[SSSD] Re: Session Recording control options

On Mon, Jun 06, 2016 at 06:24:53PM +0300, Nikolai Kondrashov wrote: > On 06/06/2016 06:20 PM, Sumit Bose wrote: > > On Mon, Jun 06, 2016 at 04:24:35PM +0300, Nikolai Kondrashov wrote: > > > Hi everyone, > > > > > > After a little discussion with Dmitri and Sumit we decided that we'll need > > >

[SSSD] Re: [PATCHES] Support starting SSSD from a default configuration

On Fri, Jun 03, 2016 at 05:55:24PM +0200, Lukas Slebodnik wrote: > On (03/06/16 09:07), Stephen Gallagher wrote: > >On 05/13/2016 10:29 AM, Lukas Slebodnik wrote: > >> On (11/05/16 17:35), Lukas Slebodnik wrote: > >>> On (10/05/16 17:06), Jakub Hrozek wrote: > &

[SSSD] Re: [PATCH] PAM: add pam_sss option allow_missing_name

On Wed, Jun 01, 2016 at 06:31:29PM +0200, Sumit Bose wrote: > Hi, > > that attached two patches would allow to use the Smartcard support in > gdm with SSSD. To use it you should replace pam_pkcs11 in > /etc/pam.d/smartcard-auth in the auth section by > > authsufficient

[SSSD] Re: [PATCH] sudo man page: say that we support IPA schema

On Wed, Jun 01, 2016 at 11:58:45AM +0200, Pavel Březina wrote: > SSIA > From 2101e03fa59fec3f834b48256a287f456662d7c2 Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Pavel=20B=C5=99ezina?= > Date: Wed, 1 Jun 2016 11:57:53 +0200 > Subject: [PATCH] sudo man page: say that we

[SSSD] Re: [PATCHES] ipa: add support for certificate overrides

On Fri, Jun 03, 2016 at 02:56:08PM +0200, Jakub Hrozek wrote: > On Fri, May 20, 2016 at 09:13:29PM +0200, Sumit Bose wrote: > > Hi, > > > > this set of patches should resolve > > https://fedorahosted.org/sssd/ticket/2897 "Smart Cards: Certificate in > > the

[SSSD] Re: [PATCH] GPO: Add "polkit-1" to ad_gpo_map_allow

On Fri, Jun 03, 2016 at 09:07:57AM -0400, Stephen Gallagher wrote: > On 05/13/2016 09:07 AM, Stephen Gallagher wrote: > > Polkit is an authorization mechanism of its own (similar to sudo). SSSD > > doesn't > > need to apply additional authorization decisions atop it, so we'll just > > accept > >

[SSSD] Re: [PATCH] AD_PROVIDER: Fix constant char *

On Fri, Jun 03, 2016 at 02:38:01PM +0200, Fabiano Fidêncio wrote: > On Fri, Jun 3, 2016 at 2:32 PM, Lukas Slebodnik wrote: > > On (03/06/16 09:38), Sumit Bose wrote: > >>On Fri, Jun 03, 2016 at 08:22:10AM +0200, Petr Cech wrote: > >>> bump > >> > >>obvious ACK, just waiting

[SSSD] Re: [PATCHES] ipa: add support for certificate overrides

On Fri, May 20, 2016 at 09:13:29PM +0200, Sumit Bose wrote: > Hi, > > this set of patches should resolve > https://fedorahosted.org/sssd/ticket/2897 "Smart Cards: Certificate in > the ID View" and cover all other use cases from >

[SSSD] Re: [PATCH] systemtap-based performance probes

On Mon, May 09, 2016 at 10:04:37AM +0200, Jakub Hrozek wrote: > Hi, > > the attached patches are the first self-contained part of my performance > work. Using them, I analyzed the performance of 'id' as the worst-case, > then realized most of the issues are around processing an

[SSSD] Re: [PATCH] LDAP: Try also the AD access control for IPA users

On Wed, May 18, 2016 at 10:29:37AM +0200, Pavel Březina wrote: > On 05/17/2016 03:11 PM, Jakub Hrozek wrote: > > On Wed, May 11, 2016 at 11:58:11AM +0200, Jakub Hrozek wrote: > > > Hi, > > > > > > the attached patch implements Sumit's idea to solve > > &

[SSSD] Re: [PATCH] sudo: solve problems with fully qualified names

On Fri, May 27, 2016 at 11:54:20AM +0200, Pavel Březina wrote: > See commit message for details. > > Two configurations needs to be tested -- a domain with > use_fully_qualified_name = true and configuration with IPA-AD trusts where > default_domain_suffix is set to AD domain. > From

[SSSD] Re: [PATCH] Improve handling of fds with child processes

On Fri, May 27, 2016 at 10:58:23AM +0200, Petr Cech wrote: > On 05/19/2016 10:17 PM, Jakub Hrozek wrote: > > Hi, > > > > the attached two patches fix issues with handling of pipes towards our > > child processes. The first patch is more important as the leak occurs &

[SSSD] Re: Add sysdb_{add,replace,delete}_string() and sysdb_{add,replace,delete}_ulong()

On Fri, May 27, 2016 at 07:41:51AM +0200, Petr Cech wrote: > On 05/27/2016 07:19 AM, Petr Cech wrote: > > Hi Fabiano, > > > > thanks for patch set. > > > > The first version passed CI tests. The second version looks good to me, > > I will finally ack your patch set after second run of CI tests.

[SSSD] Re: [DESIGN] Prompting For Multiple Authentication Types

On Mon, May 30, 2016 at 03:49:43PM +0200, Sumit Bose wrote: > Hi, > > please find the SSSD design page for the Authentication Indicator > (http://www.freeipa.org/page/V4/Authentication_Indicators) related changes on > the SSSD side tracked by https://fedorahosted.org/sssd/ticket/2988 at >

[SSSD] Re: Design document - sssctl

Sure, file an upstream ticket or a downstream bug. But I don't think this is in scope of the next release. > On 30 May 2016, at 18:06, Arpit Tolani wrote: > > Hello > > Some of my customers are asking if we have a command line option to dump > information of all SSSD

[SSSD] Re: [PATCH] RESPONDERS: Negative caching of local users

On Mon, May 30, 2016 at 10:42:13AM +0200, Pavel Březina wrote: > On 05/27/2016 04:32 PM, Petr Cech wrote: > > Hi, > > > > I have new version of this patch set. > > I fixed CI tests on debian [1]. My thanks belongs to Lukas and Nikolai. > > > > > > [1]

[SSSD] Re: Add sysdb_{add,replace,delete}_string() and sysdb_{add,replace,delete}_ulong()

On Thu, May 26, 2016 at 04:18:32PM +0200, Fabiano Fidêncio wrote: > Please, see the attached patches. Hey Fabiano, Thank you for the patches! I admit I haven't tested the patches yet, just scrolled through the diffs. See some comments inline. But I would also like someone else to chime in

[SSSD] Re: [PATCHES] Data provider refactoring

On Thu, May 26, 2016 at 11:31:07AM +0200, Lukas Slebodnik wrote: > On (16/05/16 14:00), Pavel Březina wrote: > >Hi, > >the patches are finally ready to be tested and reviewed. It is too huge to be > >sent to the list so please checkout my fedorapeople or github repo: > > >

[SSSD] Re: [PATCH] IPA: use forest name when looking up the Global Catalog

On Tue, May 17, 2016 at 12:33:00PM +0200, Sumit Bose wrote: > Hi, > > this patch fixes a typo in the IPA AD related code, to look up the > Global Catalog via DNS the forest name should be used and not the name > of the currently domain. > > bye, > Sumit * master:

[SSSD] Re: [PATCH] IPA: use forest name when looking up the Global Catalog

On Tue, May 17, 2016 at 12:33:00PM +0200, Sumit Bose wrote: > Hi, > > this patch fixes a typo in the IPA AD related code, to look up the > Global Catalog via DNS the forest name should be used and not the name > of the currently domain. > > bye, > Sumit ACK CI is down, but this is a one-liner

[SSSD] [PATCH] Improve handling of fds with child processes

. The second patch is more about defensive programming and fixes #3006. >From 2f88d95d8c72f1333ce1fc12a1ba18249447c11e Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Thu, 19 May 2016 17:24:51 +0200 Subject: [PATCH 1/2] AD: Do not leak file descriptors during machine

[SSSD] Re: [PATCH] Terminate forked process if adcli is not installed

On Thu, May 19, 2016 at 08:16:36AM +0200, Lukas Slebodnik wrote: > Could we use EXIT_FAILURE? > > Otherwise nice work. Sure, new patches are attached. >From 6941f025e6a93c3f4bc13ee5fa24f4724ab3039f Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Tue, 17

[SSSD] Re: [PATCH] LDAP: Try also the AD access control for IPA users

On Wed, May 11, 2016 at 11:58:11AM +0200, Jakub Hrozek wrote: > Hi, > > the attached patch implements Sumit's idea to solve > https://fedorahosted.org/sssd/ticket/2927 > > The user who reported the bug confirmed that the patch works. As an > additional improv

[SSSD] [PATCH] Terminate forked process if adcli is not installed

to STDOUT_FILENO and extra_argv is always NULL. */ -errno_t exec_child(TALLOC_CTX *mem_ctx, - int *pipefd_to_child, int *pipefd_from_child, - const char *binary, int debug_fd); +void exec_child(TALLOC_CTX *mem_ctx, +int *pipefd_to_child, int *pipef

[SSSD] Re: [PATCH] IPA: Handle requests for netgroups from trusted domains gracefully

On Wed, May 11, 2016 at 01:57:53PM +0200, Pavel Březina wrote: > On 05/06/2016 03:04 PM, Jakub Hrozek wrote: > > To reproduce, just run: > > getent netgroup some_name@trusted.domain > > > > Please see the commit message for explanation. The other solution would

[SSSD] Re: [PATCH SET] Make the negcache timeout part of nc_ctx

On Wed, May 11, 2016 at 10:34:47AM +0200, Pavel Březina wrote: > On 05/10/2016 01:31 PM, Pavel Březina wrote: > > On 05/02/2016 03:02 PM, Petr Cech wrote: > > > On 04/28/2016 01:39 PM, Pavel Březina wrote: > > > > Hi, just few nitpicks: > > > > > > > > Patch 1 NEGCACHE: Adding timeout to struct

[SSSD] Re: [PATCH] Failover to next server if authentication fails

On Wed, May 11, 2016 at 11:42:40AM +0200, Jakub Hrozek wrote: > On Wed, May 11, 2016 at 10:24:10AM +0200, Pavel Březina wrote: > > On 05/10/2016 04:00 PM, Jakub Hrozek wrote: > > > On Thu, Apr 21, 2016 at 02:54:21PM +0200, Pavel Březina wrote: > > > >

[SSSD] Re: [PATCHES] Support starting SSSD from a default configuration

On Tue, May 10, 2016 at 05:06:41PM +0200, Jakub Hrozek wrote: > OK, for posterity, attached are the patches (RB: me) that I would like > to commit. > > CI passed as well: > http://sssd-ci.duckdns.org/logs/job/43/08/summary.html > (The failure on debian is in dyndns-tests,

[SSSD] Re: [PATCH] IPA: Handle requests for netgroups from trusted domains gracefully

On Fri, May 06, 2016 at 03:04:42PM +0200, Jakub Hrozek wrote: > To reproduce, just run: > getent netgroup some_name@trusted.domain > > Please see the commit message for explanation. The other solution would > be the other way around, ie always go to the code that handles lookup

[SSSD] [PATCH] LDAP: Try also the AD access control for IPA users

. But honestly I don't know if and how this could be solved (we would need to fetch this attribute always on initgroups on both client and server..) so I would prefer additional ticket and merge this patch first. >From 01598f563378f8cf85e7a7fb0c29e7bf32518c3f Mon Sep 17 00:00:00 2001 From: Jakub Hro

[SSSD] Re: [PATCH] Failover to next server if authentication fails

On Wed, May 11, 2016 at 10:24:10AM +0200, Pavel Březina wrote: > On 05/10/2016 04:00 PM, Jakub Hrozek wrote: > > On Thu, Apr 21, 2016 at 02:54:21PM +0200, Pavel Březina wrote: > > > We can fail in sasl_bind_send() with ERR_AUTH_FAILED for basically > > > unspecified re

[SSSD] Re: [PATCHES] Support starting SSSD from a default configuration

On Tue, May 10, 2016 at 09:51:18AM -0400, Stephen Gallagher wrote: > On 05/10/2016 09:45 AM, Jakub Hrozek wrote: > > On Tue, Apr 19, 2016 at 02:09:14PM -0400, Stephen Gallagher wrote: > >> These patches provide support for shipping a default configuration file > >

[SSSD] Re: [PATCHES] p11: add no_verification option

On Thu, Apr 14, 2016 at 01:48:50PM +0200, Sumit Bose wrote: > Hi, > > the following 3 patches are related to the Smartcard authentication > feature but imo can be tested even without having one. > > The first patch just adds some missing pieces. The second adds a new > 'no_verification' switch

[SSSD] [PATCH] FO: Set port to NOT_WORKING when trying a next server

_server() set the port status to NEUTRAL. That caused the connection code to run again, hit the same timeout issue and then cycle again and again.. Can anyone parse from the code why do we set the port to neutral instead of not_working in be_fo_try_next_server() ? >From 37806e08b5bc7a97246

[SSSD] Re: [PATCH] Failover to next server if authentication fails

On Thu, Apr 21, 2016 at 02:54:21PM +0200, Pavel Březina wrote: > We can fail in sasl_bind_send() with ERR_AUTH_FAILED for basically > unspecified reason but we do not failover to next server. This patch should > fix it. > > As said on the meeting, I didn't reproduce it and I'm not sure if it will

[SSSD] Re: [PATCHES] Support starting SSSD from a default configuration

On Tue, Apr 19, 2016 at 02:09:14PM -0400, Stephen Gallagher wrote: > These patches provide support for shipping a default configuration file that > the > monitor will automatically copy to /etc/sssd/sssd.conf if none already exists. > The idea is for distributions to be able to provide a default

[SSSD] Re: Idea for multilib handling in Fedora and RHEL

On Tue, May 10, 2016 at 01:24:51PM +0200, Lukas Slebodnik wrote: > On (10/05/16 06:40), Stephen Gallagher wrote: > >I was thinking this morning again about how we could deal with the 32-bit on > >64-bit problem. On Fedora 24 and newer, we have the ability to use rich RPM > >dependencies

[SSSD] Re: [PATCH] Do not crash if GetUserAttrs cannot be parsed

On Tue, May 10, 2016 at 12:06:39PM +0200, Pavel Březina wrote: > On 05/05/2016 11:38 AM, Jakub Hrozek wrote: > > On Wed, Apr 27, 2016 at 11:47:50AM +0200, Pavel Březina wrote: > > > >Can you also extend sbus_request_invoke_or_finish() to treat > > > >ERR_SBUS_RE

[SSSD] Re: sssd behaviour with large nested netgroups.

On Mon, May 09, 2016 at 11:04:59PM -0500, Malahal Naineni wrote: > Hi All, > > We have ganesha NFS server that calls innetgr() call to validate > client request. Noticing that all ganesha threads were making innetgr() > calls and spending a lot of time there, I wrote a small script that

[SSSD] Re: [PATCH] Unit tests for pam_sss using pam_wrapper (need help with CI..)

On Wed, May 04, 2016 at 11:36:57PM +0200, Lukas Slebodnik wrote: > On (27/04/16 10:51), Jakub Hrozek wrote: > >Hi, > > > >the attached patches implement unit tests for the pam_sss module using > >pam_wrapper and libpamtest. In my testing, the coverage is around 7

[SSSD] [PATCH] systemtap-based performance probes

for helping me a lot with the build failures on #sssd last week) >From 60d21413ee5b72ed3d732f7a2fbf72a8061040fd Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Tue, 1 Dec 2015 23:23:33 +0100 Subject: [PATCH 01/10] UTIL: Add a PROBE macro into probes.h The macros are

[SSSD] [PATCH] Make sdap_process_group_send() static

Hi, a trivial code-hygiene patch is attached. >From ac33446aaa78b65c6891f486e9ad462101f88a79 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Tue, 8 Dec 2015 21:10:27 +0100 Subject: [PATCH] Make sdap_process_group_send() static --- src/providers/ldap/sdap_async

[SSSD] Re: [DESIGN][PATCH] IPA HBAC Time Rules

On Mon, May 09, 2016 at 09:21:53AM +0200, Stanislav Laznicka wrote: > From what I've gathered, you would also like to have > it ported to FreeBSD and Solaris (correct me if I'm wrong). I already did > some research on how to get the Olson name there but it all seems a bit > messy so if you know of

[SSSD] Re: [DESIGN] Lookup Users by Certificate - Active Directory

On Fri, Apr 29, 2016 at 03:38:46PM +0200, Sumit Bose wrote: > Hi, > > please find a new design document at > https://fedorahosted.org/sssd/wiki/DesignDocs/LookupUsersByCertificatePart2. > It describes the extended support for user lookup by certificates namely > for certificates stored in AD and

[SSSD] [PATCH] IPA: Handle requests for netgroups from trusted domains gracefully

or a group. >From 18cbf559addfeb77ad83b81e23431295a3e5c6ae Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Fri, 6 May 2016 15:02:19 +0200 Subject: [PATCH] IPA: Handle requests for netgroups from trusted domains gracefully In ipa_account_info_handler we first check if th

[SSSD] Re: [PATCH] Do not crash if GetUserAttrs cannot be parsed

translate the new error code back to EOK. Sorry, I totally forgot about these patches. Here you go.. >From d3b578dd84acd327f0f623ddb835cd031480bb0a Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Wed, 27 Apr 2016 11:11:31 +0200 Subject: [PATCH 1/2] UTIL: Add ERR_SB

[SSSD] Re: [PATCH] RESPONDERS: Fix talloc context for negative cache

On Mon, May 02, 2016 at 10:47:50AM +0200, Pavel Březina wrote: > On 05/02/2016 08:53 AM, Petr Cech wrote: > > On 04/28/2016 01:41 PM, Pavel Březina wrote: > > > On 04/26/2016 09:38 AM, Petr Cech wrote: > > > > Hi list, > > > > > > > > this simple patch fixes talloc hierarchy in initializing

[SSSD] Re: Design document - sssctl

On Fri, Apr 29, 2016 at 06:21:44AM +0530, Arpit Tolani wrote: > Hello Hi Arpit, thank you very much for checking the design document. > > Currently we mostly run > > # service sssd stop ; rm -rf /var/lib/sss/db/* /var/log/sssd/* ; service sssd > start Yes, we plan on implememting this. But a

[SSSD] [PATCH] SSH: Do not print an error message if sss_ssh_authorizedkeys is asked for a local user

the AuthorizedKeysCommand. >From 2a1eae3d00a85adaf66f2660489d0cbc028f4c9b Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Thu, 28 Apr 2016 10:31:45 +0200 Subject: [PATCH] SSH: Do not print an error message if sss_ssh_authorizedkeys is asked for a local user If an IPA client use

[SSSD] [PATCH] MAN: Remove references to the obsolete PubkeyAgent ssh option

Hi, please see the attached trivial patch. The issue was reported by adelton on IRC. >From 979353eb20849f036522ce4f5edf28f5a989f886 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Wed, 27 Apr 2016 12:18:15 +0200 Subject: [PATCH] MAN: Remove references to the

[SSSD] Re: [PATCH] Do not crash if GetUserAttrs cannot be parsed

On Wed, Apr 20, 2016 at 01:20:14PM +0200, Pavel Březina wrote: > On 04/20/2016 11:56 AM, Jakub Hrozek wrote: > > Hi Pavel, > > > > can you check if this is the right thing to do for methods that parse > > arguments on their own? > > > > To reproduce, it was

[SSSD] Re: [PATCH] MAN: Drop the reference to IPAv2 in the man page

On Mon, Mar 21, 2016 at 09:37:45AM +0100, Lukas Slebodnik wrote: > On (17/03/16 22:59), Jakub Hrozek wrote: > >a man page one liner :) > > > >No need to explicitly mention IPAv2, I hope there are no deployments of > >IPAv1 left anymore :) > > > >This

[SSSD] Re: [PATCH] LDAP: Print port in sdap_print_server

On Fri, Apr 22, 2016 at 05:04:21PM +0200, Lukas Slebodnik wrote: > On (22/04/16 15:57), Jakub Hrozek wrote: > >On Mon, Apr 11, 2016 at 03:35:52PM +0200, Jakub Hrozek wrote: > >> On Mon, Apr 11, 2016 at 02:58:06PM +0200, Lukas Slebodnik wrote: > >> > On (11/04

[SSSD] Re: Running tests with different environment

On Thu, Jan 28, 2016 at 05:12:40PM +0100, Jakub Hrozek wrote: > On Thu, Jan 28, 2016 at 04:19:25PM +0100, Lukas Slebodnik wrote: > > On (27/10/15 22:35), Lukas Slebodnik wrote: > > >On (27/10/15 17:57), Jakub Hrozek wrote: > > >>On Tue, Oct 27, 2015 at 05:42:

[SSSD] Re: [PATCHES] PAM: refactor pam_reply

On Mon, May 11, 2015 at 06:28:35PM +0200, Lukas Slebodnik wrote: > On (11/05/15 17:36), Pavel Reichl wrote: > >Rebased patch set is attached. > > Code coverage of function pam_reply was quite high > but it covered just part which was necessary for Sumit's work. > > I thought you would increase

[SSSD] Re: [PATCH] LDAP: Print port in sdap_print_server

On Fri, Apr 22, 2016 at 05:04:21PM +0200, Lukas Slebodnik wrote: > On (22/04/16 15:57), Jakub Hrozek wrote: > >On Mon, Apr 11, 2016 at 03:35:52PM +0200, Jakub Hrozek wrote: > >> On Mon, Apr 11, 2016 at 02:58:06PM +0200, Lukas Slebodnik wrote: > >> > On (11/04

[SSSD] Re: [PATCH] IPA: terminate properly if view name lookup fails

On Fri, Apr 22, 2016 at 05:41:31PM +0200, Jakub Hrozek wrote: > On Fri, Apr 22, 2016 at 05:34:47PM +0200, Sumit Bose wrote: > > On Fri, Apr 22, 2016 at 05:17:29PM +0200, Jakub Hrozek wrote: > > > On Fri, Apr 22, 2016 at 05:03:06PM +0200, Lukas Slebodnik wrote: > > > &

[SSSD] Re: [PATCH] IPA: terminate properly if view name lookup fails

On Fri, Apr 22, 2016 at 05:34:47PM +0200, Sumit Bose wrote: > On Fri, Apr 22, 2016 at 05:17:29PM +0200, Jakub Hrozek wrote: > > On Fri, Apr 22, 2016 at 05:03:06PM +0200, Lukas Slebodnik wrote: > > > On (22/04/16 15:41), Jakub Hrozek wrote: > > > >On Tue, Apr 19, 2

[SSSD] Re: [PATCH] IPA: terminate properly if view name lookup fails

On Fri, Apr 22, 2016 at 05:03:06PM +0200, Lukas Slebodnik wrote: > On (22/04/16 15:41), Jakub Hrozek wrote: > >On Tue, Apr 19, 2016 at 04:11:54PM +0200, Sumit Bose wrote: > >> Hi, > >> > >> this is a follow-up patch to 5a5f1e1053415efaa99bb4d5bc7ce7ac0a95

[SSSD] Re: [PATCH] intg: Use different uid range for add_remove tests

On Wed, Apr 20, 2016 at 01:35:03PM +0200, Petr Cech wrote: > On 04/20/2016 12:52 PM, Lukas Slebodnik wrote: > > On (20/04/16 12:36), Petr Cech wrote: > > > >On 04/18/2016 10:34 AM, Lukas Slebodnik wrote: > > > > >>ehlo, > > > > >> > > > > >>I use special local user for building srpms in mock > > >

[SSSD] Re: [PATCH] IPA: terminate properly if view name lookup fails

On Tue, Apr 19, 2016 at 04:11:54PM +0200, Sumit Bose wrote: > Hi, > > this is a follow-up patch to 5a5f1e1053415efaa99bb4d5bc7ce7ac0a95b757 > which removes another call to ipa_check_master() which might cause an > infinite loop on an IPA client if the server does not support views. > > Please

[SSSD] Re: [PATCH] AD: use krb5_keytab for subdomain initialization

On Wed, Apr 13, 2016 at 03:45:22PM +0200, Sumit Bose wrote: > Hi, > > this is a bit of a follow-up patch to "subdomains: inherit > ldap_krb5_keytab". It turned out that if the default keytab contains > some completely unrelated keys the SASL initialization might e.g. pick a > wrong realm name

[SSSD] Re: [PRELIMINARY] Data Provider changes

On Fri, Apr 22, 2016 at 09:07:09AM +0200, Lukas Slebodnik wrote: > On (21/04/16 18:10), Pavel Reichl wrote: > > > > > >On 04/21/2016 03:24 PM, Pavel Březina wrote: > >> Hi, > >> the data provider code is basically ready for someone to start looking > >> into it. I'm in the process of converting

[SSSD] Re: [PATCH SET} A new Secrets service

On Wed, Apr 20, 2016 at 02:58:36PM -0400, Simo Sorce wrote: > On Wed, 2016-04-20 at 19:58 +0200, Lukas Slebodnik wrote: > > On (20/04/16 17:21), Jakub Hrozek wrote: > > >On Wed, Apr 20, 2016 at 09:59:19AM -0400, Simo Sorce wrote: > > >> On Wed, 2016-04-20 at 1

[SSSD] Re: [PATCH SET} A new Secrets service

On Wed, Apr 20, 2016 at 09:59:19AM -0400, Simo Sorce wrote: > On Wed, 2016-04-20 at 14:16 +0200, Jakub Hrozek wrote: > > On Tue, Apr 05, 2016 at 02:54:10PM -0400, Simo Sorce wrote: > > > On Tue, 2016-04-05 at 12:57 -0400, Simo Sorce wrote: > > > > Thanks, II

[SSSD] Re: [PATCH SET} A new Secrets service

On Wed, Apr 20, 2016 at 09:57:03AM -0400, Simo Sorce wrote: > On Wed, 2016-04-20 at 11:55 +0200, Jakub Hrozek wrote: > > On Tue, Apr 05, 2016 at 02:54:10PM -0400, Simo Sorce wrote: > > > On Tue, 2016-04-05 at 12:57 -0400, Simo Sorce wrote: > > > > Thanks, II

[SSSD] Re: [PATCH SET} A new Secrets service

On Wed, Apr 20, 2016 at 09:43:05AM -0400, Simo Sorce wrote: > On Wed, 2016-04-20 at 11:12 +0200, Jakub Hrozek wrote: > > On Wed, Apr 20, 2016 at 10:32:59AM +0200, Jakub Hrozek wrote: > > > > > From 0dff46755af6063ed4b0339020ae5bb686692de1 Mon Sep 17 00:00:00 2001 >

[SSSD] Re: [PATCH SET} A new Secrets service

On Tue, Apr 05, 2016 at 02:54:10PM -0400, Simo Sorce wrote: > On Tue, 2016-04-05 at 12:57 -0400, Simo Sorce wrote: > > Thanks, IIRC the int-instead of enum use is intentional, I will look > > at the others. > > The last coverity/clang thing is a false positive, but I initialized > reply to NULL

[SSSD] Re: [DESIGN] sss_confcheck tool

On Wed, Apr 20, 2016 at 12:04:23PM +0200, Michal Židek wrote: > Hi, > > I just updated the design for the planned sss_confcheck tool. > It can be found here: > https://fedorahosted.org/sssd/wiki/DesignDocs/ConfigCheckTool > > For convenience I paste it here as well: > > > sss_confcheck tool >

[SSSD] [PATCH] Do not crash if GetUserAttrs cannot be parsed

de2 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Wed, 20 Apr 2016 11:54:31 +0200 Subject: [PATCH] IFP: Do not crash on invalid arguments to GetUserAttr --- src/responder/ifp/ifpsrv_cmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resp

[SSSD] Re: [PATCH SET} A new Secrets service

On Tue, Apr 05, 2016 at 02:54:10PM -0400, Simo Sorce wrote: > On Tue, 2016-04-05 at 12:57 -0400, Simo Sorce wrote: > > Thanks, IIRC the int-instead of enum use is intentional, I will look > > at the others. > > The last coverity/clang thing is a false positive, but I initialized > reply to NULL

[SSSD] Re: [PATCH SET} A new Secrets service

On Wed, Apr 20, 2016 at 10:32:59AM +0200, Jakub Hrozek wrote: > > > From 0dff46755af6063ed4b0339020ae5bb686692de1 Mon Sep 17 00:00:00 2001 > > > From: Simo Sorce <s...@redhat.com> > > > Date: Tue, 12 Jan 2016 20:13:28 -0500 > > > Subject: [PATCH 02/

[SSSD] Re: [PATCH SET} A new Secrets service

On Wed, Apr 20, 2016 at 09:59:57AM +0200, Jakub Hrozek wrote: > On Tue, Apr 05, 2016 at 02:54:10PM -0400, Simo Sorce wrote: > > On Tue, 2016-04-05 at 12:57 -0400, Simo Sorce wrote: > > > Thanks, IIRC the int-instead of enum use is intentional, I will look > > > at th

[SSSD] Re: [PATCH SET} A new Secrets service

On Tue, Apr 05, 2016 at 02:54:10PM -0400, Simo Sorce wrote: > On Tue, 2016-04-05 at 12:57 -0400, Simo Sorce wrote: > > Thanks, IIRC the int-instead of enum use is intentional, I will look > > at the others. > > The last coverity/clang thing is a false positive, but I initialized > reply to NULL

[SSSD] Design discussion: Performance enhancements for the 1.14 release

tamps), then actions like user and group lookups and logins should be considerably faster. The SSSD should also correctly detect when the entries in fact did change on the server. In this case, a full cache write will be performed. === Authors === * Jakub Hrozek <jhro...@redhat.com> with

[SSSD] Re: [PATCH] SPEC: Run extra unit tests with epel

On Tue, Apr 19, 2016 at 12:45:33PM +0200, Lukas Slebodnik wrote: > >One solution can be to send SIGKILL to child process as part of cleanup > >in test_run_as_root_daemon. But that's not related to this patch :-) > > > Jakub, > > do we want to fix the confusing failure? Sure, if you know how to

[SSSD] Re: [PATCH] sudo: use cache_req interface

On Tue, Apr 19, 2016 at 10:59:20AM +0200, Pavel Březina wrote: > On 04/19/2016 09:59 AM, Lukas Slebodnik wrote: > > On (01/03/16 13:53), Pavel Březina wrote: > > > On 02/25/2016 02:08 PM, Jakub Hrozek wrote: > > > > On Tue, Feb 09, 2016 at 02:07:21PM +0100, Pavel

[SSSD] Re: Design document - sssctl

On Wed, Apr 06, 2016 at 10:52:24AM +0200, Jakub Hrozek wrote: > On Tue, Mar 22, 2016 at 04:23:26PM -0400, Justin Stephenson wrote: > > This is great and will make our lives much easier in support! Currently we > > have autokeyed commands like 'service sssd stop; rm -f

[SSSD] Announcing SSSD 1.13.4

7ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000] == Detailed Changelog == Dan Lavu (1): * PAM: Fix man for pam_account_{expired,locked}_message David Disseldorp (1): * build: detect endianness at configure time Jakub Hrozek (17): * Upgrading the version for the 1.13.4

[SSSD] Re: [PATCHES] PAC: only save PAC blob into the cache

On Tue, Apr 12, 2016 at 12:59:09PM +0200, Pavel Březina wrote: > On 04/01/2016 01:12 PM, Pavel Březina wrote: > >On 03/18/2016 05:09 PM, Sumit Bose wrote: > >>On Tue, Mar 15, 2016 at 04:50:48PM +0100, Lukas Slebodnik wrote: > >>>On (15/03/16 10:04), Pavel Březina wrote: > On 03/14/2016 12:12

[SSSD] Re: [PATCH] sudo: use cache_req interface

On Fri, Apr 08, 2016 at 01:05:54PM +0200, Jakub Hrozek wrote: > On Fri, Apr 08, 2016 at 12:15:25PM +0200, Pavel Březina wrote: > > On 03/01/2016 01:53 PM, Pavel Březina wrote: > > >On 02/25/2016 02:08 PM, Jakub Hrozek wrote: > > >>On Tue, Feb 09, 2016 at 02:07:2

[SSSD] Re: Config file merging in SSSD

On Tue, Mar 22, 2016 at 04:19:48PM +0100, Michal Židek wrote: > On 03/22/2016 03:29 PM, Sumit Bose wrote: > >On Tue, Mar 22, 2016 at 12:29:39PM +0100, Michal Židek wrote: > >>Hi, > >> > >>I would like to write a patch that will > >>allow SSSD to use the config file merging > >>feature from libini.

[SSSD] Re: [PATCH] memberof: Fix a memory leak when removing ghost users

On Fri, Apr 08, 2016 at 11:52:18AM +0200, Jakub Hrozek wrote: > From c69aff1284c72d1e5bcb633c2499e9fb74f16335 Mon Sep 17 00:00:00 2001 > From: Jakub Hrozek <jhro...@redhat.com> > Date: Wed, 6 Apr 2016 18:35:39 +0200 > Subject: [PATCH 1/3] memberof: Fix a memory leak when re

[SSSD] Re: [PATCH] GPO: Process GPOS in offline mode if ldap search failed

On Tue, Apr 12, 2016 at 02:10:55PM +0200, Jakub Hrozek wrote: > On Mon, Apr 11, 2016 at 12:49:35PM +0200, Lukas Slebodnik wrote: > > ehlo, > > > > attached patch should fix #2964. > > BTW it worked previously because there was a bug in marking > > domain

[SSSD] Re: [PATCH] GPO: Process GPOS in offline mode if ldap search failed

On Mon, Apr 11, 2016 at 12:49:35PM +0200, Lukas Slebodnik wrote: > ehlo, > > attached patch should fix #2964. > BTW it worked previously because there was a bug in marking > domain as offline. > > So this bug was revealed with fix of another bug :-) > 0561d532cf76b035b73cfed929a6896071dac407 >

[SSSD] Re: Design document - sssctl

On Tue, Apr 12, 2016 at 01:01:03PM +0200, Pavel Březina wrote: > On 04/12/2016 12:52 PM, Jakub Hrozek wrote: > >On Tue, Mar 22, 2016 at 12:42:28PM +0100, Pavel Reichl wrote: > >>Hello, > >> > >>Pavel Březina and I have prepared the 1st draft of design document.

[SSSD] Re: Design document - sssctl

On Tue, Apr 12, 2016 at 01:02:30PM +0200, Pavel Březina wrote: > On 04/06/2016 10:54 AM, Jakub Hrozek wrote: > >On Tue, Mar 22, 2016 at 12:42:28PM +0100, Pavel Reichl wrote: > >>Hello, > >> > >>Pavel Březina and I have prepared the 1st draft of design document.

[SSSD] Re: Design document - sssctl

On Tue, Mar 22, 2016 at 12:42:28PM +0100, Pavel Reichl wrote: > Hello, > > Pavel Březina and I have prepared the 1st draft of design document. We mostly > focused on summing up its future functionality and its interface. > > Please comment if you miss some essential functionality or if you

[SSSD] Re: [PATCH] LDAP: Print port in sdap_print_server

On Mon, Apr 11, 2016 at 02:58:06PM +0200, Lukas Slebodnik wrote: > On (11/04/16 13:39), Jakub Hrozek wrote: > >On Mon, Apr 11, 2016 at 01:12:51PM +0200, Lukas Slebodnik wrote: > >> ehlo, > >> > >> following patch help me to find out issues with GPO. > >

[SSSD] Re: [PATCH] LDAP: Print port in sdap_print_server

On Mon, Apr 11, 2016 at 01:12:51PM +0200, Lukas Slebodnik wrote: > ehlo, > > following patch help me to find out issues with GPO. > I think it might be useful also in other cases. > > But ideal would be if fail-over code would print port as well. > ATM "0" is logged as a port with AD. That's

[SSSD] Re: [PATCH] PAM: Export original user shell to tlog-rec

On Fri, Apr 08, 2016 at 07:31:59PM +0300, Nikolai Kondrashov wrote: > On 04/06/2016 02:06 PM, Sumit Bose wrote: > >On Wed, Apr 06, 2016 at 12:59:32PM +0300, Nikolai Kondrashov wrote: > >>On 03/18/2016 07:56 PM, Nikolai Kondrashov wrote: > >>>The attached patch adds exporting of the original

[SSSD] Re: [PATCH] sudo: use cache_req interface

On Fri, Apr 08, 2016 at 12:15:25PM +0200, Pavel Březina wrote: > On 03/01/2016 01:53 PM, Pavel Březina wrote: > >On 02/25/2016 02:08 PM, Jakub Hrozek wrote: > >>On Tue, Feb 09, 2016 at 02:07:21PM +0100, Pavel Březina wrote: > >>>First of the responders is converted -

[SSSD] Re: [PATCH] memberof: Fix a memory leak when removing ghost users

On Thu, Apr 07, 2016 at 01:01:52PM +0200, Pavel Březina wrote: > On 04/07/2016 11:51 AM, Jakub Hrozek wrote: > >On Thu, Apr 07, 2016 at 09:16:21AM +0200, Lukas Slebodnik wrote: > >>On (06/04/16 18:38), Jakub Hrozek wrote: > >>>Hi, > >>> > >

[SSSD] Re: [PATCH] AD: Recognize Windows Server 2016

On Thu, Apr 07, 2016 at 09:12:17AM +0200, Lukas Slebodnik wrote: > On (06/04/16 15:30), Jakub Hrozek wrote: > >Hi, > > > >I was doing a smoke-test with Windows Server 2016 after receiving > >several requests from users (mainly about IDMU deprecation) and find out >

[SSSD] Re: [PATCH] memberof: Fix a memory leak when removing ghost users

On Thu, Apr 07, 2016 at 09:16:21AM +0200, Lukas Slebodnik wrote: > On (06/04/16 18:38), Jakub Hrozek wrote: > >Hi, > > > >I'm sorry I didn't catch this when I developed the original patch, but > >today I was trying to write the leak patches as Lukas suggested the > &

[SSSD] Re: [PATCH] test_ipa_subdom_server: Workaround for slow krb5 + SELinux

On Tue, Mar 15, 2016 at 04:47:50PM +0100, Lukas Slebodnik wrote: > ehlo, > > There were failures[1] on rhel6 machine with latest packages. > it took me a while to find out which package cuaed it. > Therefore I downgraded rhel machine to vanilla rhel6.7 > and I was troubleshooting it on different

[SSSD] Re: [PATCH] SPEC: Run extra unit tests with epel

On Wed, Apr 06, 2016 at 05:10:02PM +0200, Jakub Hrozek wrote: > On Fri, Apr 01, 2016 at 03:17:00PM +0200, Lukas Slebodnik wrote: > > On (31/03/16 09:46), Lukas Slebodnik wrote: > > >On (18/03/16 17:53), Lukas Slebodnik wrote: > > >>On (17/03/16 23:17), Jakub Hroze

[SSSD] Re: Design Document: Data Provider Refactoring

On Fri, Apr 01, 2016 at 12:07:04PM +0200, Pavel Březina wrote: > https://fedorahosted.org/sssd/wiki/DesignDocs/DataProvider > > For your convenience, the text is copied below: > > = Data Provider Refactoring = > > Related ticket(s): > * https://fedorahosted.org/sssd/ticket/385 I think you can

[SSSD] Re: [PATCH] SPEC: Run extra unit tests with epel

On Fri, Apr 01, 2016 at 03:17:00PM +0200, Lukas Slebodnik wrote: > On (31/03/16 09:46), Lukas Slebodnik wrote: > >On (18/03/16 17:53), Lukas Slebodnik wrote: > >>On (17/03/16 23:17), Jakub Hrozek wrote: > >>>On Mon, Mar 07, 2016 at 04:12:00PM +0100, Luka

[SSSD] Re: [PATCH] GPO_CHILD: Create directories in gpo_cache with right permissions

On Fri, Apr 01, 2016 at 03:18:25PM +0200, Lukas Slebodnik wrote: > On (03/03/16 13:50), Lukas Slebodnik wrote: > >ehlo, > > > >review is appreciated. > Bump > > LS I'm sorry for the late review. The patches seem to work fine, without them, I was seeing: (Wed Apr 6 14:11:20 2016)

<    2   3   4   5   6   7   8   9   10   11   >