On 05/25/2017 12:16 PM, Joseph Fischetti wrote:
> I was able to build/install/test via copr, which is an awesome resource.
>
> Thanks Lukas for the suggestion. I'd still like to get it sorted at some
> point so I can use a local repository for the package, but this will work for
> the time bein
On 05/25/2017 12:04 PM, Lukas Slebodnik wrote:
> On (25/05/17 15:26), Joseph Fischetti wrote:
>> Thanks Lukas,
>> I did find the optional (and extras) repos, enabled them, etc, etc.
>>
>> After building from source rpm on a rhel7 machine, rpm/RPMS/x86_64 contains
>> ~30 rpms. rpm -Uvh * present
On 11/22/2016 09:38 AM, Simo Sorce wrote:
> On Tue, 2016-11-22 at 09:23 -0500, Stephen Gallagher wrote:
>> OK, so the service is only semi-socket-activated? If we're keeping tevent
>> timers
>> around for renewals and reaping, the service won't be exiting unless
Some thoughts inline:
On 11/22/2016 02:51 AM, Jakub Hrozek wrote:
...
> === Implementation details ===
> A new SSSD responder will be added. Since accessing the Kerberos credentials
> is quite an infrequent operation, the responder will be socket-activated.
>
> This responder would implement th
On 08/31/2016 01:40 PM, Fabiano Fidêncio wrote:
> Howdy!
>
> Taking a look on https://fedorahosted.org/sssd/ticket/2395 seems that
> there are a few ways to achieve what's proposed by Simo and I'd like
> to discuss one of those before start implementing it.
>
> As far as I understand the bug, SSS
On 08/31/2016 01:24 PM, Simo Sorce wrote:
> On Wed, 2016-08-31 at 17:41 +0200, Michal Židek wrote:
>> Hi,
>>
>> here is patch for ticket #3161.
>>
>> See more in the ticket description.
>>
>> I was thinking why we originally replaced
>> the lists and I think it comes from confusion
>> on how we han
On 08/17/2016 09:17 AM, Justin Stephenson wrote:
>
> On 08/17/2016 07:34 AM, Lukas Slebodnik wrote:
>> On (16/08/16 09:57), Justin Stephenson wrote:
>>> Thanks for the info, yes please go ahead and squash them.
>>>
>>> Kind regards,
>>> Justin Stephenson
>>>
>>> On 08/16/2016 09:32 AM, Jakub Hroze
On 08/12/2016 11:26 AM, Justin Stephenson wrote:
> code patch and man page attached, also added the PATCH: prefix to the commit
> message for the code patch.
>
> Kind regards,
>
> Justin Stephenson
>
>
> On 08/12/2016 06:00 AM, Jakub Hrozek wrote:
>> On Tue, Aug 09, 2016 at 12:04:56PM -0400, Ju
On 08/16/2016 09:26 AM, Jakub Hrozek wrote:
> On Tue, Aug 16, 2016 at 03:17:19PM +0200, Petr Cech wrote:
From 24d32d0eb12ddc433e64ffd6411e9e13f0067b35 Mon Sep 17 00:00:00 2001
From: Petr Cech
Date: Fri, 13 May 2016 05:21:07 -0400
Subject: [PATCH 1/5] AD_PROVIDER: Add ad_enabled
On 08/12/2016 07:30 AM, Lukas Slebodnik wrote:
> On (12/08/16 13:24), Jakub Hrozek wrote:
>> Hi,
>>
>> a simple one-liner is attached.
>
>>From c7bd0b7e695d031258ab47d8c425c9d5843d4069 Mon Sep 17 00:00:00 2001
>> From: Jakub Hrozek
>> Date: Fri, 12 Aug 2016 13:23:16 +0200
>> Subject: [PATCH] CONF
On 07/12/2016 03:40 AM, Petr Cech wrote:
> On 07/11/2016 08:22 PM, Jakub Hrozek wrote:
>> On Mon, Jul 11, 2016 at 09:49:15AM -0400, Stephen Gallagher wrote:
>>> On 07/11/2016 09:33 AM, Petr Cech wrote:
>>>> Hi list,
>>>>
>>>> how Jakub m
On 07/18/2016 03:40 PM, Stephen Gallagher wrote:
> On 07/14/2016 11:06 AM, Fabiano Fidêncio wrote:
>> Best Regards,
>>
>>
>
> Looks like it's too late, but I disagree with this patch. The reason that the
> logs are all in UTC is to make it easy to
On 07/14/2016 11:06 AM, Fabiano Fidêncio wrote:
> Best Regards,
>
>
Looks like it's too late, but I disagree with this patch. The reason that the
logs are all in UTC is to make it easy to correlate them if you are managing
geographically-diverse environments. If there's actual confusion about th
On 07/11/2016 09:33 AM, Petr Cech wrote:
> Hi list,
>
> how Jakub mentioned on internal list this debug message should be removed. So
> I
> attached simple patch for it.
>
I'd recommend changing it to "Trace: end of ldap_result list" rather than
deleting it.
signature.asc
Description: OpenP
On 06/20/2016 05:48 AM, Sumit Bose wrote:
> On Mon, Jun 20, 2016 at 11:15:20AM +0200, Lukas Slebodnik wrote:
>> BTW we can add Requires/Recommends into pacakge sssd-ad for this sub-pacakge.
>> So it will be installed by default.
>
> I think this is not needed. It is only needed for samba, not on a
On 06/20/2016 03:09 PM, Jakub Hrozek wrote:
> On Mon, Jun 20, 2016 at 08:54:18PM +0200, Lukas Slebodnik wrote:
>> ehlo,
>>
>> Attached is a sligtly modified version of Michal's patch.
>
> The same patch is attached twice. Was it by accident or did you mean to
> send two patches?
>
>> I fixed few
On 04/28/2016 09:30 AM, Lukas Slebodnik wrote:
> On (27/04/16 15:18), Stephen Gallagher wrote:
>> On 04/27/2016 05:57 AM, Pavel Březina wrote:
>>> On 04/26/2016 05:08 PM, Stephen Gallagher wrote:
>>>> Our users constantly make the mistake of typing `debug = 9` in th
On 05/13/2016 09:07 AM, Stephen Gallagher wrote:
> Polkit is an authorization mechanism of its own (similar to sudo). SSSD
> doesn't
> need to apply additional authorization decisions atop it, so we'll just accept
> it as "allow".
>
> Resolves:
> https
On 05/13/2016 10:29 AM, Lukas Slebodnik wrote:
> On (11/05/16 17:35), Lukas Slebodnik wrote:
>> On (10/05/16 17:06), Jakub Hrozek wrote:
>>> On Tue, May 10, 2016 at 09:51:18AM -0400, Stephen Gallagher wrote:
>>>> On 05/10/2016 09:45 AM, Jakub Hrozek wrote:
>> T
f08fe231a693a469 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
Date: Fri, 13 May 2016 09:03:29 -0400
Subject: [PATCH] GPO: Add "polkit-1" to ad_gpo_map_allow
Polkit is an authorization mechanism of its own (similar to sudo).
SSSD doesn't need to apply additional authorizati
On 05/10/2016 09:45 AM, Jakub Hrozek wrote:
> On Tue, Apr 19, 2016 at 02:09:14PM -0400, Stephen Gallagher wrote:
>> These patches provide support for shipping a default configuration file that
>> the
>> monitor will automatically copy to /etc/sssd/sssd.conf if none already
&
On 05/10/2016 09:00 AM, Lukas Slebodnik wrote:
> On (10/05/16 08:42), Stephen Gallagher wrote:
>> On 05/10/2016 07:24 AM, Lukas Slebodnik wrote:
>>> On (10/05/16 06:40), Stephen Gallagher wrote:
>>>> I was thinking this morning again about how we could deal with the
On 05/10/2016 07:24 AM, Lukas Slebodnik wrote:
> On (10/05/16 06:40), Stephen Gallagher wrote:
>> I was thinking this morning again about how we could deal with the 32-bit
>> on 64-bit problem. On Fedora 24 and newer, we have the ability to use rich
>> RPM dependenc
I was thinking this morning again about how we could deal with the 32-bit on
64-bit problem. On Fedora 24 and newer, we have the ability to use rich RPM
dependencies (Recommends: sssd-client.i686 if glibc.i686) That doesn't help on
older Fedora or RHEL systems though.
What if we were to split t
On 05/06/2016 07:05 AM, Lukas Slebodnik wrote:
> On (06/05/16 06:58), Stephen Gallagher wrote:
>>> On May 6, 2016, at 6:55 AM, Lukas Slebodnik wrote:
>>>
>>>> On (05/05/16 10:46), Stephen Gallagher wrote:
>>>> Ubuntu systems use "unity" as
> On May 6, 2016, at 6:55 AM, Lukas Slebodnik wrote:
>
>> On (05/05/16 10:46), Stephen Gallagher wrote:
>> Ubuntu systems use "unity" as their screen-locker. Without this in the
>> defaults,
>> people often get locked out of their machines when the
2001
From: Stephen Gallagher
Date: Thu, 5 May 2016 10:44:24 -0400
Subject: [PATCH] GPO: Add "unity" to ad_gpo_map_interactive
Ubuntu systems use "unity" as their screen-locker. Without this in the
defaults, people often get locked out of their machines when the
On 04/27/2016 06:44 AM, Petr Cech wrote:
> On 04/27/2016 08:47 AM, Petr Cech wrote:
>> On 04/26/2016 05:08 PM, Stephen Gallagher wrote:
>>> Our users constantly make the mistake of typing `debug = 9` in the
>>> sssd.conf
>>> instead of `debug_level =
On 04/27/2016 05:57 AM, Pavel Březina wrote:
> On 04/26/2016 05:08 PM, Stephen Gallagher wrote:
>> Our users constantly make the mistake of typing `debug = 9` in the sssd.conf
>> instead of `debug_level = 9` as would be correct. This happens
>> frequently-enough
>> t
f59256f027bb15a5cff317e5b1d418107b4a0a95 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
Date: Tue, 26 Apr 2016 11:04:36 -0400
Subject: [PATCH] DEBUG: Add `debug` alias for debug_level
Our users constantly make the mistake of typing `debug = 9` in the
sssd.conf instead of `debug_level = 9` as would
module to allow
this access.
From 0ec3577f3cc543b2d9b0b8edc47705e679327ee4 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
Date: Tue, 19 Apr 2016 09:17:52 -0400
Subject: [PATCH 1/3] UTIL: Add secure copy function
This is a precursor to supporting a static default configuration file.
We need to be able t
> On Apr 7, 2016, at 3:27 AM, Lukas Slebodnik wrote:
>
>> On (06/04/16 15:38), Jakub Hrozek wrote:
>>> On Wed, Apr 06, 2016 at 03:16:20PM +0200, Jakub Hrozek wrote:
>>>> On Wed, Apr 06, 2016 at 08:39:39AM -0400, Stephen Gallagher wrote:
>>>>
&
> On Apr 6, 2016, at 8:37 AM, Jakub Hrozek wrote:
>
>> On Tue, Apr 05, 2016 at 02:34:33PM -0400, Stephen Gallagher wrote:
>> We only need to go online if we receive a netlink signal that might
>> indicate that the external connection might have become available. This
&
We only need to go online if we receive a netlink signal that might
indicate that the external connection might have become available. This
will never be true for link-local addresses.
From 672b2335c4f94a16a9955814ff77c85462934043 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
Date: Tue, 5 Apr
On 04/04/2016 08:54 AM, Jakub Hrozek wrote:
> On Mon, Apr 04, 2016 at 02:30:16PM +0200, Lukas Slebodnik wrote:
>> On (04/04/16 13:57), Jakub Hrozek wrote:
>>> Hi,
>>>
>>> I'm looking at a logfile from one sssd installation and I'm wondering if
>>> it's a GPO bug. The relevant part of the logs is:
>
On 03/22/2016 07:42 AM, Pavel Reichl wrote:
> Hello,
>
> Pavel Březina and I have prepared the 1st draft of design document. We mostly
> focused on summing up its future functionality and its interface.
>
> Please comment if you miss some essential functionality or if you would prefer
> some diff
Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
Date: Fri, 26 Feb 2016 13:10:50 -0500
Subject: [PATCH 1/2] GPO: Add Cockpit to the Remote Interactive defaults
The Cockpit Project is an administrative console that is gaining in
popularity and is a default component on some operating systems (such
as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/14/2016 05:19 AM, Pavel Březina wrote:
> On 01/13/2016 03:45 PM, Stephen Gallagher wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>
>> On 01/13/2016 07:25 AM, Pavel Březina wrote:
>>> https://fed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/13/2016 07:25 AM, Pavel Březina wrote:
> https://fedorahosted.org/sssd/ticket/2906
>
> Hi, I'm CCing Stephen as he is original author of the code.
>
> Without this patch I am not able to work with AD when
> ldap_referrals=true, with this patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2015 05:32 AM, Petr Cech wrote:
> On 11/04/2015 11:24 AM, Jakub Hrozek wrote:
>> Hi,
>>
>> I created this patch to try to diagnose an issue where sssd
>> would randomly restart on any of machines in a VM cluster without
>> giving too much adv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/28/2015 04:48 PM, Lukas Slebodnik wrote:
> On (28/10/15 09:03), Stephen Gallagher wrote:
>> On 10/27/2015 05:33 PM, Lukas Slebodnik wrote:
>>> On (27/10/15 09:48), Stephen Gallagher wrote:
>>>> We get an error messa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/27/2015 05:33 PM, Lukas Slebodnik wrote:
> On (27/10/15 09:48), Stephen Gallagher wrote:
>> We get an error message if we start up SSSD and the debug log
>> does not yet exist.
>
>> From 53592734f73c50029fa573b9bc0704373
: GnuPG v2
iEYEARECAAYFAlYvgvQACgkQeiVVYja6o6NeVQCgocyUqrHud6p+KyyDULRdtx+/
Vj0AoIEfXJAbEgwDEgAmDJBuRLNv0v+n
=h2IT
-END PGP SIGNATURE-
>From 9a53c342335ce68ec8196c5d05fecf8e12197411 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
Date: Tue, 27 Oct 2015 09:55:11 -0400
Subject: [PATCH] Moni
SIGNATURE-
>From 53592734f73c50029fa573b9bc070437304ea489 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
Date: Tue, 27 Oct 2015 09:39:01 -0400
Subject: [PATCH] DEBUG: Don't error on chown of nonexistent file
We get an error message if we start up SSSD and the debug log does not
y
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/08/2015 05:16 AM, Lukas Slebodnik wrote:
> On (23/01/15 12:27), Stephen Gallagher wrote:
>> On Fri, 2015-01-23 at 17:27 +0100, Jakub Hrozek wrote:
>>> On Fri, Jan 23, 2015 at 05:24:51PM +0100, Michal Židek wrote:
>>&
/ActiveDirectoryGPOIntegra
tion
We also need to delete the result object from the cache to ensure that
offline operation will also grant access.
Resolves:
https://fedorahosted.org/sssd/ticket/2691From 06e58a26fd5b59631b479f2f076e80ecfae425b8 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
Date: Mon, 20 Jul 2015 09:29
On Tue, 2015-06-30 at 12:04 +0200, Jakub Hrozek wrote:
> On Tue, Jun 30, 2015 at 10:30:16AM +0200, Jan Pazdziora wrote:
> > > - Running sssd in environment where all actions complete
> > > successfully
> > > should emit no debug messages. Default log level should be
> > > moved to
> > > SSSDB
On Fri, 2015-06-12 at 21:30 +0200, Jakub Hrozek wrote:
> On Fri, Jun 12, 2015 at 06:33:16PM +0200, Lukas Slebodnik wrote:
> > On (12/06/15 16:45), Jakub Hrozek wrote:
> > > === SSSD 1.12.5 ===
> > >
> > > The SSSD team is proud to announce the release of version 1.12.5
> > >
On Thu, 2015-06-11 at 16:19 +0200, Lukas Slebodnik wrote:
> On (11/06/15 09:35), Stephen Gallagher wrote:
> > On Thu, 2015-06-11 at 09:19 -0400, Stephen Gallagher wrote:
> > > We're attempting to use strerror() to print the result from
> > > ad_gpo_access_check
On Thu, 2015-06-11 at 09:19 -0400, Stephen Gallagher wrote:
> We're attempting to use strerror() to print the result from
> ad_gpo_access_check(), but that function returns an extended SSSD
> errno.
>
> This resulted in "Unknown Error" being printed to the logs.
A
We're attempting to use strerror() to print the result from
ad_gpo_access_check(), but that function returns an extended SSSD
errno.
This resulted in "Unknown Error" being printed to the logs.
signature.asc
Description: This is a digitally signed message part
On Wed, 2015-05-27 at 15:54 -0400, Stephen Gallagher wrote:
> On Wed, 2015-05-27 at 21:36 +0200, Lukas Slebodnik wrote:
> > On (27/05/15 15:30), Stephen Gallagher wrote:
> > > On Wed, 2015-05-27 at 13:31 -0400, Stephen Gallagher wrote:
> > > > To set up a V
On Fri, 2015-05-22 at 16:13 +0200, Jakub Hrozek wrote:
> On Thu, May 21, 2015 at 01:43:19PM +0200, Lukas Slebodnik wrote:
> > ehlo,
> >
> > There were some failed tests in ci log
> > http://sssd-ci.duckdns.org/logs/job/12/67/fedora_rawhide/ci.html
> > http://sssd-ci.duckdns.org/logs/job/14/07/fedo
On Wed, 2015-05-27 at 11:15 +0200, Jakub Hrozek wrote:
> On Tue, May 26, 2015 at 03:56:35PM -0400, Stephen Gallagher wrote:
> > Sorry for the delay; two new patches attached.
> >
> > This patch fixes the two missing error checks in the AD GPO code as
> > well as ma
On Wed, 2015-05-27 at 21:36 +0200, Lukas Slebodnik wrote:
> On (27/05/15 15:30), Stephen Gallagher wrote:
> > On Wed, 2015-05-27 at 13:31 -0400, Stephen Gallagher wrote:
> > > To set up a Vagrant development environment:
> > > * Install the Vagrant packages for your deve
On Wed, 2015-05-27 at 13:31 -0400, Stephen Gallagher wrote:
> To set up a Vagrant development environment:
> * Install the Vagrant packages for your development system
> * On Fedora 22 and later: 'dnf install vagrant-libvirt'
> * Deploy the Vagrant box:
> * &#
On Fri, 2015-05-22 at 13:04 +0200, Jakub Hrozek wrote:
> On Thu, May 14, 2015 at 05:58:49PM +0200, Jakub Hrozek wrote:
> > On Thu, May 14, 2015 at 11:49:17AM -0400, Stephen Gallagher wrote:
> > > On Thu, 2015-05-14 at 17:42 +0200, Jakub Hrozek wrote:
> > > > On W
On Thu, 2015-05-14 at 17:42 +0200, Jakub Hrozek wrote:
> On Wed, May 06, 2015 at 02:26:30PM -0400, Stephen Gallagher wrote:
> > Patch 0001: LDAP: Support returning referral information
> >
> > Some callers may be interested in the raw referral values returned
> > fr
On Mon, 2015-05-11 at 09:52 +0200, Jakub Hrozek wrote:
> Hi,
>
> while triaging a performance-related issue, I realized our manpage
> doesn't say also users and groups are now supported by the background
> refresh. The attached patch fixes that.
I'd recommend the phrasing:
"The background refre
On Mon, 2015-05-11 at 19:15 +0200, Jakub Hrozek wrote:
> On Mon, May 11, 2015 at 03:18:55PM +0200, Lukas Slebodnik wrote:
> > On (11/05/15 12:51), Jakub Hrozek wrote:
> > > On Mon, May 11, 2015 at 11:15:29AM +0200, Lukas Slebodnik wrote:
> > > > Please document in man pages that it is not possible
https://fedorahosted.org/sssd/ticket/2645From 3f8826061d34639ddaaf245947085ea577e77fbe Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
Date: Fri, 1 May 2015 11:42:06 -0400
Subject: [PATCH 1/2] LDAP: Support returning referral information
Some callers may be interested in the raw referral values returned
On Wed, 2015-04-29 at 18:50 +0200, Lukas Slebodnik wrote:
> On (29/04/15 08:00), Stephen Gallagher wrote:
> > I'm not aware of any situation where this would be a sensible
> > reply,
> > so this should be fine (and at worst, safe).
> >
> > I suspect (but s
On Wed, 2015-04-29 at 09:38 +0200, Lukas Slebodnik wrote:
> On (24/04/15 14:07), Jakub Hrozek wrote:
> > On Fri, Apr 24, 2015 at 02:01:11PM +0200, Lukas Slebodnik wrote:
> > > On (24/04/15 12:43), Jakub Hrozek wrote:
> > > > On Thu, Apr 23, 2015 at 07:29
On Thu, 2015-04-23 at 08:14 +0200, Lukas Slebodnik wrote:
> On (20/04/15 14:38), Stephen Gallagher wrote:
> > On Mon, 2015-04-20 at 08:53 +0200, Lukas Slebodnik wrote:
> > > ehlo,
> > >
> > > attached patch fixes crash in
> > > https://fedorahosted.o
On Mon, 2015-04-20 at 08:53 +0200, Lukas Slebodnik wrote:
> ehlo,
>
> attached patch fixes crash in
> https://fedorahosted.org/sssd/ticket/2629
>
Nack. I'd rather we fixed the root of this problem. I did some digging
this afternoon and tracked the issue back to ad_gpo.c line 3499 (in
current
ide a different default
value.From 3ef7523f4e0e8bd6a5e182bd64790b6ab9f5c310 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
Date: Mon, 20 Apr 2015 10:51:04 -0400
Subject: [PATCH] AD GPO: Change default to "enforcing"
When a user enrolls a system against Active Directory, the expectation
is
d/ticket/2606From 39a0dc5dd670cb251e3c9a3b35aca9dbb2ede061 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
Date: Tue, 14 Apr 2015 13:07:36 -0400
Subject: [PATCH 1/3] AD: Clean up ad_access_gpo
Align goto usage with conventions in the rest of the source.
---
src/providers/ad/ad_gpo.c | 12 +++
On Fri, 2015-03-27 at 11:00 +0100, Pavel Reichl wrote:
> On 03/26/2015 06:09 PM, Stephen Gallagher wrote:
> > On Thu, 2015-03-26 at 17:51 +0100, Pavel Reichl wrote:
> > > Hello,
> > >
> > > please see this trivial patch.
> > >
> > > I CC
On Thu, 2015-03-26 at 17:51 +0100, Pavel Reichl wrote:
> Hello,
>
> please see this trivial patch.
>
> I CCed Stephen in hope that he would be so kind and do the language
> review.
>
> Thanks!
"The value of 'pwdAccountLockedTime' attribute must end with 'Z' as
only UTC time zone is currently
On Mon, 2015-03-02 at 14:43 +0100, Lukas Slebodnik wrote:
> On (02/03/15 14:39), Sumit Bose wrote:
> > On Mon, Mar 02, 2015 at 11:27:09AM +0100, Sumit Bose wrote:
> > > On Mon, Mar 02, 2015 at 10:43:36AM +0100, Jakub Hrozek wrote:
> > > > On Mon, Mar 02, 2015 at 10:41:22AM +0100, Pavel Reichl wrote
On Thu, 2015-02-26 at 14:01 +0100, Jakub Hrozek wrote:
> On Thu, Feb 26, 2015 at 11:26:13AM +0100, Lukas Slebodnik wrote:
> > On (26/02/15 11:17), Jakub Hrozek wrote:
> > > On Wed, Feb 25, 2015 at 11:53:00PM +0100, Lukas Slebodnik wrote:
> > > > On (25/02/15 23:34), Jakub Hrozek wrote:
> > > > > On
On Tue, 2015-02-24 at 11:10 +0100, Lukas Slebodnik wrote:
> On (24/02/15 01:26), Lukas Slebodnik wrote:
> > On (18/02/15 16:36), Stephen Gallagher wrote:
> > >
> > >
> > >
> > > On Tue, 2015-02-10 at 23:40 +0100, Lukas Slebodnik wrote:
&g
On Tue, 2015-02-10 at 23:40 +0100, Lukas Slebodnik wrote:
> ehlo,
>
> Attached patches:
> * drop support for python < 2.6
> * fix packaging of binding (backward incompatible change)
> * add possibility to build python{2,3} bindings
>
> There are also small other enhancements.
Patch 0005-001
On Thu, 2015-02-12 at 19:32 +0100, Lukas Slebodnik wrote:
> ehlo,
>
> attached is a simple patch for ticket #2572
>
> My reproducer:
> * start sssd
> * attach gdb to some service e.g. nss
> - DO NOT RUN any command (we just need to simulate unresponsive service)
> * wait until monitor send
On Fri, 2015-01-23 at 17:27 +0100, Jakub Hrozek wrote:
> On Fri, Jan 23, 2015 at 05:24:51PM +0100, Michal Židek wrote:
> > On 01/23/2015 04:35 PM, Lukas Slebodnik wrote:
> > >On (23/01/15 10:21), Stephen Gallagher wrote:
> > >>
> > >>
> > &
On Fri, 2015-01-23 at 14:39 +0100, Lukas Slebodnik wrote:
> ehlo,
>
> I was reprodicing other bug and it took me some time to find out why I was not
> able to resolve user. RID was bigger than range size.
>
> I saw just general message about id mapping failer
> [sdap_save_user] (0x0400): Proce
On Mon, 2015-01-19 at 09:58 +0100, Jakub Hrozek wrote:
> On Mon, Jan 19, 2015 at 09:39:41AM +0100, Pavel Reichl wrote:
> > >>man page:
> > >>Specify AD site client should try to connect to.
> > >>Specify AD site to which client should try to connect.
> > >>
> > >>Which one sounds better?
> > >I
On Wed, 2015-01-14 at 13:34 +0100, Pavel Reichl wrote:
> On 01/13/2015 08:39 PM, Stephen Gallagher wrote:
> >
> >
> > On Tue, 2015-01-13 at 18:58 +0100, Pavel Reichl wrote:
> >> Hello,
> >>
> >> please see simple patch attached.
> >>
On Tue, 2015-01-13 at 18:58 +0100, Pavel Reichl wrote:
> Hello,
>
> please see simple patch attached.
>
> Thanks!
Nack.
First, what exactly is this service doing? I don't think we would want
to map it to ServiceLogonRight. That's intended for granting access to
the machine from a service (a
On Wed, 2014-12-10 at 14:59 -0500, Stephen Gallagher wrote:
> There are actually two bugs here:
>
> 1) When either the kill(SIGTERM) or kill(SIGKILL) commands returned
> failure (for any reason), we would talloc_free(svc) which removed it
> from being eligible for restart, r
icket/2525
From 02417814befc89609e2ca6490a4791de5032dc99 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
Date: Wed, 10 Dec 2014 14:16:49 -0500
Subject: [PATCH] monitor: Service restart fixes
There are actually two bugs here:
1) When either the kill(SIGTERM) or kill(SIGKILL) commands returned
failure (for any reason), we wo
On Sat, 2014-11-22 at 14:24 +0100, Jakub Hrozek wrote:
> On Fri, Nov 21, 2014 at 04:26:58PM -0500, Stephen Gallagher wrote:
> >
> >
> >
> > On Fri, 2014-11-21 at 20:03 +0100, Jakub Hrozek wrote:
> > > Hi,
> > >
> > > I was going throug
On Fri, 2014-11-21 at 20:03 +0100, Jakub Hrozek wrote:
> Hi,
>
> I was going through our design page that describes the rootless sssd and
> I'd like to discuss the default ownership of sssd.conf a bit more.
>
> In the design document we proposed to change the default ownership to
> sssd.sssd.
On Thu, 2014-11-13 at 13:39 +0100, Lukas Slebodnik wrote:
> On (13/11/14 12:22), Jakub Hrozek wrote:
> >On Thu, Nov 13, 2014 at 11:17:15AM +0100, Lukas Slebodnik wrote:
> >> On (13/11/14 10:44), Jakub Hrozek wrote:
> >> >On Wed, Nov 12, 2014 at 08:04:46PM -0500, Simo Sorce wrote:
> >> >> On Wed,
On Fri, 2014-10-03 at 16:46 +0200, Jakub Hrozek wrote:
> Hi,
>
> While I was talking to the Fedora automake maintainer about an
> enhancement related to test environment, he suggested to make the change
> in the attached patch.
How far back does that macro go? Does it cover all platforms tha
On Thu, 2014-10-02 at 19:27 +0200, Lukas Slebodnik wrote:
> ehlo,
>
> Some internal gpo functions [1] were called just once and with constant
> NDR_SCALARS as 2nd argument(ndr_flags), but 2nd argument was not used
> in these functions[1]. They used constant NDR_SCALARS.
>
> [1] ndr_pull_securi
On Thu, 2014-10-02 at 19:29 +0200, Lukas Slebodnik wrote:
> ehlo,
>
> Talloc context was not used in functions ad_gpo_parse_gpo_child_response
> ad_gpo_process_cse_recv, ad_gpo_store_policy_settings.
>
> Patch is attached.
Ack
signature.asc
Description: This is a digitally signed message
On Thu, 2014-10-02 at 11:45 +0200, Jakub Hrozek wrote:
> On Wed, Oct 01, 2014 at 10:50:26PM -0400, Stephen Gallagher wrote:
> > Sorry it took me so long to finish this review. The code is mostly
> > right, but I found three issues that needed to be addressed before we
>
On Wed, 2014-10-01 at 22:50 -0400, Stephen Gallagher wrote:
>
>
> On Thu, 2014-09-11 at 23:51 -0400, Yassir Elley wrote:
> >
> > - Original Message -
> > >
> > >
> > > - Original Message -
> > > > Hi,
> > &
I made, see
https://reviewboard-fedoraserver.rhcloud.com/r/80/diff/2-3/ (I tracked
my review there as I went through, so I wouldn't miss any corrections
and as a sort of proof-of-concept)
I (believe) I have done a very thorough review of this code, so I'd ask
that someon
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/25/2014 03:40 PM, Stephen Gallagher wrote:
> On 09/25/2014 04:56 AM, Jakub Hrozek wrote:
>> On Wed, Sep 24, 2014 at 11:10:00AM -0400, Stephen Gallagher
>> wrote: We were assuming that the ad_hostname value would match
>&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/25/2014 04:56 AM, Jakub Hrozek wrote:
> On Wed, Sep 24, 2014 at 11:10:00AM -0400, Stephen Gallagher wrote:
> We were assuming that the ad_hostname value would match the
> sAMAccountName attribute, but in practice this was almost ne
Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
Date: Tue, 23 Sep 2014 17:44:41 -0400
Subject: [PATCH] AD GPO: Fix incorrect sAMAccountName selection
---
src/providers/ad/ad_gpo.c | 20 +++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/providers/ad/ad_gpo
v1
iEYEARECAAYFAlQi3YEACgkQeiVVYja6o6PqAACgjb4ISPCELnMMBIoKKHX/tj8r
UdgAmQHRTCMC0BQo8oBlFy4ZKNj1gshs
=AaTR
-END PGP SIGNATURE-
>From fee75b35053029a9b856a231f99fa607bd91e8e4 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
Date: Wed, 24 Sep 2014 11:00:44 -0400
Subject: [PATCH] UTIL: Do not change SSSD domains in get_domains_head
When the
On 09/03/2014 07:59 PM, Stephen Gallagher wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 08/28/2014 10:00 PM, John Koelndorfer wrote:
> > Hey folks,
> >
> > Some quick background on this small patch I prepared. I run sssd on
> > my desktop (an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/28/2014 10:00 PM, John Koelndorfer wrote:
> Hey folks,
>
> Some quick background on this small patch I prepared. I run sssd on
> my desktop (and servers) to authenticate against a Samba 4 DC. I
> found that when I attempted to log in via KDM and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/20/2014 09:20 AM, Jakub Hrozek wrote:
> Hi,
>
> with the current SSSD code, an LDAP search that results in a
> referral fails completely with EIO and usually sends the whole
> backend to offline mode. I think this is too strict and if the
> admi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/22/2014 09:32 AM, Michal Židek wrote:
> On 07/22/2014 02:49 PM, Pavel Reichl wrote:
>>
>> On 07/22/2014 02:03 PM, Pavel Reichl wrote:
>>> I finally tested the patches and it seems to me to be working
>>> with AD and LDAP provider, but does not s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/20/2014 03:20 PM, Jakub Hrozek wrote:
> On Fri, Jul 18, 2014 at 05:32:09PM +0200, Lukas Slebodnik wrote:
>> On (18/07/14 16:34), Jakub Hrozek wrote:
>>> On Thu, Jul 17, 2014 at 04:35:31PM +0200, Lukas Slebodnik
>>> wrote:
ehlo,
Th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/10/2014 12:24 PM, Lukas Slebodnik wrote:
> On (10/07/14 10:51), Stephen Gallagher wrote:
>> On 07/10/2014 05:46 AM, Lukas Slebodnik wrote:
>>> On (07/07/14 20:22), Stephen Gallagher wrote:
>>>> On 07/07/2014 1
1 - 100 of 4680 matches
Mail list logo
