Hi,
as we need a documentation on the IPC between different SSSD processes
and also gathering debug data and submitting nice bug reports, I started
by a little SSSD wiki cleanup. In particular:
* Fixed up the repo at https://fedorahosted.org/sssd/wiki/Repositories and
added a RHEL repo
On Thu, Nov 15, 2012 at 08:01:34PM +0100, Jakub Hrozek wrote:
> Yes, this is in fact the best way to go. Bugzillas coming from paying
> customers tend to get higher priority.
Thanks for pushing the commit. I've started making noise on my support
case and the redhat bugzilla (looks like you saw th
https://fedorahosted.org/sssd/ticket/1593
With this patch we get:
[sssd[be[AD]]] [sdap_save_group] (0x1000): Mapping group
[Administrators] objectSID to unix ID
[sssd[be[AD]]] [sdap_idmap_sid_to_unix] (0x0400): Object SID
[S-1-5-32-544] is a built-in one.
[sssd[be[AD]]] [sdap_save_group] (0x0
The attached patch fixes the build of git HEAD on RHEL5 for me.
AM_COND_IF is a very handy construct that is not present on old automake
systems such as the one in RHEL5.
The original author of the code is Ralf Corsepius
>From 9e2d0b1f04a019be944bbedb0330803d3a770d70 Mon Sep 17 00:00:00 2001
Fr
On Thu, Nov 15, 2012 at 04:43:15PM +0100, Jakub Hrozek wrote:
> On Thu, Nov 15, 2012 at 01:34:27PM +0100, Pavel Březina wrote:
> > On 11/13/2012 05:42 PM, Jakub Hrozek wrote:
> > >On Tue, Nov 13, 2012 at 01:58:57PM +0100, Pavel Březina wrote:
> > >>https://fedorahosted.org/sssd/ticket/1640
> > >
>
On Thu, Nov 15, 2012 at 08:01:34PM +0100, Jakub Hrozek wrote:
> On Thu, Nov 15, 2012 at 10:47:10AM -0800, Paul B. Henson wrote:
> > On 11/15/2012 5:45 AM, Stephen Gallagher wrote:
> >
> > >This is obviously already a significant enhancement, and of course the
> > >difference will be more pronounce
On Thu, Nov 15, 2012 at 10:47:10AM -0800, Paul B. Henson wrote:
> On 11/15/2012 5:45 AM, Stephen Gallagher wrote:
>
> >This is obviously already a significant enhancement, and of course the
> >difference will be more pronounced for much larger environments. I'm
> >prepared to give this an ack, wit
In case a service is restarted while the DP is not ready yet, it gets
restarted again immediatelly, which means the DP might still not be
ready. The allowed number of restarts is then depleted quickly.
This patch changes the restart mechanism such that the first restart
happens immediatelly, the s
On 11/15/2012 5:45 AM, Stephen Gallagher wrote:
This is obviously already a significant enhancement, and of course the
difference will be more pronounced for much larger environments. I'm
prepared to give this an ack, with one comment to whoever pushes the
patch upstream: please reflow the chang
On 11/15/2012 02:30 PM, Simo Sorce wrote:
On Thu, 2012-11-15 at 12:13 +0100, Pavel Březina wrote:
@@ -185,9 +186,14 @@ static int sudosrv_cmd(enum sss_sudo_type type,
struct cli_ctx *cli_ctx)
}
/* if protocol is invalid return */
-if (cli_ctx->cli_protocol_version->version !=
SS
On Thu, 2012-11-15 at 13:33 +0100, Pavel Březina wrote:
> Hi,
> you can specify %#gid value in sudoUser attribute to match the rule to
> specified gid. When I first started working on sudo integration %#gid
> value wasn't supported so it is not supported by sssd.
>
> Should we implement it? I pe
On Thu, Nov 15, 2012 at 01:34:27PM +0100, Pavel Březina wrote:
> On 11/13/2012 05:42 PM, Jakub Hrozek wrote:
> >On Tue, Nov 13, 2012 at 01:58:57PM +0100, Pavel Březina wrote:
> >>https://fedorahosted.org/sssd/ticket/1640
> >
> >Pavel, the code is fine, can you just explain the change better in the
On 14.11.2012 16:20, Ondrej Kos wrote:
On 11/14/2012 03:38 PM, Simo Sorce wrote:
On Wed, 2012-11-14 at 15:18 +0100, Jan Cholasta wrote:
Just one more nitpick: SSS_DB_CHECK_PTS and sss_db_version_check are
used only in sysdb.c, so there is no reason to have them defined
publicly in util.h+util.
On Wed 14 Nov 2012 06:39:06 PM EST, Paul B. Henson wrote:
On 11/14/2012 1:41 PM, Stephen Gallagher wrote:
Minor: Please use the new SSSDBG macros in confdb_get_domain_internal().
You don't need to update the existing code, but all new code should use
the macros. See util.h for a listing of the
On Thu, 2012-11-15 at 12:13 +0100, Pavel Březina wrote:
> @@ -185,9 +186,14 @@ static int sudosrv_cmd(enum sss_sudo_type type,
> struct cli_ctx *cli_ctx)
> }
>
> /* if protocol is invalid return */
> -if (cli_ctx->cli_protocol_version->version !=
> SSS_SUDO_PROTOCOL_VERSION) {
> -
On Thu 15 Nov 2012 04:51:16 AM EST, Pavel Březina wrote:
On 11/15/2012 07:44 AM, Jakub Hrozek wrote:
I'm sorry, I overlooked the compilation warning in the recent sudo
patches as I was testing on a VM that didn't have the silent rules
enabled. A patch is attached.
Thank you.
I wonder how this
On 11/13/2012 05:42 PM, Jakub Hrozek wrote:
On Tue, Nov 13, 2012 at 01:58:57PM +0100, Pavel Březina wrote:
https://fedorahosted.org/sssd/ticket/1640
Pavel, the code is fine, can you just explain the change better in the
commit message? I only know why this works because you told me in person
:
Hi,
you can specify %#gid value in sudoUser attribute to match the rule to
specified gid. When I first started working on sudo integration %#gid
value wasn't supported so it is not supported by sssd.
Should we implement it? I personally don't think it is something we
need to bother with (at le
On Thu, Nov 15, 2012 at 10:57:37AM +0100, Jakub Hrozek wrote:
> We broke saving nested LDAP groups with no members in 1.9 during the
> conversion to ghost users. The attached patches fix that.
>
> The first three patches would be nice to get into 1.9, the last patch is
> OK in master only. I just
On 11/13/2012 05:42 PM, Jakub Hrozek wrote:
On Tue, Nov 13, 2012 at 01:58:57PM +0100, Pavel Březina wrote:
https://fedorahosted.org/sssd/ticket/1640
Pavel, the code is fine, can you just explain the change better in the
commit message? I only know why this works because you told me in person
:
We will no longer version libsss_sudo as agreed.
From 7f92d654b557823fb2c8f8d430467532c51c10a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?=
Date: Thu, 15 Nov 2012 11:07:57 +0100
Subject: [PATCH 1/2] avoid versioning libsss_sudo
---
Makefile.am | 7 ---
1 file changed, 4 i
I believe the patch explains itself.
From ba7b4bf8d7c97f43d286728000a6f30c713f7a1c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?=
Date: Tue, 13 Nov 2012 13:31:56 +0100
Subject: [PATCH 1/3] sudo: print message if old protocol is used
---
src/responder/sudo/sudosrv_cmd.c | 12 +++
On Wed, Nov 14, 2012 at 12:30:24PM -0500, Simo Sorce wrote:
> This patch changes the way subdomain users are stored in the database.
>
> The reason for changing the way we do it is that the sysdb code, before the
> subdomain patches were added assumed a single domain per cache file. This
> assumpt
We broke saving nested LDAP groups with no members in 1.9 during the
conversion to ghost users. The attached patches fix that.
The first three patches would be nice to get into 1.9, the last patch is
OK in master only. I just found the code hard to read sometimes so I
split it into a separate func
On 11/15/2012 07:44 AM, Jakub Hrozek wrote:
I'm sorry, I overlooked the compilation warning in the recent sudo
patches as I was testing on a VM that didn't have the silent rules
enabled. A patch is attached.
Thank you.
I wonder how this slipped past me. I'm compiling with very strict flags
and
On Thu, Nov 15, 2012 at 07:44:24AM +0100, Jakub Hrozek wrote:
> I'm sorry, I overlooked the compilation warning in the recent sudo
> patches as I was testing on a VM that didn't have the silent rules
> enabled. A patch is attached.
ACK
bye,
Sumit
> From ceec408542627a21e9e08acebe9488d5f11e7147 M
26 matches
Mail list logo
