Re: [SSSD] sssd not setting IPA AD trusted user homedir

On Wed, Feb 05, 2014 at 04:58:42PM +0100, Pavel Reichl wrote: > > > Can you also provide a version that compiles on > > sssd-1-11 ? The sysdb API already diverged.. > > Sure. > ACK for sssd-1-11. (The extra patch is a backport that makes sense to bring to sssd-1-11, too) __

Re: [SSSD] [PATCH] NSS: Fix DEBUG formatting of cmdctx->id

On Fri, Jan 17, 2014 at 02:10:33PM +0100, Jakub Hrozek wrote: > On Fri, Jan 17, 2014 at 01:32:03PM +0100, Lukas Slebodnik wrote: > > On (16/01/14 21:24), Jakub Hrozek wrote: > > >While looking at another issue I realized that we used a wrong > > >formatting conversion for UID/GID values - %d. For v

Re: [SSSD] Using the Reviewed-by git tag

On Mon, 2014-02-10 at 04:56 -0500, Dmitri Pal wrote: > On 02/09/2014 11:00 AM, Jakub Hrozek wrote: > > Hi, > > > > as we discussed with the other developers earlier this week, we should > > start using Reviewed-by tag. As a benefit, we would easily see which > > developer understands the code apart

[SSSD] [PATCH] SSS_CACHE: Reset the initgroups attribute when resetting users

Hi, I was debugging one case with a downstream customer which turned out to be a sss_cache bug. For user entries, we only re-set the dataExpireTimestamp, not the initgrExpireTimestamp. This resulted in id not reporting accurate initgroups information even after sss_cache was run. The attached pat

Re: [SSSD] DEBUG macro refactoring v4

On Mon, Jan 13, 2014 at 06:09:44PM +0200, Nikolai Kondrashov wrote: > Hi Jakub, > > On 01/13/2014 04:52 PM, Jakub Hrozek wrote: > >These patches work for me. I had to rebase them on top of the current > >master (sorry, I pushed Stef's patches before I checked the moderation > >queue). Attached is

Re: [SSSD] user-friendly error message when permissions on sssd.conf are incorrect

On Thu, Feb 06, 2014 at 03:17:39PM +0100, Stephen Gallagher wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 02/06/2014 03:09 PM, Pavel Reichl wrote: > > Hello Stephen, > > > > thanks for review. Patch addressing your comments is attached. > > > > PR > > > >> > >> Please keep th

Re: [SSSD] [PATCH] LDAP: Detect the presence of POSIX attributes

On Thu, Jan 30, 2014 at 11:17:06AM +0100, Sumit Bose wrote: > On Wed, Jan 29, 2014 at 05:11:59PM +0100, Jakub Hrozek wrote: > > On Wed, Jan 29, 2014 at 03:39:41PM +0100, Pavel Březina wrote: > > > On 01/27/2014 11:33 PM, Jakub Hrozek wrote: > > > >Hi, > > > > > > > >When the schema is set to AD and

Re: [SSSD] SSSD Configuration to resolve local users

On Tue, Feb 11, 2014 at 03:02:56PM -0500, Dmitri Pal wrote: > On 02/11/2014 11:13 AM, Abhishek Singh wrote: > >Hi, > > > >I want to configure SSSD in order to resolve local users. Can > >someone help me with the steps. > > > > > >Thanks, > >Abhishek > > > > > >__

Re: [SSSD] SSSD Configuration to resolve local users

On 02/11/2014 11:13 AM, Abhishek Singh wrote: Hi, I want to configure SSSD in order to resolve local users. Can someone help me with the steps. Thanks, Abhishek ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahos

[SSSD] [PATCH] Two AD enumeration patches

Hi, attached are two more patches for issues I found when testing the POSIX detection code. [PATCH 1/2] AD: Only download domains that are set to enumerate This is a bug caused by the recent subdomain enumeration patches. The code always downloaded all domains even if subdomain_enumerate was set

[SSSD] [PATCH] LDAP: Handle errors from sdap_id_op properly in enum code

Hi, when testing the AD detection code, I realized that the sdap_id_op handling in the enumeration code was wrong. It only handled recoverable errors, but not the offline case or fatal errors. I think this patch is another reason we should simplify handling of the sdap_id_ops. >From 78dcb3fbacd4a

[SSSD] [PATCH] IPA: Default to krb5_use_fast=try

Hi, as agreed with Nathaniel, we should change the defaults of krb_use_fast to "try" with the IPA backend and also change the default of krb5_fast_principal to "host/$client_hostname". So far I've tested this patch on F-20 only with IPA server 3.3.90GIT0f82cbf. More testing is needed with older I

[SSSD] [PATCH] pam_sss: add ignore_unknown_user option

https://fedorahosted.org/sssd/ticket/2232 FreeBSD's openpam doesn't have a built in way of ignoring an unknown user (e.g. treating PAM_USER_UNKNOWN as a pass for a required module, like Linux's user_unknown=ignore tag), so there needs to be an ignore_unknown_user flag built in to the PAM module. T

[SSSD] SSSD Configuration to resolve local users

Hi, I want to configure SSSD in order to resolve local users. Can someone help me with the steps. Thanks, Abhishek ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Re: [SSSD] could SSSD provide better integration with backends that PAM?

On Tue, Feb 11, 2014 at 01:23:26PM +0100, Nikos Mavrogiannopoulos wrote: > On Mon, 2014-02-10 at 14:22 -0500, Dmitri Pal wrote: > > > >> So I'd still be interested whether the extra attributes will contain > > >> some consistent set of attributes across different SSSD installations, > > >> or they

Re: [SSSD] could SSSD provide better integration with backends that PAM?

On Mon, 2014-02-10 at 14:22 -0500, Dmitri Pal wrote: > >> So I'd still be interested whether the extra attributes will contain > >> some consistent set of attributes across different SSSD installations, > >> or they would be system-specific. > > The extra attributes are defined in sssd.conf, which

[SSSD] [PATCH] move the sudo library outside libdir

Hi, those two patches fixes https://fedorahosted.org/sssd/ticket/1983. Sudo modul will be now installed into $libdir/sssd/modules and no longer into $libdir but because specfile has to work everywhere we have to add --with-sudo-lib-path=$libdir for this time. For next update to F-20 we can add so