[SSSD] Re: [PATCH] IDMAP: Add minor performance improvements

2016-03-01 Thread Jakub Hrozek
On Mon, Feb 29, 2016 at 03:10:05PM +0100, Sumit Bose wrote: > On Wed, Feb 17, 2016 at 10:47:26AM +0100, Pavel Reichl wrote: > > On 02/15/2016 06:19 PM, Sumit Bose wrote: > > >On Tue, Jan 26, 2016 at 05:35:06PM +0100, Pavel Reichl wrote: > > >>>Hello, > > >>> > > >>>please see simple patch attached.

[SSSD] Re: URI in HBAC rules - patch - request for feedback

2016-02-29 Thread Jakub Hrozek
On Mon, Feb 29, 2016 at 04:29:05PM +0100, Jan Pazdziora wrote: > On Mon, Feb 29, 2016 at 03:30:12PM +0100, Jakub Hrozek wrote: > > > > > > So, effectively, there would be no way to make some URI accessible to > > > more than one group? > > > > There

[SSSD] Re: URI in HBAC rules - patch - request for feedback

2016-02-29 Thread Jakub Hrozek
On Mon, Feb 29, 2016 at 04:23:18PM +0100, Jan Pazdziora wrote: > On Mon, Feb 29, 2016 at 12:44:01PM +0100, Jakub Hrozek wrote: > > > > > E.g., allow every URI that does NOT start with > > > $(hostname)/admin/ . It would be possible if there was finite number o

[SSSD] Re: URI in HBAC rules - patch - request for feedback

2016-02-29 Thread Jakub Hrozek
On Mon, Feb 29, 2016 at 12:56:55PM +0100, Lukáš Hellebrandt wrote: > On 02/29/2016 12:44 PM, Jakub Hrozek wrote: > > On Mon, Feb 29, 2016 at 11:50:06AM +0100, Lukáš Hellebrandt wrote: > >> On 02/28/2016 11:42 AM, Jakub Hrozek wrote: > >>> On Fri, Feb 26, 2016 at 02:03

[SSSD] Re: URI in HBAC rules - patch - request for feedback

2016-02-29 Thread Jakub Hrozek
On Mon, Feb 29, 2016 at 11:50:06AM +0100, Lukáš Hellebrandt wrote: > On 02/28/2016 11:42 AM, Jakub Hrozek wrote: > > On Fri, Feb 26, 2016 at 02:03:37PM +0100, Lukáš Hellebrandt wrote: > >>> First question I have is that the URLs only match on complete string > >>>

[SSSD] Re: [PATCH] cache_req improvements

2016-02-29 Thread Jakub Hrozek
On Mon, Feb 29, 2016 at 11:22:00AM +0100, Pavel Březina wrote: > On 02/26/2016 01:47 PM, Jakub Hrozek wrote: > >On Wed, Feb 24, 2016 at 12:41:24PM +0100, Pavel Březina wrote: > >>>> From f61d0192b8254247802167ea385b52f65d4e175d Mon Sep 17 00:00:00 2001 > >>>&

[SSSD] Re: [PATCH] sdap: improve filtering of multiple results in GC lookups

2016-02-29 Thread Jakub Hrozek
On Thu, Feb 25, 2016 at 01:37:27PM +0100, Sumit Bose wrote: > On Thu, Feb 25, 2016 at 12:50:55PM +0100, Jakub Hrozek wrote: > > On Tue, Feb 23, 2016 at 12:53:25PM +0100, Sumit Bose wrote: > > > Hi, > > > > > > this patch fixes and issue during initgroups in AD

[SSSD] Re: [PATCH]: test ldap provider with TLS or SSL

2016-02-29 Thread Jakub Hrozek
os we are > testing/supporting against correct? Yes, we support RHEL >= 6, Fedora (all supported versions) and Debian Testing. > Also wondering if the ci setup issue I'm > seeing applies to apt. > > Dan > > > On 2/26/16 5:53 AM, Jakub Hrozek wrote: > >

[SSSD] Re: URI in HBAC rules - patch - request for feedback

2016-02-28 Thread Jakub Hrozek
On Fri, Feb 26, 2016 at 02:03:37PM +0100, Lukáš Hellebrandt wrote: > > First question I have is that the URLs only match on complete string > > match. From past conversations I thought we wanted to add a more > > granular evaluation..? > > I am planning to interpret URI as a prefix. However, there

[SSSD] Re: libini - config file validity checks

2016-02-26 Thread Jakub Hrozek
On Fri, Feb 26, 2016 at 04:41:49PM +0100, Michal Židek wrote: > Hi, > > we had a discussion with Lukas about this feature > and came up with some modifications to the design. > > I will explain the change in the typo detection mechanism. > > The format in the schema/constraints file will be foll

[SSSD] Re: [PATCH] memberof: Don't allocate on a NULL context

2016-02-26 Thread Jakub Hrozek
On Fri, Feb 26, 2016 at 11:08:45AM +0100, Pavel Březina wrote: > On 02/24/2016 03:19 PM, Jakub Hrozek wrote: > >Hi, > > > >the attached patch fixes: > > https://fedorahosted.org/sssd/ticket/2959 > > > >It was confirmed by the original reporter. The bug w

[SSSD] Re: [PATCH] LDAP: Use the common get_uppercase_realm to uppercase the realm

2016-02-26 Thread Jakub Hrozek
On Fri, Feb 26, 2016 at 10:47:13AM +0100, Pavel Březina wrote: > On 02/25/2016 02:04 PM, Jakub Hrozek wrote: > >Hi, > > > >attached is a simple clan-up patch. > > Hi, > make_realm_upper_case also contains a check that returns the original string > if delimiter is

[SSSD] Re: [PATCH] cache_req improvements

2016-02-26 Thread Jakub Hrozek
On Wed, Feb 24, 2016 at 12:41:24PM +0100, Pavel Březina wrote: > >> From f61d0192b8254247802167ea385b52f65d4e175d Mon Sep 17 00:00:00 2001 > >>From: =?UTF-8?q?Pavel=20B=C5=99ezina?= > >>Date: Thu, 18 Feb 2016 14:25:18 +0100 > >>Subject: [PATCH 07/12] sysdb: reset ldb errors > >> > >>After ldb conn

[SSSD] Re: URI in HBAC rules - patch - request for feedback

2016-02-26 Thread Jakub Hrozek
On Fri, Feb 26, 2016 at 01:15:59PM +0100, Lukáš Hellebrandt wrote: > Hi, FreeIPA and SSSD communities! > > I am working on adding URI to HBAC as my thesis [1]. The goal is to > control access not only based on (user, host, service), but on (user, > host, service, resource's URI). > > I created a

[SSSD] Re: [PATCH] IPA: lookup idview name even if there is no master domain

2016-02-26 Thread Jakub Hrozek
On Thu, Feb 25, 2016 at 11:26:13AM +0100, Jakub Hrozek wrote: > On Tue, Feb 23, 2016 at 03:26:57PM +0100, Jakub Hrozek wrote: > > On Mon, Feb 22, 2016 at 06:40:44PM +0100, Sumit Bose wrote: > > > Hi, > > > > > > these two patches fixes and issue which was repo

[SSSD] Re: [PATCH] tests: Extend test_child_common.c to include tests for the only_extra_args functionality

2016-02-26 Thread Jakub Hrozek
On Fri, Feb 26, 2016 at 10:58:16AM +0100, Pavel Březina wrote: > On 02/24/2016 04:26 PM, Jakub Hrozek wrote: > >Hi, > > > >the attached patch was already acked by Sumit as part of the adcli > >thread, so I'd like to push it no

[SSSD] Re: [PATCH]: test ldap provider with TLS or SSL

2016-02-26 Thread Jakub Hrozek
On Thu, Feb 25, 2016 at 05:18:09PM -0500, Dan Lavu wrote: > Here is a patch for https://fedorahosted.org/sssd/ticket/2820 > > First real patch... criticisms to for what I need to improve on are welcome, > including concepts that I should learn, thanks. Thanks a lot for the patch! See my comments

[SSSD] Re: Tlog integration and packages

2016-02-26 Thread Jakub Hrozek
On Thu, Feb 25, 2016 at 03:09:25PM +0200, Nikolai Kondrashov wrote: > Hi everyone, > > I'd like to continue the discussion of tlog integration, and also present you > the first release of tlog - a development preview, which has the configuration > interface necessary to implement the integration:

[SSSD] Re: [PATCH] sudo: use cache_req interface

2016-02-25 Thread Jakub Hrozek
On Tue, Feb 09, 2016 at 02:07:21PM +0100, Pavel Březina wrote: > First of the responders is converted -) Sorry for the first delay in review. Before reading the code, I submitted the patches to automated tests, so far I found: Error: COMPILER_WARNING: sssd-1.13.90/src/responder/sudo/sudosrv_get_s

[SSSD] [PATCH] LDAP: Use the common get_uppercase_realm to uppercase the realm

2016-02-25 Thread Jakub Hrozek
Hi, attached is a simple clan-up patch. >From ad68e5cd80a5bef154e57cfa0b07cfb3b0b434b8 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 2 Dec 2015 13:44:42 +0100 Subject: [PATCH] LDAP: Use the common get_uppercase_realm to uppercase the realm The private function was just duplicat

[SSSD] Re: [PATCH] IPA: Use the common if-else coding style

2016-02-25 Thread Jakub Hrozek
On Thu, Feb 25, 2016 at 12:04:23PM +0100, Petr Cech wrote: > On 02/25/2016 10:54 AM, Pavel Březina wrote: > >On 02/24/2016 04:43 PM, Jakub Hrozek wrote: > >>This is just a code-style patch, but I got confused by the two if > >>statements, they made me think they were unr

[SSSD] Re: [PATCH] sdap: improve filtering of multiple results in GC lookups

2016-02-25 Thread Jakub Hrozek
On Tue, Feb 23, 2016 at 12:53:25PM +0100, Sumit Bose wrote: > Hi, > > this patch fixes and issue during initgroups in AD forests. Please see > the commit message for details. > > To reproduce this you can create a new user outside of CN=Users on the > forest root. The new user can be created in a

[SSSD] Re: [PATCH] IPA: lookup idview name even if there is no master domain

2016-02-25 Thread Jakub Hrozek
On Tue, Feb 23, 2016 at 03:26:57PM +0100, Jakub Hrozek wrote: > On Mon, Feb 22, 2016 at 06:40:44PM +0100, Sumit Bose wrote: > > Hi, > > > > these two patches fixes and issue which was reported on > > https://www.redhat.com/archives/freeipa-users/2016-February/msg00148.

[SSSD] Re: [PATCH] LDAP: Do not print "null" in the DEBUG message

2016-02-25 Thread Jakub Hrozek
On Wed, Feb 24, 2016 at 06:05:11PM +0100, Lukas Slebodnik wrote: > On (24/02/16 16:43), Jakub Hrozek wrote: > >We don't know the group name at that point yet, so better not print > >"null" in the debug message.. > > >From ffdc00755a9fbaeb54f781956a0025719e

[SSSD] Re: [PATCH] Warn if ad_server contains IP address

2016-02-25 Thread Jakub Hrozek
On Thu, Feb 25, 2016 at 10:53:43AM +0100, Sumit Bose wrote: > On Wed, Feb 24, 2016 at 05:19:50PM -0500, Justin Stephenson wrote: > > First patch, see attached. > > > > This is for easy fix from ticket > > https://fedorahosted.org/sssd/ticket/2789 > > > > I am going on the assumption that if the f

[SSSD] [PATCH] LDAP: Do not print "null" in the DEBUG message

2016-02-24 Thread Jakub Hrozek
We don't know the group name at that point yet, so better not print "null" in the debug message.. >From ffdc00755a9fbaeb54f781956a0025719e532b11 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 26 Jan 2016 16:29:08 +0100 Subject: [PATCH] LDAP: Do not print "nul

[SSSD] [PATCH] IPA: Use the common if-else coding style

2016-02-24 Thread Jakub Hrozek
This is just a code-style patch, but I got confused by the two if statements, they made me think they were unrelated.. >From 20259fe42b8cec38b913c17a6b5be2e6456a31d3 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 22 Feb 2016 10:56:52 +0100 Subject: [PATCH] IPA: Use the common if-e

[SSSD] [PATCH] tests: Extend test_child_common.c to include tests for the only_extra_args functionality

2016-02-24 Thread Jakub Hrozek
Hi, the attached patch was already acked by Sumit as part of the adcli thread, so I'd like to push it now. >From 52003e9d03a38e863b46bb25fffd803ecf1716e5 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 15 Jan 2016 11:24:11 +0100 Subject: [PATCH] tests: Extend test_child_com

[SSSD] Re: libini - config file validity checks

2016-02-24 Thread Jakub Hrozek
On Wed, Feb 24, 2016 at 04:20:10PM +0100, Michal Židek wrote: > On 02/23/2016 09:17 PM, Jakub Hrozek wrote: > >On Tue, Feb 23, 2016 at 05:06:57PM +0100, Michal Židek wrote: > >>On 02/22/2016 09:21 AM, Jakub Hrozek wrote: > >>>On Fri, Feb 19, 2016 at 04:35:

[SSSD] Re: [DESIGN] Invalidate cached sudo rules

2016-02-24 Thread Jakub Hrozek
On Tue, Feb 23, 2016 at 04:08:52PM +0100, Petr Cech wrote: > Hello, > > I've started the design page for Invalidating cached sudo rules here: > https://fedorahosted.org/sssd/wiki/DesignDocs/SUDOCachingRulesInvalidate > > This task consists of two tickets (see below). So far, I have worked on the

[SSSD] [PATCH] memberof: Don't allocate on a NULL context

2016-02-24 Thread Jakub Hrozek
Hi, the attached patch fixes: https://fedorahosted.org/sssd/ticket/2959 It was confirmed by the original reporter. The bug was there since 2009, by the way, I'm really suprised we only caught it now.. >From 0e734587a8fc4bb0160a2a7cbb5fae2054d5283c Mon Sep 17 00:00:00 2001 From: Jaku

[SSSD] Re: [PATCH] Resolve IPA external group members during getgr* requests

2016-02-24 Thread Jakub Hrozek
On Wed, Feb 24, 2016 at 01:17:27PM +0100, Sumit Bose wrote: > On Tue, Feb 23, 2016 at 09:37:57PM +0100, Jakub Hrozek wrote: > > On Mon, Feb 22, 2016 at 06:04:07PM +0100, Jakub Hrozek wrote: > > > Hi, > > > > > > the attached patches implement https

[SSSD] Re: [PATCH] Revert "DEBUG: Preventing chown_debug_file if journald on"

2016-02-23 Thread Jakub Hrozek
On Tue, Feb 23, 2016 at 09:13:39PM +0100, Jakub Hrozek wrote: > On Tue, Feb 23, 2016 at 04:11:14PM +0100, Lukas Slebodnik wrote: > > On (23/02/16 15:33), Jakub Hrozek wrote: > > >On Mon, Jan 25, 2016 at 12:00:11PM +0100, Lukas Slebodnik wrote: > > >> ehlo, > &

[SSSD] Re: [PATCHES] UTIL: Provide varargs version of debug_fn

2016-02-23 Thread Jakub Hrozek
On Tue, Feb 23, 2016 at 09:13:00PM +0100, Jakub Hrozek wrote: > On Tue, Feb 23, 2016 at 02:47:54PM +0100, Jakub Hrozek wrote: > > On Tue, Feb 23, 2016 at 02:38:11PM +0100, Lukas Slebodnik wrote: > > > >> Should I prepare patches also for 1.13? > &g

[SSSD] Re: [PATCH] Resolve IPA external group members during getgr* requests

2016-02-23 Thread Jakub Hrozek
On Mon, Feb 22, 2016 at 06:04:07PM +0100, Jakub Hrozek wrote: > Hi, > > the attached patches implement https://fedorahosted.org/sssd/ticket/2522 > > Here is what I tested: > 1) topgr -> bottomgr -> extgr -> administra...@win.trust.test > - this is a simp

[SSSD] Re: libini - config file validity checks

2016-02-23 Thread Jakub Hrozek
On Tue, Feb 23, 2016 at 05:06:57PM +0100, Michal Židek wrote: > On 02/22/2016 09:21 AM, Jakub Hrozek wrote: > >On Fri, Feb 19, 2016 at 04:35:38PM +0100, Michal Židek wrote: > >>Thank you for comments! See my response. > >> > >>On 02/19/2016 12:18 PM, Jakub Hro

[SSSD] Re: [PATCH] Move two options in sssd.conf to the correct section

2016-02-23 Thread Jakub Hrozek
On Tue, Feb 23, 2016 at 03:00:56PM +0100, Jakub Hrozek wrote: > On Tue, Feb 23, 2016 at 01:29:42PM +0100, Pavel Březina wrote: > > On 02/23/2016 12:09 PM, Jakub Hrozek wrote: > > >Reported in https://bugzilla.redhat.com/show_bug.cgi?id=1310141 > > > > Ack. > >

[SSSD] Re: [PATCH] Revert "DEBUG: Preventing chown_debug_file if journald on"

2016-02-23 Thread Jakub Hrozek
On Tue, Feb 23, 2016 at 04:11:14PM +0100, Lukas Slebodnik wrote: > On (23/02/16 15:33), Jakub Hrozek wrote: > >On Mon, Jan 25, 2016 at 12:00:11PM +0100, Lukas Slebodnik wrote: > >> ehlo, > >> > >> The first patch fixes regression introduced in 1.13.2. >

[SSSD] Re: [PATCHES] UTIL: Provide varargs version of debug_fn

2016-02-23 Thread Jakub Hrozek
On Tue, Feb 23, 2016 at 02:47:54PM +0100, Jakub Hrozek wrote: > On Tue, Feb 23, 2016 at 02:38:11PM +0100, Lukas Slebodnik wrote: > > >> Should I prepare patches also for 1.13? > > > > > >it would be nice. > > > > > Attached are patches for 1.13 bra

[SSSD] Re: [PATCH] Revert "DEBUG: Preventing chown_debug_file if journald on"

2016-02-23 Thread Jakub Hrozek
On Mon, Jan 25, 2016 at 12:00:11PM +0100, Lukas Slebodnik wrote: > ehlo, > > The first patch fixes regression introduced in 1.13.2. > https://fedorahosted.org/sssd/ticket/2493 > > I'm sorry I didn't catch it in review. > Fortunatelly there is a simple but annoying workaround. > > Change user to

[SSSD] Re: [PATCH] IPA: lookup idview name even if there is no master domain

2016-02-23 Thread Jakub Hrozek
On Mon, Feb 22, 2016 at 06:40:44PM +0100, Sumit Bose wrote: > Hi, > > these two patches fixes and issue which was reported on > https://www.redhat.com/archives/freeipa-users/2016-February/msg00148.html > and is now tracked in https://fedorahosted.org/sssd/ticket/2960 . > > The first patch makes s

[SSSD] Re: [PATCH] Move two options in sssd.conf to the correct section

2016-02-23 Thread Jakub Hrozek
On Tue, Feb 23, 2016 at 01:29:42PM +0100, Pavel Březina wrote: > On 02/23/2016 12:09 PM, Jakub Hrozek wrote: > >Reported in https://bugzilla.redhat.com/show_bug.cgi?id=1310141 > > Ack. Attached patches are rebased on top of Sumit's addition to subdo

[SSSD] Re: [PATCHES] UTIL: Provide varargs version of debug_fn

2016-02-23 Thread Jakub Hrozek
On Tue, Feb 23, 2016 at 02:38:11PM +0100, Lukas Slebodnik wrote: > >> Should I prepare patches also for 1.13? > > > >it would be nice. > > > Attached are patches for 1.13 branch. > The count of patches is smaller becuase we do not want to > backport hbac patches. > > LS make and make check passed

[SSSD] Re: [PATCH] cache_req improvements

2016-02-23 Thread Jakub Hrozek
On Fri, Feb 19, 2016 at 02:16:15PM +0100, Pavel Březina wrote: > Fixes: > https://fedorahosted.org/sssd/ticket/2869 > https://fedorahosted.org/sssd/ticket/2848 > From 681a8ff812f5af8adaed92bf1fd0248be7c2bda0 Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Pavel=20B=C5=99ezina?= > Date: Fri, 12 Feb 201

[SSSD] Re: [PATCHES] UTIL: Provide varargs version of debug_fn

2016-02-23 Thread Jakub Hrozek
On Tue, Feb 23, 2016 at 01:32:19PM +0100, Lukas Slebodnik wrote: > On (23/02/16 13:15), Jakub Hrozek wrote: > >On Tue, Feb 23, 2016 at 12:41:04PM +0100, Lukas Slebodnik wrote: > >> On (23/02/16 12:30), Jakub Hrozek wrote: > >> >On Fri, Feb 12, 2016 at 11:33:3

[SSSD] Re: [PATCH] CLIENT: Retry request after EPIPE

2016-02-23 Thread Jakub Hrozek
On Thu, Feb 18, 2016 at 02:04:54PM +0100, Lukas Slebodnik wrote: > ehlo, > > It took me some time to reproduce issue with cron. > It occured very rarely in my case (twice in a week). > > Therefore I prepared different reproducer "mini_cron.c" > attached in mail. It tries to query for data in the

[SSSD] Re: [PATCH] Revert "DEBUG: Preventing chown_debug_file if journald on"

2016-02-23 Thread Jakub Hrozek
On Tue, Feb 23, 2016 at 12:49:34PM +0100, Lukas Slebodnik wrote: > On (17/02/16 13:55), Lukas Slebodnik wrote: > >On (25/01/16 12:00), Lukas Slebodnik wrote: > >>ehlo, > >> > >>The first patch fixes regression introduced in 1.13.2. > >>https://fedorahosted.org/sssd/ticket/2493 > >> > >>I'm sorry I

[SSSD] Re: [PATCHES] UTIL: Provide varargs version of debug_fn

2016-02-23 Thread Jakub Hrozek
On Tue, Feb 23, 2016 at 12:41:04PM +0100, Lukas Slebodnik wrote: > On (23/02/16 12:30), Jakub Hrozek wrote: > >On Fri, Feb 12, 2016 at 11:33:34AM +0100, Pavel Březina wrote: > >> On 01/15/2016 12:44 PM, Lukas Slebodnik wrote: > >> >On (15/01/16 12:03), Pavel Březina

[SSSD] Re: [PATCH] subdomains: inherit ldap_krb5_keytab

2016-02-23 Thread Jakub Hrozek
On Tue, Feb 23, 2016 at 12:02:04PM +0100, Jakub Hrozek wrote: > On Tue, Feb 23, 2016 at 10:57:18AM +0100, Sumit Bose wrote: > > On Tue, Feb 23, 2016 at 10:41:37AM +0100, Jakub Hrozek wrote: > > > On Wed, Feb 17, 2016 at 05:44:51PM +0100, Sumit Bose wrote: > > >

[SSSD] Re: [PATCHES] UTIL: Provide varargs version of debug_fn

2016-02-23 Thread Jakub Hrozek
On Fri, Feb 12, 2016 at 11:33:34AM +0100, Pavel Březina wrote: > On 01/15/2016 12:44 PM, Lukas Slebodnik wrote: > >On (15/01/16 12:03), Pavel Březina wrote: > >>On 01/12/2016 10:15 AM, Lukas Slebodnik wrote: > >>>ehlo, > >>> > >>>The main reason for these patch was to improve > >>>recently added lo

[SSSD] [PATCH] Move two options in sssd.conf to the correct section

2016-02-23 Thread Jakub Hrozek
Reported in https://bugzilla.redhat.com/show_bug.cgi?id=1310141 >From 6ec0af3b301c80c19cd738f3e5682adb11732d89 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 23 Feb 2016 12:06:34 +0100 Subject: [PATCH 1/2] MAN: Move subdomain_inherit to the correct man section The option was in

[SSSD] Re: [PATCH] subdomains: inherit ldap_krb5_keytab

2016-02-23 Thread Jakub Hrozek
On Tue, Feb 23, 2016 at 10:57:18AM +0100, Sumit Bose wrote: > On Tue, Feb 23, 2016 at 10:41:37AM +0100, Jakub Hrozek wrote: > > On Wed, Feb 17, 2016 at 05:44:51PM +0100, Sumit Bose wrote: > > > Hi, > > > > > > if a different keytab than /etc/krb5.keytab is used

[SSSD] Re: [PATCH] subdomains: inherit ldap_krb5_keytab

2016-02-23 Thread Jakub Hrozek
On Wed, Feb 17, 2016 at 05:44:51PM +0100, Sumit Bose wrote: > Hi, > > if a different keytab than /etc/krb5.keytab is used e.g. with the AD > provider the subdomains still try to use keys from /etc/krb5.keytab to > connect to e.g. the LDAP server of the subdomain. But id > /etc/krb5.keytab is not p

[SSSD] Re: [PATCH] SPEC: Remove unnecessary requirements

2016-02-23 Thread Jakub Hrozek
On Wed, Feb 17, 2016 at 02:18:33PM +0100, Sumit Bose wrote: > ACK (sorry for the delay) > > bye, > Sumit This patch was already pushed as 88a5f21b10e9365299c501e4ca9c5512f9b614a5 ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://list

[SSSD] Re: proposed libipa_hbac changes

2016-02-23 Thread Jakub Hrozek
On Tue, Feb 23, 2016 at 09:39:34AM +0100, Lukas Slebodnik wrote: > On (22/02/16 10:44), Jakub Hrozek wrote: > >On Mon, Feb 22, 2016 at 10:35:21AM +0100, Lukas Slebodnik wrote: > >> On (22/02/16 10:28), Jakub Hrozek wrote: > >> >On Mon, Feb 22, 2016 at 10:19:31A

[SSSD] [PATCH] Resolve IPA external group members during getgr* requests

2016-02-22 Thread Jakub Hrozek
h it. The current code works well, though, so I guess we can accept it for 1.13. Our initgroups code should be well equipped to handle that and we could remove the hacks we have at the moment. >From 18c99e7d59cc231d2012f77e857bd93b50bd98c8 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Da

[SSSD] Re: Design stub: performance enhancements for 1.14

2016-02-22 Thread Jakub Hrozek
On Mon, Feb 22, 2016 at 11:26:34AM +0100, Sumit Bose wrote: > On Wed, Feb 17, 2016 at 11:45:36AM +0100, Jakub Hrozek wrote: > > Hi, > > > > I would like to get some opinions on where I'm heading with the > > performance enhancements for 1.14. Please note this is

[SSSD] Re: proposed libipa_hbac changes

2016-02-22 Thread Jakub Hrozek
On Mon, Feb 22, 2016 at 10:35:21AM +0100, Lukas Slebodnik wrote: > On (22/02/16 10:28), Jakub Hrozek wrote: > >On Mon, Feb 22, 2016 at 10:19:31AM +0100, Lukas Slebodnik wrote: > >> On (22/02/16 10:01), Jakub Hrozek wrote: > >> >Hi, > >> > > >> &g

[SSSD] Re: proposed libipa_hbac changes

2016-02-22 Thread Jakub Hrozek
On Mon, Feb 22, 2016 at 10:19:31AM +0100, Lukas Slebodnik wrote: > On (22/02/16 10:01), Jakub Hrozek wrote: > >Hi, > > > >during my work on pam_hbac I ran into some issues in libipa_hbac that I > >would like to fix. And before doing the work I wanted to check if an

[SSSD] proposed libipa_hbac changes

2016-02-22 Thread Jakub Hrozek
Hi, during my work on pam_hbac I ran into some issues in libipa_hbac that I would like to fix. And before doing the work I wanted to check if anyone is opposed to these changes. I would like to: 1) Stop using C99 in libipa_hbac. pam_hbac can run on old and/or strange platforms that don't

[SSSD] Re: libini - config file validity checks

2016-02-22 Thread Jakub Hrozek
On Fri, Feb 19, 2016 at 04:35:38PM +0100, Michal Židek wrote: > Thank you for comments! See my response. > > On 02/19/2016 12:18 PM, Jakub Hrozek wrote: > >On Thu, Feb 18, 2016 at 07:00:53PM +0100, Michal Židek wrote: > >>Hi! > >> > >>This is the WIP des

[SSSD] Re: SSSD Status Tool

2016-02-19 Thread Jakub Hrozek
On Fri, Feb 19, 2016 at 02:34:17PM +0100, Pavel Březina wrote: > I'm sending this on behalf of Pavel Reichl... > > > Hi, > > during devconf week Jakub asked us to send a few overview paragraphs about > features we will be working on in forth coming months. Implementation > details will be discus

[SSSD] Re: libini - config file validity checks

2016-02-19 Thread Jakub Hrozek
On Thu, Feb 18, 2016 at 07:00:53PM +0100, Michal Židek wrote: > Hi! > > This is the WIP design stub for config file checks: > https://fedorahosted.org/sssd/wiki/DesignDocs/libini-config-file-checks > > For the first version we just want to > have the typo detection mechanism. To be more > precise

[SSSD] Re: [PATCH] PAM: Notify user of denial due to AD account lockout

2016-02-17 Thread Jakub Hrozek
On Fri, Feb 12, 2016 at 02:37:05PM +0100, Pavel Reichl wrote: > > > On 02/12/2016 02:19 PM, Pavel Reichl wrote: > > > > > >On 02/09/2016 04:25 PM, Pavel Reichl wrote: > >> > >> > >>On 02/09/2016 08:09 AM, Jakub Hrozek wrote: > >&g

[SSSD] Design stub: performance enhancements for 1.14

2016-02-17 Thread Jakub Hrozek
Hi, I would like to get some opinions on where I'm heading with the performance enhancements for 1.14. Please note this is /not/ a complete design page. The goal is to just identify some blockers first before I spend more time working on this feature, even though I already discussed the page with

[SSSD] Announcing SSSD 1.11.8

2016-02-17 Thread Jakub Hrozek
autofs: fix 'Cannot allocate memory' with FQDNs Dan Lavu (1): * MAN: page edit for ldap_use_tokengroups Daniel Hjorth (1): * LDAP: unlink ccname_file_dummy if there is an error Jakub Hrozek (8): * Updating the version for the 1.11.8 development * IPA: Use GC for group look

[SSSD] RFC: 1.11.8 release notes

2016-02-16 Thread Jakub Hrozek
Hi, I prepared the release notes for the 1.11.8 release here: https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.8 Please comment or edit.. ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/

[SSSD] Re: I would like to add two more sections to the design page template

2016-02-16 Thread Jakub Hrozek
On Tue, Feb 16, 2016 at 10:58:35AM +0100, Pavel Březina wrote: > On 02/16/2016 10:55 AM, Jakub Hrozek wrote: > >see subject, I would like to add: > > - how to debug: > > - summarize what to look for if the feature does not work. It's > > fi

[SSSD] I would like to add two more sections to the design page template

2016-02-16 Thread Jakub Hrozek
see subject, I would like to add: - how to debug: - summarize what to look for if the feature does not work. It's fine to say something like 'follow generic sssd debugging procedure' but we should think about debug messages and the debugging process when we

[SSSD] Re: [PATCH] NSS: Fix memory leak netgroup

2016-02-15 Thread Jakub Hrozek
On Mon, Feb 15, 2016 at 01:59:27PM +0100, Lukas Slebodnik wrote: > On (10/02/16 10:31), Lukas Slebodnik wrote: > >On (04/02/16 16:22), Jakub Hrozek wrote: > >>On Thu, Feb 04, 2016 at 03:52:35PM +0100, Jakub Hrozek wrote: > >>> On Tue, Feb 02, 2016 at 04:06:

[SSSD] Re: [PATCH] sudo: use "higher value wins" when ordering rules

2016-02-15 Thread Jakub Hrozek
On Fri, Aug 14, 2015 at 11:00:25PM +0200, Jakub Hrozek wrote: > On Thu, Aug 13, 2015 at 05:17:32PM +0200, Jakub Hrozek wrote: > > ACK > > > > I'll just wait for CI results before pushing. > > * master: 52e3ee5c5ff2c5a4341041826a803ad42d2b2de7 Attached is a

[SSSD] Re: [PATCH] IDMAP: Add test to validate off by one bug

2016-02-15 Thread Jakub Hrozek
On Mon, Feb 15, 2016 at 10:13:30AM +0100, Lukas Slebodnik wrote: > Example from this patch. (Coding style changes in unrelated/untouched part > of code) Maybe, but personally I don't care as long as it's a trivial change that would otherwise never get fixed, because nobody would bother sending a f

[SSSD] Re: [PATCH] IDMAP: Add test to validate off by one bug

2016-02-14 Thread Jakub Hrozek
On Fri, Feb 12, 2016 at 02:38:45PM +0100, Pavel Březina wrote: > No. Running CI should be a part of reviewer's responsibility and we should not accept patches without a passing CI link -or- a link where the failure is clearly not related to the diff (maybe a buggy test or an ill CI VM) -or- where

[SSSD] Re: [PATCH] IDMAP: Add test to validate off by one bug

2016-02-10 Thread Jakub Hrozek
On Wed, Feb 10, 2016 at 12:43:18PM +0100, Pavel Reichl wrote: > > > On 02/10/2016 12:04 PM, Lukas Slebodnik wrote: > >On (10/02/16 11:38), Pavel Březina wrote: > >>On 02/05/2016 05:13 PM, Lukas Slebodnik wrote: > >>>On (05/02/16 16:56), Pavel Reichl wrote: > Hopefully the last one. > >>> > >>

[SSSD] Re: [PATCH] SPEC: Move libsss_autofs.so outside sssd-common

2016-02-09 Thread Jakub Hrozek
On Tue, Feb 02, 2016 at 05:22:58PM +0100, Lukas Slebodnik wrote: > On (02/02/16 16:59), Lukas Slebodnik wrote: > >On (02/02/16 15:35), Jakub Hrozek wrote: > >>On Mon, Jan 18, 2016 at 02:18:32PM +0100, Lukas Slebodnik wrote: > >>> ehlo, > >>> > &

[SSSD] Re: [PATCH] PAM: Clarify man page for domains option

2016-02-09 Thread Jakub Hrozek
On Tue, Feb 09, 2016 at 08:37:04AM +0100, Lukas Slebodnik wrote: > On (09/02/16 08:17), Jakub Hrozek wrote: > >On Fri, Jan 29, 2016 at 02:30:36PM +0100, Pavel Reichl wrote: > >> Hello, please see trivial patch attached. Thanks. > > > >> From 6d5f6b71c2d2f891470dc

[SSSD] Re: [PATCH] PAM: Notify user of denial due to AD account lockout

2016-02-08 Thread Jakub Hrozek
On Tue, Feb 09, 2016 at 08:20:38AM +0100, Lukas Slebodnik wrote: > On (09/02/16 08:15), Jakub Hrozek wrote: > >On Tue, Feb 09, 2016 at 08:09:33AM +0100, Lukas Slebodnik wrote: > >> On (08/02/16 13:56), Pavel Reichl wrote: > >> >On 02/08/2016 10:48 AM, Jakub Hroze

[SSSD] Re: [PATCH] PAM: Clarify man page for domains option

2016-02-08 Thread Jakub Hrozek
On Fri, Jan 29, 2016 at 02:30:36PM +0100, Pavel Reichl wrote: > Hello, please see trivial patch attached. Thanks. > From 6d5f6b71c2d2f891470dc1c9f08ae67f5b6c02f5 Mon Sep 17 00:00:00 2001 > From: Pavel Reichl > Date: Fri, 29 Jan 2016 08:27:01 -0500 > Subject: [PATCH] PAM: Clarify man page for doma

[SSSD] Re: [PATCH] PAM: Notify user of denial due to AD account lockout

2016-02-08 Thread Jakub Hrozek
On Tue, Feb 09, 2016 at 08:09:33AM +0100, Lukas Slebodnik wrote: > On (08/02/16 13:56), Pavel Reichl wrote: > >On 02/08/2016 10:48 AM, Jakub Hrozek wrote: > >>On Mon, Feb 08, 2016 at 10:34:16AM +0100, Pavel Reichl wrote: > >>> > >>> > >

[SSSD] Re: [PATCH] PAM: Notify user of denial due to AD account lockout

2016-02-08 Thread Jakub Hrozek
On Mon, Feb 08, 2016 at 01:56:07PM +0100, Pavel Reichl wrote: > > > On 02/08/2016 10:48 AM, Jakub Hrozek wrote: > >On Mon, Feb 08, 2016 at 10:34:16AM +0100, Pavel Reichl wrote: > >> > >> > >>On 02/05/2016 03:16 PM, Lukas Slebodnik wrote: > >>&

[SSSD] Re: [PATCHES] [sssd-1.11] Fixes suitable for latest release

2016-02-08 Thread Jakub Hrozek
On Wed, Jan 27, 2016 at 03:07:21PM +0100, Lukas Slebodnik wrote: > On (19/06/15 14:26), Jakub Hrozek wrote: > >On Tue, Jun 16, 2015 at 11:49:10PM +0200, Lukas Slebodnik wrote: > >> ehlo, > >> > >> We have 19 patches in 1.11 branch on top of latest release (1.

[SSSD] Re: [PATCH] SDAP: Add error code to debug message

2016-02-08 Thread Jakub Hrozek
On Fri, Jan 29, 2016 at 06:57:56PM +0100, Michal Židek wrote: > On 01/28/2016 04:48 PM, Pavel Reichl wrote: > >Hello, please see trivial patch attached. Thanks > > > > ACK. > > CI link: > http://sssd-ci.duckdns.org/logs/job/36/90/summary.html * master: 1fedb90a1d67766da39783eb193f568e9e2d55b0 __

[SSSD] Re: [PATCH] intg: Change preference of openldap module path

2016-02-08 Thread Jakub Hrozek
On Mon, Feb 08, 2016 at 09:09:56PM +0100, Nikolai Kondrashov wrote: > Yes, ACK :) * master: bf472d2422599d14345e7cd289c26455c622 ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists

[SSSD] Re: [PATCH] PAM: Notify user of denial due to AD account lockout

2016-02-08 Thread Jakub Hrozek
On Mon, Feb 08, 2016 at 10:34:16AM +0100, Pavel Reichl wrote: > > > On 02/05/2016 03:16 PM, Lukas Slebodnik wrote: > >> > >The ticket is about "SSSD should be about to display message to the user when > >the account in Active Directory is 'locked out'" > > > >If the string is not standardized amo

[SSSD] Re: [PATCH] PAM: Notify user of denial due to AD account lockout

2016-02-05 Thread Jakub Hrozek
On Fri, Feb 05, 2016 at 03:16:18PM +0100, Lukas Slebodnik wrote: > On (05/02/16 15:10), Jakub Hrozek wrote: > >On Fri, Feb 05, 2016 at 02:54:53PM +0100, Lukas Slebodnik wrote: > >> On (05/02/16 13:55), Pavel Reichl wrote: > >> > > >> > > >> >

[SSSD] Re: [PATCH] PAM: Notify user of denial due to AD account lockout

2016-02-05 Thread Jakub Hrozek
On Fri, Feb 05, 2016 at 02:54:53PM +0100, Lukas Slebodnik wrote: > On (05/02/16 13:55), Pavel Reichl wrote: > > > > > >On 02/05/2016 11:01 AM, Jakub Hrozek wrote: > >>On Tue, Feb 02, 2016 at 08:48:43PM +0100, Pavel Reichl wrote: > >... > >> > >>

[SSSD] Re: [PATCH] PAM: Notify user of denial due to AD account lockout

2016-02-05 Thread Jakub Hrozek
On Tue, Feb 02, 2016 at 08:48:43PM +0100, Pavel Reichl wrote: > Hello, > > please see attached patch. > > To test connect to AD using ldap provider (for both id and auth). Lock > account of AD user by entering invalid password repeatedly. In pam section > of sssd.conf set pam_account_locked_messa

[SSSD] Re: [PATCH] NSS: Fix memory leak netgroup

2016-02-04 Thread Jakub Hrozek
On Thu, Feb 04, 2016 at 03:52:35PM +0100, Jakub Hrozek wrote: > On Tue, Feb 02, 2016 at 04:06:37PM +0100, Pavel Reichl wrote: > > On 01/25/2016 08:54 PM, Jakub Hrozek wrote: > > >On Mon, Jan 25, 2016 at 05:16:37PM +0100, Pavel Reichl wrote: > > >>Hello, > > >

[SSSD] Re: [PATCH] NSS: Fix memory leak netgroup

2016-02-04 Thread Jakub Hrozek
On Tue, Feb 02, 2016 at 04:06:37PM +0100, Pavel Reichl wrote: > On 01/25/2016 08:54 PM, Jakub Hrozek wrote: > >On Mon, Jan 25, 2016 at 05:16:37PM +0100, Pavel Reichl wrote: > >>Hello, > >> > >>attached patch does not seem to suffer from these errors any more. &g

[SSSD] Re: [PATCH] server-tests: Fix clean-up after successful test

2016-02-02 Thread Jakub Hrozek
On Thu, Jan 28, 2016 at 11:15:02AM +0100, Lukas Slebodnik wrote: > ehlo, > > simple patch is attached. > > LS ACK CI: http://sssd-ci.duckdns.org/logs/job/37/01/summary.html ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fe

[SSSD] Re: [PATCH] SPEC: Move libsss_autofs.so outside sssd-common

2016-02-02 Thread Jakub Hrozek
On Mon, Jan 18, 2016 at 02:18:32PM +0100, Lukas Slebodnik wrote: > ehlo, > > This ticket is little bit related to #2855 > > I searched a little bit and here is a small sumary of > using autofs + atomic (containers) > > >We have a pull request in RUNC to eliminate our patch. > > > >https://github

[SSSD] Re: [PATCH] TESTS: Fix race condition in python test

2016-02-02 Thread Jakub Hrozek
On Tue, Feb 02, 2016 at 12:16:32PM +0100, Lukas Slebodnik wrote: > On (28/01/16 17:33), Lukas Slebodnik wrote: > >On (28/01/16 16:26), Lukas Slebodnik wrote: > >>On (28/01/16 15:31), Jakub Hrozek wrote: > >>>On Wed, Jan 13, 2016 at 03:13:40PM +0100, Luka

[SSSD] Re: [PATCH] CONFIGURE: Replace obsoleted macro AC_PROG_LIBTOOL

2016-02-02 Thread Jakub Hrozek
On Mon, Feb 01, 2016 at 09:44:06AM +0100, Lukas Slebodnik wrote: > ehlo, > > libtool >= 2.0 is in all recent distributions. > (even debian old-stable) only centos 5 has oldes version > but we do not support it for some time. > > Simple patch is attached. > > LS ACK CI: http://sssd-ci.duckdns.o

[SSSD] Re: [PATCH] krb5_child: Warn if user cannot read krb5.conf

2016-01-29 Thread Jakub Hrozek
On Fri, Jan 29, 2016 at 08:24:00PM +0100, Lukas Slebodnik wrote: > On (29/01/16 18:50), Jakub Hrozek wrote: > >On Fri, Jan 29, 2016 at 03:25:56PM +0100, Lukas Slebodnik wrote: > >> On (29/01/16 13:51), Pavel Reichl wrote: > >> > > >> > > >

[SSSD] Re: [PATCH] krb5_child: Warn if user cannot read krb5.conf

2016-01-29 Thread Jakub Hrozek
On Fri, Jan 29, 2016 at 03:25:56PM +0100, Lukas Slebodnik wrote: > On (29/01/16 13:51), Pavel Reichl wrote: > > > > > >On 01/29/2016 01:41 PM, Lukas Slebodnik wrote: > >>https://fedorahosted.org/sssd/ticket/2931 > >>--- > >> src/providers/krb5/krb5_child.c | 17 + > >> 1 file chang

[SSSD] Re: [PATCH] fix account lockout reporting with the krb5 provider

2016-01-29 Thread Jakub Hrozek
On Fri, Jan 29, 2016 at 03:22:23PM +0100, Lukas Slebodnik wrote: > On (14/01/16 18:38), Jakub Hrozek wrote: > >On Thu, Jan 14, 2016 at 12:09:12PM -0500, Simo Sorce wrote: > >> > OK to push now? > >> > >> Yes please :-) > >> > >> Simo >

[SSSD] Re: [PATCH v2] intg: Add more LDAP tests

2016-01-29 Thread Jakub Hrozek
On Thu, Jan 21, 2016 at 03:53:19PM +0200, Nikolai Kondrashov wrote: > Hi Jakub, Michal, everyone, > > On 11/11/2015 07:03 PM, Michal Židek wrote: > >I modified the "squashing" patch to remove the > >workaround for failing memcache. > > > >SQUASH THESE 2 ATTACHED PATCHES BEFORE PUSHING > >and use t

[SSSD] Re: [PATCHES] Fix warnings Wsign-compare

2016-01-28 Thread Jakub Hrozek
On Tue, Jan 12, 2016 at 03:21:30PM +0100, Lukas Slebodnik wrote: > python-3.5 is also in debian-sid and migh be in debian-testing > within 10 days. First 3 patches can be reviwed and meanwhile > I will need to figure out solution for 4th patch (but it's only problem for > 32 bit platforms) > > The

[SSSD] Re: Running tests with different environment

2016-01-28 Thread Jakub Hrozek
On Thu, Jan 28, 2016 at 04:19:25PM +0100, Lukas Slebodnik wrote: > On (27/10/15 22:35), Lukas Slebodnik wrote: > >On (27/10/15 17:57), Jakub Hrozek wrote: > >>On Tue, Oct 27, 2015 at 05:42:29PM +0100, Jakub Hrozek wrote: > >>> On Fri, Oct 23, 2015 at 01:06:36P

[SSSD] Re: [PATCH] TESTS: Fix race condition in python test

2016-01-28 Thread Jakub Hrozek
On Wed, Jan 13, 2016 at 03:13:40PM +0100, Lukas Slebodnik wrote: > ehlo, > > attached patch should fix race condition in tests. > > e.g. > == > ERROR: testImport (__main__.PySssMurmurImport) > Import the module and assert it come

<    4   5   6   7   8   9   10   11   12   13   >