sigh ...


-- 
Simo Sorce * Red Hat, Inc * New York
>From 29cf92397b1b41d540f78b48da694f219a5ce804 Mon Sep 17 00:00:00 2001
From: Simo Sorce 
Date: Wed, 28 Oct 2009 17:02:45 -0400
Subject: [PATCH 1/2] Tidy up ipa options

Do not replicate every and each option we may want to set in ipa.
Just read out ldap and krb provider options (added reference in the manual too,
and removed mention of ipa specific timeout values, use ldap options for that)

Avoid calling auth module initialization twice, just pass the auth context to
the chpass module too.

Add a new ldap option SDAP_SEARCH_BASE, so that a single searching base can be
used for both users and groups. the user and group search bases can still be set
separately if necessary but they are now optional and set to be identical to
SDAP_SEARCH_BASE if not explicitly specified in the configuration.
---
 server/config/etc/sssd.api.d/sssd-ipa.conf  |5 -
 server/config/etc/sssd.api.d/sssd-ldap.conf |1 +
 server/man/sssd-ipa.5.xml   |   81 ++--
 server/man/sssd-ldap.5.xml  |   26 +++-
 server/providers/ipa/ipa_common.c   |  270 ++-
 server/providers/ipa/ipa_common.h   |   19 +-
 server/providers/ipa/ipa_init.c |   29 ++-
 server/providers/ldap/ldap_common.c |   30 +++-
 server/providers/ldap/sdap.h|1 +
 9 files changed, 239 insertions(+), 223 deletions(-)

diff --git a/server/config/etc/sssd.api.d/sssd-ipa.conf b/server/config/etc/sssd.api.d/sssd-ipa.conf
index 528f8d3..3b42111 100644
--- a/server/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/server/config/etc/sssd.api.d/sssd-ipa.conf
@@ -2,8 +2,3 @@
 ipa_domain = str, None
 ipa_server = str, None
 ipa_hostname = str, None
-ipa_search_timeout = int, None
-ipa_network_timeout = int, None
-ipa_opt_timeout = int, None
-ipa_offline_timeout = int, None
-ipa_enumeration_refresh_timeout = int, None
diff --git a/server/config/etc/sssd.api.d/sssd-ldap.conf b/server/config/etc/sssd.api.d/sssd-ldap.conf
index 4ee371e..1c094f6 100644
--- a/server/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/server/config/etc/sssd.api.d/sssd-ldap.conf
@@ -1,5 +1,6 @@
 [provider/ldap]
 ldap_uri = str, None, ldap://localhost
+ldap_search_base = str, None
 ldap_schema = str, None, rfc2307
 ldap_default_bind_dn = str, None
 ldap_default_authtok_type = str, None
diff --git a/server/man/sssd-ipa.5.xml b/server/man/sssd-ipa.5.xml
index c5c96d1..31ce824 100644
--- a/server/man/sssd-ipa.5.xml
+++ b/server/man/sssd-ipa.5.xml
@@ -39,7 +39,18 @@
 and configuration is almost entirely self discovered and obtained
 directly from the server.
 
-
+
+The IPA provider also accepts the same options used by the
+
+sssd-ldap
+5
+ identity provider and the
+
+sssd-krb5
+5
+ authentication provider.
+But it is not recommended to set these options and it is not necessary.
+
 
 
 
@@ -83,68 +94,6 @@
 
 
 
-
-krb5_ccachedir (string)
-
-
-Directory to store credential caches.
-
-
-Default: /tmp
-
-
-
-
-
-ipa_search_timeout (integer)
-
-
-Specifies the timeout (in seconds) after which
-a search against the ipa server is forcibly
-terminated.
-
-
-Default: 60
-
-
-
-
-
-ipa_network_timeout (integer)
-
-
-Specifies the timeout (in seconds) after which
-the
-
-poll
-2
-/
-select
-2
-
-following a non-search operation against the ipa
-server is forcibly terminated.
-
-
-Default: 6
-
-
-
-
-
-ipa_offline_timeout (integer)
-
-
-Specifies the "black-out"

Re: [SSSD] [PATCH] Slight change for ipa options

2009-10-29 Thread Stephen Gallagher

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/29/2009 01:59 PM, Simo Sorce wrote:
> On Thu, 2009-10-29 at 13:07 -0400, Stephen Gallagher wrote:
>> On 10/28/2009 05:12 PM, Simo Sorce wrote:
>>> And other changes, see commit message.
>>>
>> Nack.
>>
>> Please update /server/config/etc/sssd.api.d/*
> 
> Ah I knew I was missing something, add sssd-ipa.conf removals.
> 
> Simo.
> 
> 
> 
> 
> ___
> sssd-devel mailing list
> sssd-devel@lists.fedorahosted.org
> https://fedorahosted.org/mailman/listinfo/sssd-devel

You forgot to also add ldap_search_base to sssd-ldap.conf

- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkrp2PYACgkQeiVVYja6o6OZgACgqsut30H0ANX1e1HKyLNAqJ2g
NJYAn05iRl/dKwcKR/O7Rdd6ktdaVzYA
=+OhY
-END PGP SIGNATURE-
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel

Re: [SSSD] [PATCH] Slight change for ipa options

2009-10-29 Thread Simo Sorce

On Thu, 2009-10-29 at 13:07 -0400, Stephen Gallagher wrote:
> On 10/28/2009 05:12 PM, Simo Sorce wrote:
> > And other changes, see commit message.
> > 
> Nack.
> 
> Please update /server/config/etc/sssd.api.d/*

Ah I knew I was missing something, add sssd-ipa.conf removals.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
>From 9350c8724327fb82e47d9a68a3348dea0aa51e90 Mon Sep 17 00:00:00 2001
From: Simo Sorce 
Date: Wed, 28 Oct 2009 17:02:45 -0400
Subject: [PATCH] Tidy up ipa options

Do not replicate every and each option we may want to set in ipa.
Just read out ldap and krb provider options (added reference in the manual too,
and removed mention of ipa specific timeout values, use ldap options for that)

Avoid calling auth module initialization twice, just pass the auth context to
the chpass module too.

Add a new ldap option SDAP_SEARCH_BASE, so that a single searching base can be
used for both users and groups. the user and group search bases can still be set
separately if necessary but they are now optional and set to be identical to
SDAP_SEARCH_BASE if not explicitly specified in the configuration.
---
 server/config/etc/sssd.api.d/sssd-ipa.conf |5 -
 server/man/sssd-ipa.5.xml  |   81 ++---
 server/man/sssd-ldap.5.xml |   26 +++-
 server/providers/ipa/ipa_common.c  |  270 +++-
 server/providers/ipa/ipa_common.h  |   19 +-
 server/providers/ipa/ipa_init.c|   29 ++-
 server/providers/ldap/ldap_common.c|   30 +++-
 server/providers/ldap/sdap.h   |1 +
 8 files changed, 238 insertions(+), 223 deletions(-)

diff --git a/server/config/etc/sssd.api.d/sssd-ipa.conf b/server/config/etc/sssd.api.d/sssd-ipa.conf
index 528f8d3..3b42111 100644
--- a/server/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/server/config/etc/sssd.api.d/sssd-ipa.conf
@@ -2,8 +2,3 @@
 ipa_domain = str, None
 ipa_server = str, None
 ipa_hostname = str, None
-ipa_search_timeout = int, None
-ipa_network_timeout = int, None
-ipa_opt_timeout = int, None
-ipa_offline_timeout = int, None
-ipa_enumeration_refresh_timeout = int, None
diff --git a/server/man/sssd-ipa.5.xml b/server/man/sssd-ipa.5.xml
index c5c96d1..31ce824 100644
--- a/server/man/sssd-ipa.5.xml
+++ b/server/man/sssd-ipa.5.xml
@@ -39,7 +39,18 @@
 and configuration is almost entirely self discovered and obtained
 directly from the server.
 
-
+
+The IPA provider also accepts the same options used by the
+
+sssd-ldap
+5
+ identity provider and the
+
+sssd-krb5
+5
+ authentication provider.
+But it is not recommended to set these options and it is not necessary.
+
 
 
 
@@ -83,68 +94,6 @@
 
 
 
-
-krb5_ccachedir (string)
-
-
-Directory to store credential caches.
-
-
-Default: /tmp
-
-
-
-
-
-ipa_search_timeout (integer)
-
-
-Specifies the timeout (in seconds) after which
-a search against the ipa server is forcibly
-terminated.
-
-
-Default: 60
-
-
-
-
-
-ipa_network_timeout (integer)
-
-
-Specifies the timeout (in seconds) after which
-the
-
-poll
-2
-/
-select
-2
-
-following a non-search operation against the ipa
-server is forcibly terminated.
-
-
-Default: 6
-
-
-
-
-
-ipa_offline_timeout (integer)
-
-
-Specifies the "black-out" time before any new
-network operation is attempted after the ipa
-provider has turned into offline operation mode.
-
-
-Default: 60
-
-
-
-

Re: [SSSD] [PATCH] Slight change for ipa options

2009-10-29 Thread Stephen Gallagher

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/28/2009 05:12 PM, Simo Sorce wrote:
> And other changes, see commit message.
> 
> Simo.
> 
> 
> 
> 
> ___
> sssd-devel mailing list
> sssd-devel@lists.fedorahosted.org
> https://fedorahosted.org/mailman/listinfo/sssd-devel

Nack.

Please update /server/config/etc/sssd.api.d/*

- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkrpy70ACgkQeiVVYja6o6MIBgCfW6ZFHPRgRm0tYBKQUArEE6ZK
ZQMAoI6LMwoiww4kLHUKm3WopNluNrE4
=L/Z7
-END PGP SIGNATURE-
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel

Re: [SSSD] [PATCH] Slight change for ipa options

2009-10-29 Thread Sumit Bose

On Wed, Oct 28, 2009 at 05:12:59PM -0400, Simo Sorce wrote:
> And other changes, see commit message.
> 
> Simo.
> 
> -- 
> Simo Sorce * Red Hat, Inc * New York

> >From 1b8814820fad2d6e399af0a5f93713312b64d28d Mon Sep 17 00:00:00 2001
> From: Simo Sorce 
> Date: Wed, 28 Oct 2009 17:02:45 -0400
> Subject: [PATCH] Tidy up ipa options
> 
> Do not replicate every and each option we may want to set in ipa.
> Just read out ldap and krb provider options (added reference in the manual 
> too,
> and removed mention of ipa specific timeout values, use ldap options for that)
> 

ACK, although I think we should reintroduce some of the values if it turns
out that they are used often. Maybe in form of a ipa_base_timeout and
derived the other timeouts from that value.

> Avoid calling auth module initialization twice, just pass the auth context to
> the chpass module too.

ACK

> 
> Add a new ldap option SDAP_SEARCH_BASE, so that a single searching base can be
> used for both users and groups. the user and group search bases can still be 
> set
> separately if necessary but they are now optional and set to be identical to
> SDAP_SEARCH_BASE if not explicitly specified in the configuration.

ACK

bye,
Sumit
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel

Re: [SSSD] [PATCH] Slight change for ipa options

Re: [SSSD] [PATCH] Slight change for ipa options

Re: [SSSD] [PATCH] Slight change for ipa options

Re: [SSSD] [PATCH] Slight change for ipa options

Re: [SSSD] [PATCH] Slight change for ipa options

Re: [SSSD] [PATCH] Slight change for ipa options

6 matches

Site Navigation

Mail list logo

Footer information