Re: [SSSD] [PATCH] Make it possible to inherit ignore_group_members, ldap_purge_cache_timeout and ldap_use_tokengroups into subdomains

On (11/05/15 10:47), Jakub Hrozek wrote: >Hi, > >the attached patches are a short-term fix until subdomains can be >configured separately in the config file. They add a new option >subdomain_inherit and make it possible to inherit three options we >learned our users care about for subdomains - igno

Re: [SSSD] [PATCHES] krb5: new option krb5_map_user

On (14/05/15 18:37), Pavel Reichl wrote: >>>+static errno_t split_tuple(TALLOC_CTX *mem_ctx, const char *tuple, >>>+ const char **_first, const char **_second) >>>+{ >>>+errno_t ret; >>>+char **list; >>>+int n; >>>+talloc(mem_ctx, int); >>huh? >Sorry, but I

Re: [SSSD] [PATCHES] krb5: new option krb5_map_user

On 05/14/2015 05:10 PM, Jakub Hrozek wrote: On Thu, May 14, 2015 at 01:55:01PM +0200, Pavel Reichl wrote: Please see updated patch. Thanks, this looks much better. I only have some nitpicks now: From 4f0bd09258e52ae633bc91603e30edf9ce02b279 Mon Sep 17 00:00:00 2001 From: Pavel Reichl Date

Re: [SSSD] [PATCHES] Support GPOs referred from other domains

On Thu, May 14, 2015 at 11:49:17AM -0400, Stephen Gallagher wrote: > On Thu, 2015-05-14 at 17:42 +0200, Jakub Hrozek wrote: > > On Wed, May 06, 2015 at 02:26:30PM -0400, Stephen Gallagher wrote: > > > Patch 0001: LDAP: Support returning referral information > > > > > > Some callers may be interest

Re: [SSSD] [PATCH] Amend the man page for refresh_expired_interval

On Tue, May 12, 2015 at 11:29:35AM -0400, Stephen Gallagher wrote: > On Mon, 2015-05-11 at 09:52 +0200, Jakub Hrozek wrote: > > Hi, > > > > while triaging a performance-related issue, I realized our manpage > > doesn't say also users and groups are now supported by the background > > refresh. The

Re: [SSSD] [PATCHES] Support GPOs referred from other domains

On Thu, 2015-05-14 at 17:42 +0200, Jakub Hrozek wrote: > On Wed, May 06, 2015 at 02:26:30PM -0400, Stephen Gallagher wrote: > > Patch 0001: LDAP: Support returning referral information > > > > Some callers may be interested in the raw referral values returned > > from > > a lookup. This patch all

Re: [SSSD] [PATCHES] Support GPOs referred from other domains

On Wed, May 06, 2015 at 02:26:30PM -0400, Stephen Gallagher wrote: > Patch 0001: LDAP: Support returning referral information > > Some callers may be interested in the raw referral values returned from > a lookup. This patch allows interested consumers to get these referrals > back and process the

Re: [SSSD] [PATCHES] krb5: new option krb5_map_user

On Thu, May 14, 2015 at 01:55:01PM +0200, Pavel Reichl wrote: > Please see updated patch. Thanks, this looks much better. I only have some nitpicks now: > From 4f0bd09258e52ae633bc91603e30edf9ce02b279 Mon Sep 17 00:00:00 2001 > From: Pavel Reichl > Date: Thu, 30 Apr 2015 06:43:05 -0400 > Subject

Re: [SSSD] [PATCH] LDAP: warn about lockout option being deprecated

On Thu, May 14, 2015 at 03:31:55PM +0200, Jakub Hrozek wrote: > On Tue, May 12, 2015 at 03:42:47PM +0200, Pavel Reichl wrote: > > From 3adee0c2ff207eef7c2edcfed80eb47754570210 Mon Sep 17 00:00:00 2001 > > From: Pavel Reichl > > Date: Wed, 25 Mar 2015 05:03:12 -0400 > > Subject: [P

Re: [SSSD] [PRELIMINARY][PATCH] ifp users and groups

On Thu, May 14, 2015 at 02:22:53PM +0200, Pavel Březina wrote: > On 05/14/2015 01:26 PM, Jakub Hrozek wrote: > >On Wed, May 13, 2015 at 04:51:53PM +0200, Pavel Březina wrote: > >>On 05/11/2015 05:58 PM, Jakub Hrozek wrote: > >>>Thanks for the patches. They work quite well! > >>> > >>>One bug I foun

Re: [SSSD] [PATCH] LDAP: warn about lockout option being deprecated

On Tue, May 12, 2015 at 03:42:47PM +0200, Pavel Reichl wrote: > From 3adee0c2ff207eef7c2edcfed80eb47754570210 Mon Sep 17 00:00:00 2001 > From: Pavel Reichl > Date: Wed, 25 Mar 2015 05:03:12 -0400 > Subject: [PATCH] LDAP: warn about lockout option being deprecated > > ---

[SSSD] Design Document: D-Bus Cached Objects

https://fedorahosted.org/sssd/wiki/DesignDocs/DBusCachedObjects Original design is located at: https://fedorahosted.org/sssd/wiki/DesignDocs/DBusResponder#Cachedobjects The new design page is supposed to be more descriptive. I also took the opportunity and renamed the methods, lets see if you l

Re: [SSSD] [PATCHES] krb5: new option krb5_map_user

On 05/11/2015 01:56 PM, Jakub Hrozek wrote: On Thu, Apr 30, 2015 at 01:45:01PM +0200, Pavel Reichl wrote: Hi, it seems this patch review stalled. I'll try to restart it.. From 2c7239f5466acb4a0989c4843b0b13e85f1d40b3 Mon Sep 17 00:00:00 2001 From: Pavel Reichl Date: Thu, 30 Apr 2015 06:40:43

Re: [SSSD] [PRELIMINARY][PATCH] ifp users and groups

On Wed, May 13, 2015 at 04:51:53PM +0200, Pavel Březina wrote: > On 05/11/2015 05:58 PM, Jakub Hrozek wrote: > >Thanks for the patches. They work quite well! > > > >One bug I found is that if you query a nonexistant object path with > >GetAll, then all subsequent queries block. Maybe we don't finis

Re: [SSSD] [PATCH] krb5: remove field run_as_user

On Wed, May 13, 2015 at 06:14:15PM +0200, Lukas Slebodnik wrote: > Obviuos ACK > http://sssd-ci.duckdns.org/logs/job/15/15/summary.html > > LS * master: 9696ce0c9ff737c873ddbf54fab91355d71e8698 ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.o

Re: [SSSD] [RFC] Remove enumeration support from the AD and IPA back ends

On 05/10/2015 08:41 PM, Jakub Hrozek wrote: Hi, this proposal might be a bit controversial, so I hope there wouldn't be any big flame. In the past, the AD and IPA back ends were just a wrapper around the LDAP provider that used different defaults customized for the particular server. But that's