[SSSD] Re: trac cleanup of the patches welcome milestone

2016-11-17 Thread Jakub Hrozek
On Thu, Nov 17, 2016 at 08:36:40AM -0500, Justin Stephenson wrote: > On 11/17/2016 06:23 AM, Jakub Hrozek wrote: > > Hi, > > > > as we're planning what exactly are we going to work on in the next release > > and also preparing to move away from fedorahosted, I think it

[SSSD] trac cleanup of the patches welcome milestone

2016-11-17 Thread Jakub Hrozek
Hi, as we're planning what exactly are we going to work on in the next release and also preparing to move away from fedorahosted, I think it makes sense to clean up our Trac. The intent is to make our trac better searchable and reduce clutter. First, I went through the Patches Welcome milestone

[SSSD] Re: [RFC] Socket-activate responders

2016-11-16 Thread Jakub Hrozek
On Wed, Nov 16, 2016 at 11:46:03AM +0100, Fabiano Fidêncio wrote: > On Wed, Nov 16, 2016 at 11:20 AM, Jakub Hrozek <jhro...@redhat.com> wrote: > > On Wed, Nov 16, 2016 at 10:03:36AM +0100, Fabiano Fidêncio wrote: > >> People, > >> > >> I've spen

[SSSD] Re: [RFC] Socket-activate responders

2016-11-16 Thread Jakub Hrozek
On Wed, Nov 16, 2016 at 10:03:36AM +0100, Fabiano Fidêncio wrote: > People, > > I've spent some time looking at the code and trying to understand what > are the needed changes in order to have this task done. I'll start by > writing down how things are working nowadays, what we want to achieve, >

[SSSD] Re: [Q] t3222 sssd still showing ipa user after removed from last group

2016-11-15 Thread Jakub Hrozek
On Wed, Nov 09, 2016 at 04:44:12PM +0100, Petr Cech wrote: > Hi all, > > I came back to ticket #3222 "sssd still showing ipa user after removed from > last group" [1]. And I have new knowledge. But I still do not see the light > at the end of the tunnel. > > [1]

[SSSD] Re: [sssd PR#53][comment] Fixes in the config API related to secrets responder

2016-11-10 Thread Jakub Hrozek
On Tue, Nov 08, 2016 at 02:40:23PM +0100, lslebodn wrote: > I am fine with the 1st patch. But I am not very familiar with > the secrets code therefore It would take me much more time to review > 2nd patch. I prefer if @jhrozek could review it. I see one glitch there. We should move the provider

[SSSD] Re: Nested netgroups with IPA provider

2016-11-10 Thread Jakub Hrozek
On Thu, Nov 10, 2016 at 10:49:55AM +0100, Michal Židek wrote: > Hi, > > this is continuation of discussion about pull > request 51 and associated tickets. > > For context, see: > https://github.com/SSSD/sssd/pull/59 > https://fedorahosted.org/sssd/ticket/3159 >

[SSSD] Re: about letting the responder choose the sysdb optimization level

2016-11-09 Thread Jakub Hrozek
On Wed, Nov 09, 2016 at 07:26:14AM -0500, Simo Sorce wrote: > On Wed, 2016-11-09 at 13:08 +0100, Sumit Bose wrote: > > On Tue, Nov 08, 2016 at 10:28:20AM +0100, Jakub Hrozek wrote: > > > Hi, > > > > > > I would like to ask for opinions about: > > &

[SSSD] about letting the responder choose the sysdb optimization level

2016-11-08 Thread Jakub Hrozek
Hi, I would like to ask for opinions about: https://fedorahosted.org/sssd/ticket/3126 The basic idea is that the responder would choose what kind of optimization would the back end perform when saving the sysdb entries. Requests that just return information might choose to optimize very

[SSSD] Re: [PATCHES] views: properly override group member names

2016-11-08 Thread Jakub Hrozek
On Tue, Nov 08, 2016 at 08:14:20AM +0100, Lukas Slebodnik wrote: > On (26/07/16 22:05), Sumit Bose wrote: > >On Tue, Jul 26, 2016 at 06:06:48PM +0200, Jakub Hrozek wrote: > >> On Tue, Jul 26, 2016 at 05:25:11PM +0200, Jakub Hrozek wrote: > >> > On Tue, Jul 26, 2016 a

[SSSD] Re: [PATCH] SYSDB: Fix error handling in sysdb_get_user_members_recursively

2016-11-07 Thread Jakub Hrozek
On Tue, Oct 04, 2016 at 08:40:55AM +0200, Petr Cech wrote: > bump This commit was pushed as b969ccc2cc58fdf761e5d314de9217f2d914bc9b ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to

[SSSD] Watchdog in the monitor process

2016-11-06 Thread Jakub Hrozek
Hi, Currently the watchdog is enabled for all sssd processes, including the main sssd process. I admit I only realised that now that I was looking into one user report where upgrading the sssd database during package update took so long that the watchdog eventually killed the sssd

[SSSD] Re: [sssd PR#43][comment] RESPONDER: Enable sudoRule in case insen. domains​ (1.14)

2016-11-03 Thread Jakub Hrozek
On Tue, Oct 25, 2016 at 12:38:57PM +0200, pbrezina wrote: > URL: https://github.com/SSSD/sssd/pull/43 > Title: #43: RESPONDER: Enable sudoRule in case insen. domains​ (1.14) > > pbrezina commented: > """ > I see why it works now, what I originally meant was to create a whole new > attribute,

[SSSD] Re: Should we use VMs or containers for (some) tests?

2016-11-01 Thread Jakub Hrozek
On Tue, Nov 01, 2016 at 10:31:20AM +0200, Nikolai Kondrashov wrote: > Hi Jakub, > > On 10/27/2016 05:20 PM, Jakub Hrozek wrote: > > I'm currently working on integration tests for the 'files' provider and > > during this work I started to feel we are pushing the boundarie

[SSSD] Re: fedorahosted.org sunset

2016-10-27 Thread Jakub Hrozek
On Fri, Sep 16, 2016 at 12:21:40PM +0200, Lukas Slebodnik wrote: > +1 I can help with transition to Pagure. > git hosting is not a problem and Nikolai voluntered to > convert wiki to markdown in git Sorry to restart an old thread, but.. I bought the sssd.io domain name. The intent is to have a

[SSSD] Should we use VMs or containers for (some) tests?

2016-10-27 Thread Jakub Hrozek
Hi, I'm currently working on integration tests for the 'files' provider and during this work I started to feel we are pushing the boundaries around our test infrastructure already quite a bit. When SSSD talks over network to a server, then we're more or less okay, but for some parts of SSSD, like

[SSSD] Re: Help : Tickets suitable for newcomers

2016-10-26 Thread Jakub Hrozek
On Wed, Oct 26, 2016 at 11:37:22PM +0530, Amit Kumar wrote: > Hello, > Thanks for response. > I made code change in src/providers/ipa/ipa_access.c > # make > # make intgcheck > configure: error: source directory already configured; run "make distclean" > there first > Makefile:27077: recipe for

[SSSD] Re: master/1.14 split and 1.14.2 release

2016-10-20 Thread Jakub Hrozek
On Wed, Oct 19, 2016 at 12:09:30PM +0200, Jakub Hrozek wrote: > Hi, > > some refactoring patches were already acked > (https://github.com/SSSD/sssd/pull/34) and I would prefer them to not > land in the 1.14 branch. Therefore I propose we split master and 1.14. The branches

[SSSD] Announcing SSSD 1.14.2

2016-10-19 Thread Jakub Hrozek
y bindings in dlopen tests Jakub Hrozek (35): * Updating the version for the 1.14.2 release * CONFIG: selinux_provider is a valid provider type * CONFIG: session_provider does not exist anymore * IPA: Parse qualified names when guessing AD user principal * MONITOR: Remove the no longer used diag_c

[SSSD] RFC: sssd 1.14.2 release notes

2016-10-19 Thread Jakub Hrozek
Please review or fix the wiki: https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2 Unless anyone complains, I would like to release 1.14.2 today so that we can fork master and sssd-1.14.2 ___ sssd-devel mailing list --

[SSSD] master/1.14 split and 1.14.2 release

2016-10-19 Thread Jakub Hrozek
Hi, some refactoring patches were already acked (https://github.com/SSSD/sssd/pull/34) and I would prefer them to not land in the 1.14 branch. Therefore I propose we split master and 1.14. Lukas also proposed we release 1.14.2. Fine by me unless anyone things the existing tickets should block

[SSSD] Re: controls for solaris clients for password-less login (sshkey)

2016-10-14 Thread Jakub Hrozek
On Fri, Oct 14, 2016 at 11:36:17AM +0200, Csaba Dobo wrote: > Hi, > I need to add the below control to openldap: > 1.3.6.1.4.1.42.2.27.9.5.8 (Account Usability Control) > > Anyone knows how to do such thing? The openldap-technical mailing list:

[SSSD] Re: Milestone names

2016-10-10 Thread Jakub Hrozek
On Fri, Oct 07, 2016 at 02:23:16PM +0200, Michal Židek wrote: > On 10/07/2016 12:20 PM, Jakub Hrozek wrote: > > Hi, > > > > for better or worse, our milestone and release planning is not great. We > > normally decide on what we want to work on for the next release a

[SSSD] Re: Monotonic clock for timed events

2016-10-10 Thread Jakub Hrozek
On Mon, Oct 10, 2016 at 11:09:35AM +0200, Victor Tapia wrote: > El 10/10/16 a las 10:56, Ian Kent escribió: > > On Mon, 2016-10-10 at 10:42 +0200, Jakub Hrozek wrote: > >> On Mon, Oct 10, 2016 at 10:04:30AM +0200, Victor Tapia wrote: > >>> Hi list, > >>> &

[SSSD] Re: Monotonic clock for timed events

2016-10-10 Thread Jakub Hrozek
On Mon, Oct 10, 2016 at 10:04:30AM +0200, Victor Tapia wrote: > Hi list, > > I've faced a race condition when SSSD boots in a machine with a big > clock drift. This is what I see: > > 1. SSSD starts before the network is up, queries the LDAP server without > success and sets a retry timer (~60

[SSSD] Milestone names

2016-10-07 Thread Jakub Hrozek
Hi, for better or worse, our milestone and release planning is not great. We normally decide on what we want to work on for the next release and release new versions based on Fedora or RHEL releases (mostly because there is normally no other driver..if there are other projects or distributions

[SSSD] Re: Design discussion: Fleet Commander integration

2016-10-07 Thread Jakub Hrozek
On Thu, Oct 06, 2016 at 06:38:23PM +0200, Sumit Bose wrote: > On Thu, Oct 06, 2016 at 04:41:10PM +0200, Jakub Hrozek wrote: > > Hi, > > > > with Alexander's help, I wrote up a design page about how SSSD should > > read Fleet Commander data from IPA and present them to

[SSSD] Design discussion: Fleet Commander integration

2016-10-06 Thread Jakub Hrozek
way to debug the integration is to enable the sessions provider and the FleetCommander integration manually w/o dropping the file by the FC client side daemon. === Authors === * Alexander Bokovoy * Jakub Hrozek ___ sssd-devel mailing list -- sssd-d

[SSSD] Re: [PATCH ding-libs] Extend API to const key for clients that don't need to modify their keys

2016-10-05 Thread Jakub Hrozek
On Wed, Oct 05, 2016 at 07:42:23AM -0600, Philip Prindeville wrote: > On Oct 5, 2016, at 5:45 AM, Michal Židek wrote: > > > > ACK to the code from Philip. I amended the commit > > message to meet our style. > > > > I would like to push this together with at least some > >

[SSSD] Re: [PATCH] Create pidfile after responders have started

2016-10-03 Thread Jakub Hrozek
On Mon, Oct 03, 2016 at 05:44:19PM +0200, Victor Tapia wrote: > Hi, > > I just removed the upstart part and left just the systemd notification > with the fix for the latest master branch. I also fixed the evaluation > of the return code of sd_notify from the original patch, so this should > be

[SSSD] Re: RFC: github PR workflow

2016-10-03 Thread Jakub Hrozek
On Fri, Sep 16, 2016 at 10:45:52AM +0200, Jakub Hrozek wrote: > I added the git workflow page from the "Contribute" page. If there's > something odd, please just edit the wiki.. I also added a quick note to show how to allow pull requests from developers outside the team t

[SSSD] Re: Refactoring work for the next couple of weeks

2016-10-03 Thread Jakub Hrozek
On Mon, Oct 03, 2016 at 02:07:25PM +0200, Pavel Březina wrote: > On 10/03/2016 12:27 PM, Jakub Hrozek wrote: > > Hi, > > > > we might be able to do some refactoring in the next couple of weeks > > prior to working on the next release. > > > > I

[SSSD] Refactoring work for the next couple of weeks

2016-10-03 Thread Jakub Hrozek
Hi, we might be able to do some refactoring in the next couple of weeks prior to working on the next release. I wrote up a proposal here: https://fedorahosted.org/sssd/wiki/DesignDocs/OneFifteenCodeRefactoring for your convenience, I copied the contents inline as well. But the page is

[SSSD] Re: [RFC] Use GNULIB's compiler warning code

2016-09-29 Thread Jakub Hrozek
26, 2016 at 9:26 PM, Lukas Slebodnik <lsleb...@redhat.com> > >>>wrote: > >>>> On (26/09/16 12:14), Fabiano Fidêncio wrote: > >>>>>Jakub, > >>>>> > >>>>>On Mon, Sep 26, 2016 at 11:35 AM, Jakub Hrozek <jhro...@

[SSSD] Re: [sssd PR#32][comment] Requesting a pull to SSSD:master from fidencio:wip/#3138

2016-09-28 Thread Jakub Hrozek
On Wed, Sep 28, 2016 at 10:54:47AM +0200, Fabiano Fidêncio wrote: > On Wed, Sep 28, 2016 at 10:32 AM, jhrozek > wrote: > > URL: https://github.com/SSSD/sssd/pull/32 > > Title: #32: Requesting a pull to SSSD:master from fidencio:wip/#3138 > > > >

[SSSD] Re: [PATCH] config_schema: Add ldap_user_email to schema

2016-09-26 Thread Jakub Hrozek
On Wed, Aug 10, 2016 at 09:35:26AM +0200, Jakub Hrozek wrote: > On Wed, Aug 10, 2016 at 09:25:20AM +0200, Lukas Slebodnik wrote: > > On (10/08/16 09:13), Fabiano Fidêncio wrote: > > >On Wed, Aug 10, 2016 at 8:23 AM, Lukas Slebodnik <lsleb...@redhat.com> > > >wrot

[SSSD] Re: [RFC] Use GNULIB's compiler warning code

2016-09-26 Thread Jakub Hrozek
On Mon, Sep 05, 2016 at 03:39:19PM +0200, Fabiano Fidêncio wrote: > On Thu, Aug 11, 2016 at 2:33 PM, Fabiano Fidêncio wrote: > > Howdy! > > > > I've suggested, a long time ago, that we could start making use of > > GNULIB's compiler warnings from 'manywarnings' module. This

[SSSD] Re: Question: LDAP provider doesn't show group member

2016-09-22 Thread Jakub Hrozek
On Thu, Sep 22, 2016 at 12:32:45PM +0200, Petr Cech wrote: > Hi, > > I am working on [1] LDAP provider doesn't show group member > > There is one point what I am not able to understand clearly. > > I prepared environment by: > > ipa user-add --first=Test --last=User1 --email=u...@domain.sssd

[SSSD] Re: [PATCH] Create pidfile after responders have started

2016-09-22 Thread Jakub Hrozek
On Thu, Sep 22, 2016 at 10:07:21AM -, Victor Tapia wrote: > Hi, > > I just saw that the ticket 3080 (https://fedorahosted.org/sssd/ticket/3080) > has been closed with a different patch. Is this one landing too? Sorry, that's my fault, I put a wrong URL into patches for #3140. I reopened

[SSSD] Re: [PATCH] ssh: skip invalid certificates

2016-09-22 Thread Jakub Hrozek
On Mon, Sep 19, 2016 at 09:51:09AM +0200, Lukas Slebodnik wrote: > On (19/09/16 09:41), Jakub Hrozek wrote: > >On Thu, Jun 16, 2016 at 01:38:32PM +0200, Jakub Hrozek wrote: > >> On Thu, Jun 16, 2016 at 01:33:47PM +0200, Jakub Hrozek wrote: > >> > On Tue, Jun 07, 2

[SSSD] Re: [sssd PR#30][opened] sssctl: use systemd D-Bus API

2016-09-21 Thread Jakub Hrozek
On Wed, Sep 21, 2016 at 12:27:16PM +0200, pbrezina wrote: >URL: https://github.com/SSSD/sssd/pull/30 > Author: pbrezina > Title: #30: sssctl: use systemd D-Bus API > Action: opened > > PR body: > """ > If systemd is used we leverage it's D-Bus API instead of running systemctl. > > Resolves:

[SSSD] Re: fedorahosted.org sunset

2016-09-21 Thread Jakub Hrozek
On Fri, Sep 16, 2016 at 12:58:38PM +0200, Lukas Slebodnik wrote: > On (16/09/16 12:52), Jakub Hrozek wrote: > >On Fri, Sep 16, 2016 at 12:34:26PM +0200, Fabiano Fidêncio wrote: > >> Howdy! > >> > >> On Fri, Sep 16, 2016 at 11:09 AM, Jakub Hrozek &

[SSSD] Re: [PATCHES] p11: add no_verification option

2016-09-19 Thread Jakub Hrozek
On Mon, Sep 19, 2016 at 12:06:23PM +0200, Jakub Hrozek wrote: > The backport was trivial, I'm just waiting for sssd-1-13 CI results. CI: http://sssd-ci.duckdns.org/logs/job/53/56/summary.html * sssd-1-13: * b76a0026a115a8a0362b1693404830fa3c684

[SSSD] Re: [PATCHES] p11: add no_verification option

2016-09-19 Thread Jakub Hrozek
On Mon, Sep 19, 2016 at 11:48:54AM +0200, Sumit Bose wrote: > On Mon, Sep 19, 2016 at 10:14:57AM +0200, Jakub Hrozek wrote: > > On Thu, Jun 09, 2016 at 12:00:06PM +0200, Lukas Slebodnik wrote: > > > On (07/06/16 15:13), Jakub Hrozek wrote: > > > >On Tue, Jun 07, 2

[SSSD] Re: [PATCH] Failover to next server if authentication fails

2016-09-19 Thread Jakub Hrozek
On Mon, Sep 19, 2016 at 09:50:49AM +0200, Jakub Hrozek wrote: > On Wed, May 11, 2016 at 12:48:58PM +0200, Jakub Hrozek wrote: > > master: > > 8eb4a1f773b6c2246b0a6c6e3c3b8ef4d79c9ca6 > > 73dd89c3fb361dab43b4802510f4c64d282dbde1 > > I would like to backpo

[SSSD] Re: [PATCH SET] AD_PROVIDER: ad_enabled_domains

2016-09-19 Thread Jakub Hrozek
On Mon, Sep 19, 2016 at 09:52:57AM +0200, Lukas Slebodnik wrote: > On (19/09/16 09:46), Jakub Hrozek wrote: > >On Wed, Aug 17, 2016 at 04:13:02PM +0200, Jakub Hrozek wrote: > >> On Wed, Aug 17, 2016 at 04:04:51PM +0200, Jakub Hrozek wrote: > >> > On Wed, Aug 17, 2016

[SSSD] Re: [PATCHES] p11: add no_verification option

2016-09-19 Thread Jakub Hrozek
On Thu, Jun 09, 2016 at 12:00:06PM +0200, Lukas Slebodnik wrote: > On (07/06/16 15:13), Jakub Hrozek wrote: > >On Tue, Jun 07, 2016 at 03:11:49PM +0200, Sumit Bose wrote: > >> On Tue, Jun 07, 2016 at 02:42:56PM +0200, Jakub Hrozek wrote: > >> > On Mon, May 30, 2016 a

[SSSD] Re: fedorahosted.org sunset

2016-09-16 Thread Jakub Hrozek
On Fri, Sep 16, 2016 at 12:50:54PM +0200, Jakub Hrozek wrote: > The first step imo is -- define what exactly we miss from pagure's > tracker. For me it's: > - milestones Apparently, pagure has a creative way to deal with milestones: https://docs.pagure.org/pagure/usage/roa

[SSSD] Re: fedorahosted.org sunset

2016-09-16 Thread Jakub Hrozek
On Fri, Sep 16, 2016 at 12:34:26PM +0200, Fabiano Fidêncio wrote: > Howdy! > > On Fri, Sep 16, 2016 at 11:09 AM, Jakub Hrozek <jhro...@redhat.com> wrote: > > Hi, > > > > fedorahosted.org is being decomissioned: > > > > https:

[SSSD] Re: fedorahosted.org sunset

2016-09-16 Thread Jakub Hrozek
On Fri, Sep 16, 2016 at 12:25:41PM +0200, Lukas Slebodnik wrote: > On (16/09/16 13:18), Nikolai Kondrashov wrote: > >On 09/16/2016 12:09 PM, Jakub Hrozek wrote: > >> fedorahosted.org is being decomissioned: > >> > >> https://lists.f

[SSSD] fedorahosted.org sunset

2016-09-16 Thread Jakub Hrozek
Hi, fedorahosted.org is being decomissioned: https://lists.fedoraproject.org/archives/list/annou...@lists.fedoraproject.org/thread/RLL3LFUPLYMAUKGZ5B3O64XKJXBT24KZ/ so we need to find a new home for SSSD.. I wanted to ask: 1) anyone from the core development team who is interested in

[SSSD] Re: RFC: github PR workflow

2016-09-16 Thread Jakub Hrozek
On Thu, Sep 01, 2016 at 01:11:54PM +0200, Lukas Slebodnik wrote: > On (01/09/16 12:29), Jakub Hrozek wrote: > >On Thu, Sep 01, 2016 at 12:10:15PM +0200, Lukas Slebodnik wrote: > >> On (01/09/16 10:30), Jakub Hrozek wrote: > >> >On Thu, Sep 01, 2016 at 09:

[SSSD] Re: [PATCH] SECRETS: Search by the right type when checking containers

2016-09-13 Thread Jakub Hrozek
On Tue, Sep 13, 2016 at 04:30:57PM +0200, Jakub Hrozek wrote: > On Tue, Aug 30, 2016 at 11:08:48AM +0200, Fabiano Fidêncio wrote: > > We've been searching for the wrong type ("simple") in > > local_db_check_containers(), which always gives us a NULL result. > &g

[SSSD] Re: [PATCH] SECRETS: Search by the right type when checking containers

2016-09-13 Thread Jakub Hrozek
On Tue, Aug 30, 2016 at 11:08:48AM +0200, Fabiano Fidêncio wrote: > We've been searching for the wrong type ("simple") in > local_db_check_containers(), which always gives us a NULL result. > > Let's introduce the new LOCAL_CONTAINER_FILTER and do the search for the > right type ("container")

[SSSD] Re: MONITOR: Add disable_netlink sssd.conf option

2016-09-12 Thread Jakub Hrozek
On Mon, Sep 12, 2016 at 10:40:21AM +0200, Jakub Hrozek wrote: > On Mon, Sep 12, 2016 at 10:31:24AM +0200, Jakub Hrozek wrote: > > On Mon, Sep 12, 2016 at 12:21:26AM +0200, Jakub Hrozek wrote: > > > On Thu, Sep 08, 2016 at 01:57:29PM -0400, Justin Stephenson wrote: > > &g

[SSSD] Re: MONITOR: Add disable_netlink sssd.conf option

2016-09-12 Thread Jakub Hrozek
On Mon, Sep 12, 2016 at 10:31:24AM +0200, Jakub Hrozek wrote: > On Mon, Sep 12, 2016 at 12:21:26AM +0200, Jakub Hrozek wrote: > > On Thu, Sep 08, 2016 at 01:57:29PM -0400, Justin Stephenson wrote: > > > On 09/07/2016 02:24 PM, Jakub Hrozek wrote: > > > > Hi, >

[SSSD] Re: MONITOR: Add disable_netlink sssd.conf option

2016-09-12 Thread Jakub Hrozek
On Mon, Sep 12, 2016 at 12:21:26AM +0200, Jakub Hrozek wrote: > On Thu, Sep 08, 2016 at 01:57:29PM -0400, Justin Stephenson wrote: > > On 09/07/2016 02:24 PM, Jakub Hrozek wrote: > > > Hi, > > > > > > sorry to come late, but I have one more request (last one, I

[SSSD] Re: [PATCH] Fix offline resolution of autofs maps and netgroups

2016-09-11 Thread Jakub Hrozek
On Tue, Aug 30, 2016 at 01:16:05PM +0200, Pavel Březina wrote: > On 08/04/2016 06:02 PM, Jakub Hrozek wrote: > > Hi, > > > > to reproduce the netgroups failure: > > * getent netgroup testngr # to verify the netgroup is there > > * sss_cache -E > >

[SSSD] Re: MONITOR: Add disable_netlink sssd.conf option

2016-09-11 Thread Jakub Hrozek
On Thu, Sep 08, 2016 at 01:57:29PM -0400, Justin Stephenson wrote: > On 09/07/2016 02:24 PM, Jakub Hrozek wrote: > > Hi, > > > > sorry to come late, but I have one more request (last one, I promise..) > > > > On Thu, Sep 01, 2016 at 09:36:32AM -0400, Ju

[SSSD] Re: [PATCH SET] SYSDB: Adding message to inform about cache

2016-09-11 Thread Jakub Hrozek
On Thu, Sep 08, 2016 at 12:56:08PM +0200, Lukas Slebodnik wrote: > On (07/09/16 09:53), Jakub Hrozek wrote: > >On Wed, Sep 07, 2016 at 08:45:18AM +0200, Lukas Slebodnik wrote: > >> On (05/09/16 16:07), Jakub Hrozek wrote: > >> >On Mon, Sep 05, 2016 at 03:32:48P

[SSSD] Re: [PATCH] failover: proceed normally when no new server is found

2016-09-07 Thread Jakub Hrozek
On Thu, Sep 01, 2016 at 02:02:40PM +0200, Pavel Březina wrote: > https://fedorahosted.org/sssd/ticket/3131 > > I couldn't reproduce manually so I used the second patch as a by-code > reproducer. If you apply the patch then sssd will try to resolve meta server > twice simultaneously and triggering

[SSSD] Re: MONITOR: Add disable_netlink sssd.conf option

2016-09-07 Thread Jakub Hrozek
Hi, sorry to come late, but I have one more request (last one, I promise..) On Thu, Sep 01, 2016 at 09:36:32AM -0400, Justin Stephenson wrote: > From f647e732c2a5b8727376dded962766fb03bb5ea8 Mon Sep 17 00:00:00 2001 > From: Justin Stephenson > Date: Fri, 26 Aug 2016

[SSSD] Re: [PATCH SET] SYSDB: Adding message to inform about cache

2016-09-07 Thread Jakub Hrozek
On Wed, Sep 07, 2016 at 08:45:18AM +0200, Lukas Slebodnik wrote: > On (05/09/16 16:07), Jakub Hrozek wrote: > >On Mon, Sep 05, 2016 at 03:32:48PM +0200, Lukas Slebodnik wrote: > >> On (05/09/16 15:24), Jakub Hrozek wrote: > >> >On Mon, Sep 05, 2016 at 02:31:31PM

[SSSD] Re: [PATCH SET] SYSDB: Adding message to inform about cache

2016-09-05 Thread Jakub Hrozek
On Mon, Sep 05, 2016 at 03:32:48PM +0200, Lukas Slebodnik wrote: > On (05/09/16 15:24), Jakub Hrozek wrote: > >On Mon, Sep 05, 2016 at 02:31:31PM +0200, Fabiano Fidêncio wrote: > >> On Mon, Sep 5, 2016 at 11:59 AM, Fabiano Fidêncio <fiden...@redhat.com> > >> wr

[SSSD] Re: [PATCH SET] SYSDB: Adding message to inform about cache

2016-09-05 Thread Jakub Hrozek
On Mon, Sep 05, 2016 at 02:31:31PM +0200, Fabiano Fidêncio wrote: > On Mon, Sep 5, 2016 at 11:59 AM, Fabiano Fidêncio wrote: > > Petr, > > > > I went through your patches and in general they look good to me. > > However, I haven't done any tests yet with your patches (and

[SSSD] Re: RFC: github PR workflow

2016-09-01 Thread Jakub Hrozek
On Thu, Sep 01, 2016 at 12:10:15PM +0200, Lukas Slebodnik wrote: > On (01/09/16 10:30), Jakub Hrozek wrote: > >On Thu, Sep 01, 2016 at 09:49:50AM +0200, Petr Cech wrote: > >> On 08/31/2016 10:28 AM, Jakub Hrozek wrote: > >> > Hi, > >> > >

[SSSD] Re: [PATCH] GPO: Cat vals with same key from different GPOs

2016-09-01 Thread Jakub Hrozek
On Thu, Sep 01, 2016 at 09:56:33AM +0200, Michal Židek wrote: > On 08/31/2016 07:49 PM, Stephen Gallagher wrote: > > On 08/31/2016 01:24 PM, Simo Sorce wrote: > > > On Wed, 2016-08-31 at 17:41 +0200, Michal Židek wrote: > > > > Hi, > > > > > > > > here is patch for ticket #3161. > > > > > > > >

[SSSD] Re: RFC: github PR workflow

2016-09-01 Thread Jakub Hrozek
On Thu, Sep 01, 2016 at 09:49:50AM +0200, Petr Cech wrote: > On 08/31/2016 10:28 AM, Jakub Hrozek wrote: > > Hi, > > > > I documented workflow that we could use for submitting PRs: > > https://fedorahosted.org/sssd/wiki/GithubWorkflow > > > > It's quit

[SSSD] Re: [RFC] Cleaning up the IFP responder (mainly) and socket-activatable responders

2016-08-31 Thread Jakub Hrozek
On Wed, Aug 31, 2016 at 07:40:32PM +0200, Fabiano Fidêncio wrote: > Howdy! > > Taking a look on https://fedorahosted.org/sssd/ticket/2395 seems that > there are a few ways to achieve what's proposed by Simo and I'd like > to discuss one of those before start implementing it. > > As far as I

[SSSD] RFC: github PR workflow

2016-08-31 Thread Jakub Hrozek
Hi, I documented workflow that we could use for submitting PRs: https://fedorahosted.org/sssd/wiki/GithubWorkflow It's quite similar to what the FreeIPA team uses (although I don't think they publicly document it yet). Comments or edits welcome. If there are none, I'll link the page from

[SSSD] Re: [PATCH] knownhostsproxy: use all of the getaddrinfo()

2016-08-30 Thread Jakub Hrozek
On Tue, Aug 30, 2016 at 06:51:43PM +0200, Lukas Slebodnik wrote: > On (30/08/16 13:01), Pavel Březina wrote: > >On 08/19/2016 02:03 PM, Jakub Hrozek wrote: > >> Hi, > >> > >> I'm sending this patch on behalf of Nalin, who attached it to > >> https://b

[SSSD] Re: [PATCH] PROXY: Use right name in ldap filter

2016-08-30 Thread Jakub Hrozek
On Fri, Aug 26, 2016 at 03:10:39PM +0200, Lukas Slebodnik wrote: > ehlo, > > We used internal fq name in ldap filter > with id_provider proxy to files and auth provider > ldap > ACK thank you for catching this. ___ sssd-devel mailing list

[SSSD] Re: [PATCH] sudo man page: say that we support IPA schema

2016-08-30 Thread Jakub Hrozek
On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote: > On 08/10/2016 04:33 PM, Dan Lavu wrote: > > I asked Lukas this but he wasn't positive, is the objectClasses different > > when adding 'ldap_sudo_search_base' ? Or is it just location? > > > > Eitherway, I think this is going to

[SSSD] Re: MONITOR: Add disable_netlink sssd.conf option

2016-08-30 Thread Jakub Hrozek
On Sat, Aug 27, 2016 at 12:54:53PM -0400, Justin Stephenson wrote: > Hello, > > The attached patches resolve https://fedorahosted.org/sssd/ticket/3142 > > However, I am having difficult with the man page addition to > 'src/man/sssd.conf.5.xml' for this new option. I have stared at the open and >

[SSSD] Re: [PATCH] BUILD: Break the intgcheck target into 5 smaller targets: intgcheck-{prepare,configure,build,run,clean}

2016-08-29 Thread Jakub Hrozek
On Mon, Aug 29, 2016 at 03:57:47PM +0200, Fabiano Fidêncio wrote: > On Mon, Aug 29, 2016 at 3:53 PM, Jakub Hrozek <jhro...@redhat.com> wrote: > > On Mon, Aug 29, 2016 at 03:51:06PM +0200, Lukas Slebodnik wrote: > >> On (29/08/16 14:47), Lukas Slebodnik wrote: > >&

[SSSD] Re: [PATCH] BUILD: Break the intgcheck target into 5 smaller targets: intgcheck-{prepare,configure,build,run,clean}

2016-08-29 Thread Jakub Hrozek
; On (29/08/16 14:15), Fabiano Fidêncio wrote: > >>>>On Mon, Aug 29, 2016 at 12:36 PM, Lukas Slebodnik <lsleb...@redhat.com> > >>>>wrote: > >>>>> On (29/08/16 12:08), Fabiano Fidêncio wrote: > >>>>>>On Mon, Aug 29, 2016

[SSSD] Re: 'no primary group ID provided' when using AD in ldap mode

2016-08-29 Thread Jakub Hrozek
On Mon, Aug 29, 2016 at 04:49:57AM -, Daniel Hermans wrote: > HI, > sorry I didn't get any response on sssd-users This was just because nobody had the time to answer until today (most developers are in EU..). It's still better to post on the users list because the archives will be searchable

[SSSD] Re: [PATCH] BUILD: Break the intgcheck target into 5 smaller targets: intgcheck-{prepare,configure,build,run,clean}

2016-08-29 Thread Jakub Hrozek
On Mon, Aug 29, 2016 at 10:38:46AM +0200, Lukas Slebodnik wrote: > On (29/08/16 07:09), Fabiano Fidêncio wrote: > >Hoiwdy! > > > > > >On Fri, Aug 19, 2016 at 1:08 AM, Fabiano Fidêncio > >wrote: > >> This patch is a first attempt to make "make intgcheck" less > >>

[SSSD] Re: tasks for newcomers or non-developers

2016-08-29 Thread Jakub Hrozek
On Sun, Aug 28, 2016 at 03:31:05PM -0400, Justin Stephenson wrote: > > > Hello, > > > > > > I wanted to provide some feedback on the Contribute wiki page from an > > > outsiders perspective after spending time writing a few patches for sssd. > > > I > > > hope it will be of some value to improve

[SSSD] Re: [SSSD} [PATCH] Remove no longer used code

2016-08-26 Thread Jakub Hrozek
On Mon, Aug 15, 2016 at 02:58:50PM +0200, Fabiano Fidêncio wrote: > Those 3 patches are from Jakub and I've just done some minor > adjustments and add myself as co-author of the first 2 patches. > > CI has passed: http://sssd-ci.duckdns.org/logs/job/51/55/summary.html > > Best Regards, > -- >

[SSSD] Re: [PATCH] Check whether a secret exists before trying to delete it

2016-08-26 Thread Jakub Hrozek
On Fri, Aug 26, 2016 at 11:00:26AM +0200, Jakub Hrozek wrote: > Thanks, ACK (still works, code looks good) * master: c4a3b24dc70fb50c8c0cc5490c29a3755d8b1b73 ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.

[SSSD] Re: [PATCHSET] Throw away the timestamp cache if re-initializing the persistent cache

2016-08-26 Thread Jakub Hrozek
On Fri, Aug 26, 2016 at 02:26:21PM +0200, Jakub Hrozek wrote: > On Fri, Aug 26, 2016 at 08:09:56AM +0200, Fabiano Fidêncio wrote: > > On Thu, Aug 25, 2016 at 1:44 PM, Jakub Hrozek <jhro...@redhat.com> wrote: > > > On Wed, Aug 17, 2016 at 01:13:16PM +0200

[SSSD] Re: [PATCH] BUILD: Allow to read private pipes for root

2016-08-26 Thread Jakub Hrozek
On Fri, Aug 26, 2016 at 03:17:07PM +0200, Jakub Hrozek wrote: > On Fri, Aug 26, 2016 at 10:23:59AM +0200, Jakub Hrozek wrote: > > On Fri, Aug 19, 2016 at 12:30:40PM +0200, Lukas Slebodnik wrote: > > > ehlo, > > > > > > Root can read anything from any

[SSSD] Re: [PATCH] BUILD: Allow to read private pipes for root

2016-08-26 Thread Jakub Hrozek
On Fri, Aug 26, 2016 at 10:23:59AM +0200, Jakub Hrozek wrote: > On Fri, Aug 19, 2016 at 12:30:40PM +0200, Lukas Slebodnik wrote: > > ehlo, > > > > Root can read anything from any directory even with permissions 000. > > > > However SELinux checks discretionary

[SSSD] Re: [PATCHSET] Throw away the timestamp cache if re-initializing the persistent cache

2016-08-26 Thread Jakub Hrozek
On Fri, Aug 26, 2016 at 08:09:56AM +0200, Fabiano Fidêncio wrote: > On Thu, Aug 25, 2016 at 1:44 PM, Jakub Hrozek <jhro...@redhat.com> wrote: > > On Wed, Aug 17, 2016 at 01:13:16PM +0200, Fabiano Fidêncio wrote: > >> This patchset resolves https://fedorahosted.org/sssd/tick

[SSSD] Re: [PATCH] Check whether a secret exists before trying to delete it

2016-08-26 Thread Jakub Hrozek
On Fri, Aug 26, 2016 at 10:01:56AM +0200, Fabiano Fidêncio wrote: > On Fri, Aug 26, 2016 at 9:49 AM, Lukas Slebodnik <lsleb...@redhat.com> wrote: > > On (26/08/16 08:10), Fabiano Fidêncio wrote: > >>Jakub, > >> > >>On Thu, Aug 25, 2016 at 1:56 P

[SSSD] Re: [PATCH] SPEC: Fix typo in Summary

2016-08-26 Thread Jakub Hrozek
On Fri, Aug 19, 2016 at 06:09:29PM +0200, Lukas Slebodnik wrote: > ehlo, > > I found a typo when packagein 1.14.1 in fedora. > Actually, It was already fixed. I just forgot to sent patch into upstream. > > LS ACK ___ sssd-devel mailing list

[SSSD] Re: [PATCH] BUILD: Allow to read private pipes for root

2016-08-26 Thread Jakub Hrozek
On Fri, Aug 19, 2016 at 12:30:40PM +0200, Lukas Slebodnik wrote: > ehlo, > > Root can read anything from any directory even with permissions 000. > > However SELinux checks discretionary access control (DAC) > and deny access if access is not allowed for root by DAC. > The pam_sss use different

[SSSD] Re: [PATCH] Check whether a secret exists before trying to delete it

2016-08-26 Thread Jakub Hrozek
On Fri, Aug 26, 2016 at 09:49:27AM +0200, Lukas Slebodnik wrote: > On (26/08/16 08:10), Fabiano Fidêncio wrote: > >Jakub, > > > >On Thu, Aug 25, 2016 at 1:56 PM, Jakub Hrozek <jhro...@redhat.com> wrote: > >> On Wed, Aug 17, 2016 at 03:13:57PM +0200, Fabiano Fidê

[SSSD] Re: 'no primary group ID provided' when using AD in ldap mode

2016-08-26 Thread Jakub Hrozek
On Fri, Aug 26, 2016 at 07:16:36AM -, Daniel Hermans wrote: > > sorry about that - didn't realise there was a separate list - should i close > this request? > > - if i define ldap_idmap_default_domain_sid, clear /var/lib/sss/db/* and > restart sssd no longer reports this: > (Fri Aug 26

[SSSD] Re: 'no primary group ID provided' when using AD in ldap mode

2016-08-26 Thread Jakub Hrozek
On Fri, Aug 26, 2016 at 04:49:27AM -, daniel.herm...@nab.com.au wrote: > Hi, > i'd like to use sssd in ldap mode: > id_provider = ldap > auth_provider = ldap The users list is probably better then -devel for questions:

[SSSD] Re: [PATCH] Check whether a secret exists before trying to delete it

2016-08-25 Thread Jakub Hrozek
On Wed, Aug 17, 2016 at 03:13:57PM +0200, Fabiano Fidêncio wrote: > The attached patch for #3125 [0]is based on Jakub's "secrets" branch > on github [1], as there are (at least) a few issues with the current > secrets code. > > [0]: https://fedorahosted.org/sssd/ticket/312 > [1]:

[SSSD] Re: [PATCHSET] Throw away the timestamp cache if re-initializing the persistent cache

2016-08-25 Thread Jakub Hrozek
On Wed, Aug 17, 2016 at 01:13:16PM +0200, Fabiano Fidêncio wrote: > This patchset resolves https://fedorahosted.org/sssd/ticket/3128 > > CI has passed: http://sssd-ci.duckdns.org/logs/job/51/84/summary.html > > Best Regards, > -- > Fabiano Fidêncio > From

[SSSD] Re: tasks for newcomers or non-developers

2016-08-25 Thread Jakub Hrozek
On Wed, Aug 24, 2016 at 10:45:03AM -0400, Justin Stephenson wrote: > > On 08/04/2016 04:20 AM, Jakub Hrozek wrote: > > Hi, > > > > Over the last couple of weeks, I've talked to several people, mostly > > engineers with not too much development experience, who sai

[SSSD] Re: PROXY: Use the fqname when converting to lowercase

2016-08-24 Thread Jakub Hrozek
On Wed, Aug 24, 2016 at 10:48:21AM +0200, Fabiano Fidêncio wrote: > On Wed, Aug 24, 2016 at 10:43 AM, Lukas Slebodnik wrote: > > On (24/08/16 10:37), Fabiano Fidêncio wrote: > >>On Wed, Aug 24, 2016 at 10:33 AM, Lukas Slebodnik > >>wrote: > >>> On

[SSSD] Re: [SSSD/sssd #5] Miscellanous patches for the sssd-secrets responder (opened)

2016-08-19 Thread Jakub Hrozek
On Fri, Aug 19, 2016 at 05:23:59PM +0200, Lukas Slebodnik wrote: > On (19/08/16 09:38), Simo Sorce wrote: > >On Fri, 2016-08-19 at 11:20 +0200, Lukas Slebodnik wrote: > >> On (19/08/16 10:41), Jakub Hrozek wrote: > >> >On Fri, Aug 19, 2016 at 10:39:27AM +0200, Lukas S

[SSSD] Announcing SSSD 1.14.1

2016-08-19 Thread Jakub Hrozek
NUX_getpeercon() failure * RESPONDERS: Pass errno to strerror() when SELINUX_getpeercon() fails * SDAP: Don't log an op failure when no users are found Jakub Hrozek (18): * Updating the version for the 1.14.1 release * FO: Set port to NOT_WORKING when trying a next server * LDAP

[SSSD] Re: RFC: SSSD 1.14.1 release notes

2016-08-19 Thread Jakub Hrozek
thanks, fixed! On Fri, Aug 19, 2016 at 09:12:02AM -0400, Justin Stephenson wrote: > Just at quick glance I noticed under *Documentation Changes* it says a new > option 'ad_enabled_domain' was added but it should be 'ad_enabled_domains' > > -Justin > > > On 08/19/2016 0

[SSSD] RFC: SSSD 1.14.1 release notes

2016-08-19 Thread Jakub Hrozek
Hi, I'd like to tag and release 1.14.1 today, so I prepared the release notes: https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1 please comment or edit the notes on the wiki. ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org

[SSSD] [PATCH] knownhostsproxy: use all of the getaddrinfo()

2016-08-19 Thread Jakub Hrozek
Hi, I'm sending this patch on behalf of Nalin, who attached it to https://bugzilla.redhat.com/show_bug.cgi?id=1063278#c9 >From 82653c44bd67dbae24330e3b7c841153f930a17c Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Thu, 18 Aug 2016 14:23:19 -0400 Subject: [PATCH]

<    1   2   3   4   5   6   7   8   9   10   >