[SSSD] [PATCHES] Fix GPO processing for users from subdomains

Patch 0001: AD: Clean up ad_access_gpo Just a minor cleanup to ad_gpo_access_send to adhere to our tevent conventions. This is purely for aesthetic and maintainability reasons; it has no functional effect. Patch 0002: AD: Always get domain-specific ID connection This one is a little tricky. It t

Re: [SSSD] [PATCH] Don't call semanage transaction unless the context has changed

On Tue, Apr 14, 2015 at 05:58:22PM +0200, Michal Židek wrote: > On 04/14/2015 03:47 PM, Jakub Hrozek wrote: > >On Tue, Apr 14, 2015 at 03:18:24PM +0200, Michal Židek wrote: > >>On 04/10/2015 03:24 PM, Jakub Hrozek wrote: > >>>Hi, > >>> > >>>the attached patches fix ticket > >>>https://fedorahosted.

Re: [SSSD] [PATCH] Don't call semanage transaction unless the context has changed

On 04/14/2015 03:47 PM, Jakub Hrozek wrote: On Tue, Apr 14, 2015 at 03:18:24PM +0200, Michal Židek wrote: On 04/10/2015 03:24 PM, Jakub Hrozek wrote: Hi, the attached patches fix ticket https://fedorahosted.org/sssd/ticket/2624 It turns out that calling libsemanage transactions is a fairly in

Re: [SSSD] [PATCH] Don't call semanage transaction unless the context has changed

On Tue, Apr 14, 2015 at 03:18:24PM +0200, Michal Židek wrote: > On 04/10/2015 03:24 PM, Jakub Hrozek wrote: > >Hi, > > > >the attached patches fix ticket > >https://fedorahosted.org/sssd/ticket/2624 > > > >It turns out that calling libsemanage transactions is a fairly intensive > >operation that in

Re: [SSSD] [PATCH] Don't call semanage transaction unless the context has changed

On 04/10/2015 03:24 PM, Jakub Hrozek wrote: Hi, the attached patches fix ticket https://fedorahosted.org/sssd/ticket/2624 It turns out that calling libsemanage transactions is a fairly intensive operation that involves copying multiple files under the /etc/selinux hierarchy to a temporary subtr

Re: [SSSD] [PATCH] sssd_sudo always asks for sudo rules of filter_users

On Tue, Apr 14, 2015 at 01:52:37PM +0200, Pavel Březina wrote: > On 04/14/2015 10:08 AM, Adam Tkac wrote: > >On 04/13/2015 06:10 PM, Jakub Hrozek wrote: > >>On Mon, Apr 13, 2015 at 05:40:41PM +0200, Adam Tkac wrote: > >>>Hello, > >>> > >>>sssd_sudo always asks for sudo rules for users specified in

[SSSD] [PATCH] BUILD: Write hints about optional python bindings

ehlo, attached patch should fix issue with Pavel R. mentioned in mail[1] I thought it would be fixed as part of CI patches, becuase there were some related changes. But It takes ages. So Attached is a patch. LS [1] https://lists.fedorahosted.org/pipermail/sssd-devel/2015-February/022731.html >

Re: [SSSD] [PATCH] sssd_sudo always asks for sudo rules of filter_users

On 04/14/2015 10:08 AM, Adam Tkac wrote: On 04/13/2015 06:10 PM, Jakub Hrozek wrote: On Mon, Apr 13, 2015 at 05:40:41PM +0200, Adam Tkac wrote: Hello, sssd_sudo always asks for sudo rules for users specified in filter_users directive and creates large amount of traffic to LDAP servers. Propos

Re: [SSSD] [PATCHES] sysdb-tests: Add missing assertions

On Tue, Apr 14, 2015 at 01:08:06PM +0200, Jakub Hrozek wrote: > On Tue, Apr 14, 2015 at 08:54:06AM +0200, Lukas Slebodnik wrote: > > ehlo, > > > > simple patches attached. > > > > LS > > ACK. > > negcache tests failed in CI, otherwise passed: > http://sssd-ci.duckdns.org/logs/job/12/93/summary.

Re: [SSSD] [PATCH] simple_access-tests: Simplify assertion

On Tue, Apr 14, 2015 at 12:59:49PM +0200, Jakub Hrozek wrote: > On Tue, Apr 14, 2015 at 08:52:21AM +0200, Lukas Slebodnik wrote: > > ehlo, > > > > simple patch is attached. > > > > LS > > > From de73f8b78968ee651874b7561dd0548359b9e5c8 Mon Sep 17 00:00:00 2001 > > From: Lukas Slebodnik > > Date

Re: [SSSD] [PATCHES] SDAP: Filter ad groups in initgroups

On Tue, Apr 14, 2015 at 12:26:15PM +0200, Jakub Hrozek wrote: > On Mon, Apr 13, 2015 at 04:47:35PM +0200, Lukas Slebodnik wrote: > > ehlo, > > > > the problem is that with current master and 1.12 the domain local groups > > from subdomain are not filtered. > > > > The 1st patch partially fixes th

Re: [SSSD] [PATCHES] sysdb-tests: Add missing assertions

On Tue, Apr 14, 2015 at 08:54:06AM +0200, Lukas Slebodnik wrote: > ehlo, > > simple patches attached. > > LS ACK. negcache tests failed in CI, otherwise passed: http://sssd-ci.duckdns.org/logs/job/12/93/summary.html ___ sssd-devel mailing list sssd-de

Re: [SSSD] [PATCH] simple_access-tests: Simplify assertion

On Tue, Apr 14, 2015 at 08:52:21AM +0200, Lukas Slebodnik wrote: > ehlo, > > simple patch is attached. > > LS > From de73f8b78968ee651874b7561dd0548359b9e5c8 Mon Sep 17 00:00:00 2001 > From: Lukas Slebodnik > Date: Fri, 6 Mar 2015 20:10:15 +0100 > Subject: [PATCH] simple_access-tests: Simplify

Re: [SSSD] [PATCHES] SDAP: Filter ad groups in initgroups

On Mon, Apr 13, 2015 at 04:47:35PM +0200, Lukas Slebodnik wrote: > ehlo, > > the problem is that with current master and 1.12 the domain local groups > from subdomain are not filtered. > > The 1st patch partially fixes the problem. The name of group is not visible > after "id user", but there is

Re: [SSSD] [PATCH] Improve nsupdate error logging

On Mon, Apr 13, 2015 at 06:39:43PM +0200, Pavel Reichl wrote: > > > On 04/08/2015 03:01 PM, Jakub Hrozek wrote: > >Hi, > > > >the attached simple patches add more debugging to nsupdate runs and > >capture nsupdate stderr to the sssd debug logs. I used them to get more > >data in case where nsupda

Re: [SSSD] [PATCH] sssd_sudo always asks for sudo rules of filter_users

On 04/13/2015 06:10 PM, Jakub Hrozek wrote: > On Mon, Apr 13, 2015 at 05:40:41PM +0200, Adam Tkac wrote: >> Hello, >> >> sssd_sudo always asks for sudo rules for users specified in filter_users >> directive and creates large amount of traffic to LDAP servers. Proposed >> patch for this is attache