he? I
> > > > > have re-tested everything on my setup and it performs as expected.
> > > > >
> > > > > Thanks
> > > > > Jan
> > > >
> > > > Never mind. I tried to play with my setup a bit and I eventually
&g
- Original Message -
> On Tue, 2012-06-19 at 17:15 +0200, Jan Zelený wrote:
> > This patch fixes an issue which resulted in a need to initialize
> > responder with data from local domain, otherwise it would not
> > correctly
> > detect requests for subdomains. Similar situation can occur if
Stephen Gallagher wrote:
> On Fri, 2012-06-15 at 19:53 +0200, Jan Zeleny wrote:
> > Stephen Gallagher wrote:
> > > All changes requested above have been made, including avoiding the
> > > shadowing (in new patch 0003).
> > >
> > > I've complete
Stephen Gallagher wrote:
> On Fri, 2012-06-15 at 11:25 -0400, Stephen Gallagher wrote:
> > On Fri, 2012-06-15 at 17:16 +0200, Jan Zelený wrote:
> > > > We only support the DIR cache on Kerberos 1.10 and higher. We need to
> > > > make sure we still build and run on older systems.
> > > >
> > > >
https://fedorahosted.org/sssd/ticket/1318
Tested with getent, works fine.
Thanks
Jan
From 2277f5b62bd150c806a6320fa85ebe1efa010216 Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Thu, 31 May 2012 18:08:46 -0400
Subject: [PATCH] Allow fast memcache timeout to be configurable
https
_search_base
> is not.
Oh man, how did I grep through the file while looking for it I don't know ...
the new option should be there as well of course. As for documentation, I
don't think we want to document this, setting it can only break things.
Patch with all three issues addresse
At this moment we will support only asterisk, designating "all
services".
https://fedorahosted.org/sssd/ticket/1360
Thanks
Jan
From 8448d3336ad18f5f16d234b31f6fa73787f16701 Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Thu, 31 May 2012 18:08:30 -0400
Subject: [PATCH] Provide "
- Original Message -
> From: "Stephen Gallagher"
> To: "Development of the System Security Services Daemon"
>
> Sent: Wednesday, May 2, 2012 1:04:17 AM
> Subject: Re: [SSSD] [PATCH] Handle endianness issues on older systems
>
> On Tue, 2012-05-01 at 17:23 -0400, Simo Sorce wrote:
> > On
3fc Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Tue, 1 May 2012 03:36:37 -0400
Subject: [PATCH] Modify behavior of pam_pwd_expiration_warning
- rename the option to pwd_expiration_warning
- move the option from PAM responder to domains
- if pwd_expiration_warning == 0, don't apply th
The first part caused problems when using more domains if one of them was
without subdomains.
The second part isn't causing any issues yet but a rare scenario might occur
where this would be a problem.
Thanks
Jan
From 1246f355120a25c0e0c99d9fd88348e5b42718c1 Mon Sep 17 00:00:00 2001
From
Stephen Gallagher wrote:
> On Mon, 2012-04-23 at 16:22 +0200, Jan Zelený wrote:
> > Hi,
> > I'm sending a patch set that removes support for fake user entries and
> > add
>
> > ghost attribute instead:
> Jan, could you run a few performance tests with large groups so we can
> see what we got for
rewriting a pointer.
Thanks
Jan
From 311318de313e75703ad06b3ad78e76d1e80f6c72 Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Tue, 17 Apr 2012 08:59:09 -0400
Subject: [PATCH 1/2] Fixed memory context in sdap_fill_memberships()
---
src/providers/ldap/sdap_async_groups.c |2 +-
1 files
gt; > #112
> > Because of the change in previous patch, there is only one place where
> > this function is called and it is bound with RFC230bis.
>
> Ack
>
> You can also remove sysdb_attrs_users_from_ldb_vals() now
Here are all three patches
Jan
From bd6b5aa7cb132c5b5d7
Jakub Hrozek wrote:
> On Tue, Apr 10, 2012 at 12:38:31AM -0400, Jakub Hrozek wrote:
> > The mails grow huge. I'm going to trim the response a little and omit
> > patches that were already acked elsewhere.
> >
> > Patch 0001: Ack
> > Patch 0002: Ack
> > Patch 0003: Ack
> > Patch 0004: Ack
> > Patc
Jakub Hrozek wrote:
> https://fedorahosted.org/sssd/ticket/1270
>
> Is there a better way to proactively detect that there is no D-Bus
> connection when a request comes in? The attached patch is more of a
> band-aid for cases where the back end is not running at all but a
> request comes in anywa
Jakub Hrozek wrote:
> https://fedorahosted.org/sssd/ticket/1282
>
> This patch applies on top of the 1.8 branch only. The same bug was
> already fixed in master in an unrelated commit.
Ack
Jan
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.
#1: Ack
#2: Ack
#3: Nack, you forgot two more places (on lines 393 and 408) where "event"
should be destroyed as well
#4: Ack
Jan
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
Once more, this time rebased on top of current master.
Thanks
Jan
subdomains.tar.bz2
Description: application/bzip-compressed-tar
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
e, neither patch would work
without the other. This patch split caused the numbering to be shifted by one.
> On Tue, 2012-03-20 at 17:42 +0100, Jan Zeleny wrote:
> > Hi guys,
> > it took me and Sumit some time but we finally have completed the first
> > stage of support for subd
Jakub Hrozek wrote:
> https://fedorahosted.org/sssd/ticket/1271
Ack
Jan
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
Hi guys,
it took me and Sumit some time but we finally have completed the first stage
of support for subdomains. I'm sending all patches in attachment.
This stage has basic support for subdomains but some pieces like PAC support
are left out. We agreed that those can wait for the second stage wh
Jakub Hrozek wrote:
> On Mon, Mar 19, 2012 at 10:53:17AM +0100, Jan Zelený wrote:
> > > https://fedorahosted.org/sssd/ticket/1259
> >
> > Ack,
> > just one question: right now DEBUG won't print message that would
> > distinguish cased vs. non-cased name and proto (they always print
> > lowercase)
s.c:2788:30: warning: passing argument 5 of
> > > ‘sysdb_add_netgroup’ makes pointer from integer without a cast [enabled
> > > by default] ./src/db/sysdb.h:531:5: note: expected ‘char **’ but
> > > argument is of type ‘int’ src/tests/sysdb-tests.c:2788:30: error: too
&
Jakub Hrozek wrote:
> On Mon, Feb 06, 2012 at 07:40:37PM +0100, Jakub Hrozek wrote:
> > Sudo links against the library in libsss_sudo-devel, does not dlopen it.
> > Therefore, the library must be in the default linker path.
>
> Stephen nacked this on IRC and requested that the path to the sudo
>
Jan Cholasta wrote:
> Updated patches attached.
>
> Dne 6.2.2012 23:13, Jakub Hrozek napsal(a):
> > On Mon, Feb 06, 2012 at 07:48:10PM +0100, Jakub Hrozek wrote:
> >> On Mon, Feb 06, 2012 at 05:42:15PM +0100, Jan Cholasta wrote:
> >>> Updated& rebased the patches on top of current master.
> >>>
Jan Cholasta wrote:
> Updated & rebased the patches on top of current master.
>
> To test them, install a SSH-patched (see freeipa-devel) FreeIPA server,
> set host public keys using "ipa host-mod" (actually this should be done
> automatically when the IPA server/client is installed) and set user
Jakub Hrozek wrote:
> On Mon, Feb 06, 2012 at 07:37:45PM +0100, Jan Zeleny wrote:
> > Jakub Hrozek wrote:
> > > Hi,
> > >
> > > I think it would be nice to include the attached patch in 1.8 beta. The
> > > usability improvement in comparison with us
Jakub Hrozek wrote:
> Hi,
>
> I think it would be nice to include the attached patch in 1.8 beta. The
> usability improvement in comparison with using autofs_provider=ldap is
> the support for automounter "locations" in IPA (see ipa help automount).
>
> The user would simply configure the autofs
a
> password change." is no longer accurate.
Done
> Please don't conflate LDAP errors and errno errors in the "ret" variable
> in sdap_ldap_modify_passwd_done(). If for some reason openldap changed
> the value of LDAP_SUCCESS, this would break under our noses.
Done
Stephen Gallagher wrote:
> On Fri, 2012-02-03 at 15:45 +0100, Jan Zelený wrote:
> > Please note that I haven't fully tested this yet, the LDAP server
> > configuration needed for this is a little bit twisted ;-) I will perform
> > more testing during the weekend. Consider this patch being prelimin
Jakub Hrozek wrote:
> Resending after a list outage.
>
> On Fri, Jan 27, 2012 at 11:25:26AM +0100, Jakub Hrozek wrote:
> > On Thu, Jan 26, 2012 at 08:18:06PM -0500, Stephen Gallagher wrote:
> > > On Fri, 2012-01-27 at 01:12 +0100, Jakub Hrozek wrote:
> > > ...
> > >
> > > > > #0008:
> > > > > li
Pavel Březina wrote:
> Dne 3.1.2012 09:29, Jan Zelený napsal(a):
> >> On Wed, Dec 21, 2011 at 04:20:09PM +0100, Jan Zelený wrote:
> https://fedorahosted.org/sssd/ticket/1105 (review ticket)
> https://fedorahosted.org/sssd/ticket/623 (sudo integration)
>
> Hello,
> it is f
Jakub Hrozek wrote:
> On Fri, Dec 09, 2011 at 03:18:38PM +0100, Jan Zelený wrote:
> > > On Thu, Dec 08, 2011 at 11:02:05AM +0100, Jakub Hrozek wrote:
> > > > [PATCH 1/6] sss_utf8_tolower utility function+unit tests
> > > > This will be used later on to lowercase the usernames. Also includes
> > >
Pavel Březina wrote:
> https://fedorahosted.org/sssd/ticket/960
>
> I'm sending the fix for groups first because I want this to be ACKed
> before I start working on netgroups.
>
> Current behaviour is that if any of the search bases contain filter,
> than dereference will be turned off and singl
Jan Zelený wrote:
> don't fetch all host groups if this option is false
> https://fedorahosted.org/sssd/ticket/1078
>
> I was also thinking of reducing the number of host groups, but that seemed
> to be redundant, since the number of host groups is usually not that high
> and the complexity of fe
don't fetch all host groups if this option is set to false
https://fedorahosted.org/sssd/ticket/1078
Jan
From fcf9accd7e0b52d56266c2c6426405b41ce418e2 Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Fri, 4 Nov 2011 13:16:47 -0400
Subject: [PATCH] Add ipa_hbac_support_srchost option t
Aziz Sasmaz wrote:
> I am sure I am not sending zero-length pass. Can it be beacuse of the
> system-auth configuration?
Probably, you are using:
authsufficientpam_sss.so use_first_pass
before pam_unix line. I suggest either moving it after that line or deleting
the use_first_pass a
Jakub Hrozek wrote:
> On Fri, Nov 18, 2011 at 01:55:13PM +0200, Aziz Sasmaz wrote:
> >Hi,
> >sssd can't get shadow info from ldap. When I type getent passwd it
> >shows pass section as * not as "x"
> >As passwd (5) ; If the encrypted password is set to an asterisk, the
> >u
Stephen Gallagher wrote:
> On Fri, 2011-11-04 at 11:55 +0100, Jakub Hrozek wrote:
> > On Fri, Nov 04, 2011 at 11:43:02AM +0100, Jan Zeleny wrote:
> > > Jakub Hrozek wrote:
> > > > On Fri, Nov 04, 2011 at 09:24:55AM +0100, Jan Zeleny wrote:
> > > > &
Jakub Hrozek wrote:
> On Fri, Nov 04, 2011 at 09:24:55AM +0100, Jan Zeleny wrote:
> > https://fedorahosted.org/sssd/ticket/1069
> > https://fedorahosted.org/sssd/ticket/1071
> >
> > --
> > Jan
>
> 001: ack
> 002: nack, if talloc_asprintf() failed,
The ticket is:
https://fedorahosted.org/sssd/ticket/892
Jan
From b2c299c4f55e8bf781bab481cdbc3b30fd1a209e Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Mon, 31 Oct 2011 04:14:25 -0400
Subject: [PATCH] Fixed empty loginShell in proxy provider
https://fedorahosted.org/sssd/ticket/892
---
src
https://fedorahosted.org/sssd/ticket/1069
https://fedorahosted.org/sssd/ticket/1071
--
Jan
From f42917cf971345ad000f40f5e4269b7807545cf8 Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Fri, 4 Nov 2011 04:11:03 -0400
Subject: [PATCH 2/2] Fixed possible resource leak in create_mail_spool()
https
Jan Zelený wrote:
> > > On Tue, 2011-10-04 at 08:04 -0400, Stephen Gallagher wrote:
> > > > On Tue, 2011-10-04 at 12:55 +0200, Jan Zelený wrote:
> > > > > > On Mon, 2011-10-03 at 14:51 -0400, Stephen Gallagher wrote:
> > > > > > > These patches add support for multiple search bases for users
> > >
Stephen Gallagher wrote:
> Sets the default value of the midpoint cache to 50%.
>
> Fixes: https://fedorahosted.org/sssd/ticket/918
Ack
Jan
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-de
Dmitri Pal wrote:
> On 09/12/2011 11:00 AM, Simo Sorce wrote:
> > I do not like this approach, especially if done for a single option
> > among many other similar one, it makes the configuration file very odd.
> >
> > Besides this is for feature parity with nss_ldap and there admins are
> > alrea
Simo Sorce wrote:
> On Thu, 2011-08-04 at 16:57 +0200, Jan Zeleny wrote:
> > Simo Sorce wrote:
> > > On Wed, 2011-08-03 at 15:40 +0200, Jan Zelený wrote:
> > > > Hi,
> > > > after several weeks of work and couple failed concepts, I'm sending
&
Simo Sorce wrote:
> On Wed, 2011-08-03 at 15:40 +0200, Jan Zelený wrote:
> > Hi,
> > after several weeks of work and couple failed concepts, I'm sending
> > rewritten memberof plugin with reference counter support. For now I'm
> > just interested in concept ack, since the plugin has still some
> >
Jan Zelený wrote:
> Because I'll be on my vacation for two weeks starting tomorrow, I'm sending
> patches which outline how could the reference counter look like.
>
> Patches depend on some of my previously sent optimization patches.
>
> Please note that these patches don't optimize or change an
Jakub Hrozek wrote:
> On 07/22/2011 11:53 AM, Jan Zeleny wrote:
> > Jakub Hrozek wrote:
> >> On 07/22/2011 09:18 AM, Jan Zeleny wrote:
> >>> Jakub Hrozek wrote:
> >>>> On 07/21/2011 01:57 PM, Jan Zelený wrote:
> >>>>>&
Jakub Hrozek wrote:
> On 07/22/2011 09:18 AM, Jan Zeleny wrote:
> > Jakub Hrozek wrote:
> >> On 07/21/2011 01:57 PM, Jan Zelený wrote:
> >>>> https://fedorahosted.org/sssd/ticket/916
> >>>
> >>> Nack,
> >>> please look at f
Jakub Hrozek wrote:
> On 07/21/2011 01:57 PM, Jan Zelený wrote:
> >> https://fedorahosted.org/sssd/ticket/916
> >
> > Nack,
> > please look at following lines, there are parts of code which might need
> > update along with your changes:
> >
> > providers/ldap/sdap_async_accounts.cz : 728
> > db/
Sumit Bose wrote:
> On Tue, Jun 07, 2011 at 02:14:56PM +0200, Jan Zelený wrote:
> > > Hi,
> > >
> > > this series of patches adds support to receive a windows PAC via GSSAPI
> > > and to create a user based on the data in the PAC. This is useful
> > > because in an environment with lots of trust
Stephen Gallagher wrote:
> On Mon, 2011-06-20 at 21:55 +0200, Jan Zeleny wrote:
> > Stephen Gallagher wrote:
> > > Ok, I'm going to try to summarize the responses from Simo and Jakub,
> > > then hopefully we'll accept them and we can add this information
Stephen Gallagher wrote:
> Ok, I'm going to try to summarize the responses from Simo and Jakub,
> then hopefully we'll accept them and we can add this information to the
> coding and contribution guidelines. (I have intentionally broken the
> thread).
>
> I agree with Simo that we should break th
Jakub Hrozek wrote:
> On 06/15/2011 04:08 PM, Jan Zelený wrote:
> >> On 06/12/2011 11:27 AM, Jakub Hrozek wrote:
> >>> On 06/09/2011 03:42 PM, Jan Zelený wrote:
> > https://fedorahosted.org/sssd/ticket/811
> >
> > Much of the patch is a conversion from system "struct hostent" to our
>
.
>
> In sdap_nested_group_process_send() you should 'goto immediate' if you
> fail to mark the group as non-posix.
The new patch set is attached. I did some testing and found some issues with
previous patches, so these are a little different at some places.
Jan
From 9ec37f307f8
Simo Sorce wrote:
> On Thu, 2011-05-19 at 16:21 +0200, Jakub Hrozek wrote:
> > On 05/19/2011 04:07 PM, Simo Sorce wrote:
> > > The filter is an OR
> > > filter it will always match
> >
> > Actually, it's an AND filter, something along the lines of:
> >
> > (&(cn=name)(objectclass=posixGroup)(cn=
Stephen Gallagher wrote:
> Patch 0001: Stop building a fake interface version into the backend
> plugins. This is not the correct way to create a plugin module with
> libtool. Since the interface and the plugins are built at the same time,
> the correct method is to produce an unversioned .so.
>
Jakub Hrozek wrote:
> [PATCH 1/2] Remove append_attrs_to_array
> This used to be part of the deref patchset. Since the function is not
> used, I think it should be removed.
Sounds reasonable. Even in the patch itself I couldn't find any place where
this function is called which makes me wonder w
#x27;t make any sense to me, I believe the original
intention was as my patch suggests even though the line can be dropped
entirely.
Jan
From 89932a40948ea976a3581447537aea1774e68b6d Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Fri, 13 May 2011 09:28:25 -0400
Subject: [PATCH 1/3] Fixed --debug-t
232a3a949ebbc80d79732afda10f3184f2bbf96c Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Wed, 13 Apr 2011 03:06:55 -0400
Subject: [PATCH 1/3] Possible memory leak fixed
---
src/providers/ldap/sdap_async_accounts.c |8
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/providers
e pushed.
At this moment I'd like to hear your opinion on the concept of the patch.
Thanks in advance
Jan
From 9266a27184cb74f1a427f795b917546a7a8a4f89 Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Wed, 20 Apr 2011 06:43:31 -0400
Subject: [PATCH 2/3] AD group p
I don't have any machine with RHEL5, so please be sure to test
> > the patch on it.
>
> Feel free to ping me for a RHEL5 machine with the new openldap-libs.
Thanks,
I'm sending corrected patch. Everything should be working now.
Jan
From e15b79676855e9ad9f62cfbf0f79072f7109130
Stephen Gallagher wrote:
> On Fri, 2011-04-01 at 16:46 +0200, Jan Zelený wrote:
> > These changes are all related to the following ticket:
> > https://fedorahosted.org/sssd/ticket/763
> >
> > Changes in SSSDConfig.py merge old and new domain record instead of just
> > deleting the old and inserti
Jan Zelený wrote:
> > On 04/15/2011 07:22 PM, Jan Zeleny wrote:
> > > I'm sending corrected patch. I have one comment though.
> > >
> > > Jakub Hrozek wrote:
> > >> Allocation error is a serious one and should be handled.
> > >
> &
red let's say in
sysdb_search_netgroups().
Jan
From 6f59aa750766c214955a3775585f080714fee889 Mon Sep 17 00:00:00 2001
From: Jan Zeleny
Date: Wed, 13 Apr 2011 08:16:37 -0400
Subject: [PATCH 1/2] Cache cleaning tool
---
Makefile.am | 10 ++-
contrib/sssd.spec.in |1 +
src/too
Stephen Gallagher wrote:
> When processing a request for a nonexistent user, we were returning a DP
> error when sysdb_delete_user() or sysdb_delete_group() returned ENOENT.
Ack
Jan
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://
Stephen Gallagher wrote:
> Patch 0001: Add debug logging to the negative cache
>
> Patch 0002: If a fully-qualified user or group was specified, we were
> falling through to a remote lookup regardless of the return value of the
> negative cache check. This patch ensures that we return ENOENT.
>
Jakub Hrozek wrote:
> On 04/14/2011 08:04 PM, Stephen Gallagher wrote:
> > On 04/06/2011 11:44 AM, Jakub Hrozek wrote:
> >> On 04/06/2011 12:40 PM, Jakub Hrozek wrote:
> >>> On 04/06/2011 08:58 AM, Jan Zelený wrote:
> Ack
>
> Jan
> >>>
> >>> Self nack, this needs documentation, to
if (strcmp(version, SYSDB_VERSION_0_6) == 0) {
> > +ret = sysdb_upgrade_06(ctx, &version);
> > +goto done;
> > +}
Sending updated patch. It addresses all three issues found in the previous
one.
Jan
From 0f6220c5601936cbb2cb17515bcf2288dba85dcf Mon Sep
Jan Zelený wrote:
> Jan Zelený wrote:
> > This functionality will be required in tickets #781 and #700.
> >
> > Jan
>
> This is corrected version - removes some compilation-time error messages.
>
> Jan
self-nack
I just found that this patch and my 008 patch have some bits mixed up, which
ca
Jan Zelený wrote:
> I'm sending two patches solving selection of appropriate principal for
> GSSAPI authentication from keytab file.
>
> A part of the first patch is a fix of an error present in the
> documentation. I did that early in the development phase of the patch and
> I didn't want to tam
Stephen Gallagher wrote:
> On 09/16/2010 05:05 PM, Stephen Gallagher wrote:
> > I've rewritten these patches. Now, instead of searching for individual
> > netgroup entries, the code will take advantage of the memberOf plugin to
> > return all netgroup triples in a single call to sysdb_getnetgr()
>
Stephen Gallagher wrote:
> On 09/03/2010 04:31 PM, Jan Zeleny wrote:
> > Stephen Gallagher wrote:
> >> if (be_is_offline(state->be_ctx)) {
> >>
> >> /* Ok, we're offline. Return from the cache */
> >>
Stephen Gallagher wrote:
> On 09/03/2010 08:11 AM, Jan Zelený wrote:
> > 0001-Dead-assignments-cleanup-in-providers-code.patch:
> > Here the biggest change is in prototype of sdap_access_decide_offline,
> > which IMO doesn't need to return any value, since it returns alway EOK
> > now and there is
75 matches
Mail list logo
