Re: [SSSD] UID/GID Mapping Incorrect

On Mon, Dec 17, 2012 at 06:00:21PM -0800, Andrew Wygle wrote: Hello, Thanks to the help of this list I successfully got SSSD to authenticate against a Windows Server 2008 R2 Active Directory domain controller. SSH logins work. I am, however, having a problem with UID and GID mappings.

Re: [SSSD] [PATCH] Set cloexec flag for log files

On Mon, Dec 17, 2012 at 01:18:54PM +0100, Pavel Březina wrote: On 12/15/2012 08:02 PM, Jakub Hrozek wrote: https://fedorahosted.org/sssd/ticket/1708 The services kept the fd to /var/log/sssd/sssd.log open. I don't think there's any point in keeping the logfiles open after exec-ing for the

Re: [SSSD] [PATCH] RESOLV: Do not steal the resulting hostent on error

On Mon, Dec 17, 2012 at 01:05:46PM +0100, Pavel Březina wrote: On 12/16/2012 11:38 PM, Jakub Hrozek wrote: I have not reproduced the access-after-free described in https://fedorahosted.org/sssd/ticket/1706 but the backtrace matches the fix and I think it's simply the correct thing to do.

Re: [SSSD] [PATCH] RESOLV: Do not steal the resulting hostent on error

On Tue, Dec 18, 2012 at 11:57:19AM +0100, Jakub Hrozek wrote: On Mon, Dec 17, 2012 at 01:05:46PM +0100, Pavel Březina wrote: On 12/16/2012 11:38 PM, Jakub Hrozek wrote: I have not reproduced the access-after-free described in https://fedorahosted.org/sssd/ticket/1706 but the backtrace

[SSSD] sssd ldap

Hello all, according to my ldap base administrator I'm sending border line ldap requests. Of course I'm using SSSD configured as follows : [domain/default] auth_provider = ldap ldap_id_use_start_tls = False chpass_provider = ldap cache_credentials = False ldap_search_base =

Re: [SSSD] sssd ldap

On Tue, Dec 18, 2012 at 02:43:08PM +0100, François Dagorn wrote: Hello all, according to my ldap base administrator I'm sending border line ldap requests. Of course I'm using SSSD configured as follows : [domain/default] auth_provider = ldap ldap_id_use_start_tls = False chpass_provider

Re: [SSSD] sssd ldap

I'm not entirely sure I understood your problem, but it seems the LDAP server admin is complaining that the SSSD is putting high load on the server, right? Yes. The above search requires the uid, uidNumber and gidNumber attributes to be indexed in order to be efficient. I think they

Re: [SSSD] sssd ldap

Hi, On Tue, Dec 18, 2012 at 3:05 PM, Jakub Hrozek jhro...@redhat.com wrote: On Tue, Dec 18, 2012 at 02:43:08PM +0100, François Dagorn wrote: Hello all, according to my ldap base administrator I'm sending border line ldap requests. Of course I'm using SSSD configured as follows :

Re: [SSSD] sssd ldap

On Tue, Dec 18, 2012 at 03:11:25PM +0100, François Dagorn wrote: I'm not entirely sure I understood your problem, but it seems the LDAP server admin is complaining that the SSSD is putting high load on the server, right? Yes. The above search requires the uid, uidNumber and

Re: [SSSD] [PATCH] Primary server status is not always reset after failover to backup server happened

On Mon, Dec 17, 2012 at 08:48:32PM +0100, Jakub Hrozek wrote: On Mon, Dec 17, 2012 at 12:12:15PM +0100, Pavel Březina wrote: On 12/17/2012 11:34 AM, Jakub Hrozek wrote: On Sun, Dec 16, 2012 at 09:49:06PM +0100, Pavel Březina wrote: The problem is when we are about to reset the server

Re: [SSSD] [PATCHES] sudo: if first full refresh fails, schedule another first full refresh

On Mon, Dec 17, 2012 at 06:19:38PM +0100, Jakub Hrozek wrote: On Fri, Dec 14, 2012 at 06:23:12PM +0100, Pavel Březina wrote: https://fedorahosted.org/sssd/ticket/1689 Now if first full refresh fails because the data provider is offline, we take following steps: 1. schedule another

Re: [SSSD] sssd ldap

Le 18/12/2012 15:35, Marco Pizzoli a écrit : They need to have a presence index to leverage indexing with that query. (attribute=*) simply means check that the attribute exists. I suspect your admin has indexed those attirbutes only for eq. I guess you are right, I'm not aware enough of

Re: [SSSD] [PATCHES] sudo: if first full refresh fails, schedule another first full refresh

On Tue, Dec 18, 2012 at 05:12:29PM +0100, Jakub Hrozek wrote: On Mon, Dec 17, 2012 at 06:19:38PM +0100, Jakub Hrozek wrote: On Fri, Dec 14, 2012 at 06:23:12PM +0100, Pavel Březina wrote: https://fedorahosted.org/sssd/ticket/1689 Now if first full refresh fails because the data

Re: [SSSD] [PATCH] Always request the auto.master map from Data Provider

On Mon, Dec 17, 2012 at 06:05:20PM +0100, Pavel Březina wrote: On 12/15/2012 06:39 PM, Jakub Hrozek wrote: The attached patches implement functionality the admins have been asking for in the autofs responder - when the auto.master map is requested, refresh the mountpoints. The motivation is

Re: [SSSD] [PATCHES] Fixes for select_principal_from_keytab()

On Mon, Dec 17, 2012 at 10:30:14PM +0100, Sumit Bose wrote: Hi, https://fedorahosted.org/sssd/ticket/1635 was reopened because the provided patch didn't fix the problem for the reporter. I think the issue is that although we do lookups for all different types of principals we do not lookup

Re: [SSSD] sssd ldap

On Dec 18, 2012 5:17 PM, François Dagorn francois.dag...@univ-rennes1.fr wrote: Le 18/12/2012 15:35, Marco Pizzoli a écrit : They need to have a presence index to leverage indexing with that query. (attribute=*) simply means check that the attribute exists. I suspect your admin has

Re: [SSSD] [PATCH] Add extra protection for side request

On Sun, Dec 16, 2012 at 04:21:36PM +0100, Jakub Hrozek wrote: On Fri, Dec 14, 2012 at 04:09:35PM -0500, Simo Sorce wrote: Add a timeout to side requests so they do not hang forever. Tested with SIGSTOPping sssd_be and monitor and then waiting for the request and later the idle timer to

[SSSD] [PATCH] Add responder_sbus.h to noinst_HEADERS

I forgot to add the new file to the headers list so distcheck was failing.. Pushed to master and sssd-1-9 under the one-liner rule. ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

[SSSD] [PATCH] Free resources if fileno failed

Detected by Coverity. I think I was too spoiled with talloc recently. From 4a1d817e00ceb55011a992f376dfd668f68204cb Mon Sep 17 00:00:00 2001 From: Jakub Hrozek jhro...@redhat.com Date: Tue, 18 Dec 2012 19:33:57 +0100 Subject: [PATCH] Free resources if fileno failed --- src/util/debug.c | 2 ++ 1

Re: [SSSD] [PATCH] Add responder_sbus.h to noinst_HEADERS

On Tue, Dec 18, 2012 at 07:38:25PM +0100, Jakub Hrozek wrote: I forgot to add the new file to the headers list so distcheck was failing.. Pushed to master and sssd-1-9 under the one-liner rule. Attached is the patch I pushed earlier. From 2886f8ac71025342c673873f2145a1bc358b3773 Mon Sep 17

Re: [SSSD] [PATCHES] Fixes for select_principal_from_keytab()

On Tue, Dec 18, 2012 at 06:41:30PM +0100, Jakub Hrozek wrote: On Mon, Dec 17, 2012 at 10:30:14PM +0100, Sumit Bose wrote: Hi, https://fedorahosted.org/sssd/ticket/1635 was reopened because the provided patch didn't fix the problem for the reporter. I think the issue is that although we

Re: [SSSD] [PATCH] Free resources if fileno failed

On Tue 18 Dec 2012 01:39:45 PM EST, Jakub Hrozek wrote: Detected by Coverity. I think I was too spoiled with talloc recently. Ack ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org

Re: [SSSD] sssd ldap

Indeed... if the presence index on the uid attribute doesn't exist, you are doing a full scan on your (sub) tree. So, the load is semi directly related to the dimension of your data Did I miss the point you were asking? Please let me know if that's the case Thanx a lot, your answer is

[SSSD] [PATCH] Fix failure in memberof that can kill db updates

Fixes https://fedorahosted.org/sssd/ticket/1728 Simo. -- Simo Sorce * Red Hat, Inc * New York From 7988a75e552918e164d0693c6c4de2a5c4a30db6 Mon Sep 17 00:00:00 2001 From: Simo Sorce s...@redhat.com Date: Tue, 18 Dec 2012 20:52:02 -0500 Subject: [PATCH] memberof: Prevent unneded failure case