Re: [SSSD] [PATCH] IPA: add callback to reset subdomain timeouts

2013-10-22 Thread Sumit Bose
On Tue, Oct 22, 2013 at 10:15:27AM +0200, Jakub Hrozek wrote: On Mon, Oct 21, 2013 at 02:54:24PM +0200, Sumit Bose wrote: Hi, these two patches are the SSSD part to fix https://fedorahosted.org/sssd/ticket/2030 . To reset the timeouts I introduced a new callback type which is always

Re: [SSSD] [PATCH] sdap_get_generic_ext_send: check if we a re still connected

2013-10-22 Thread Sumit Bose
On Tue, Oct 22, 2013 at 10:46:04AM +0200, Sumit Bose wrote: Hi, this patch tries to fix https://fedorahosted.org/sssd/ticket/2126 . Se commit message for details. sorry, but the check in the first patch is too strict. When doing a rootDSE lookup as the very first LDAP request sh-connected

Re: [SSSD] [PATCH] IPA: add callback to reset subdomain timeouts

2013-10-22 Thread Sumit Bose
On Tue, Oct 22, 2013 at 10:58:57AM +0200, Sumit Bose wrote: On Tue, Oct 22, 2013 at 10:15:27AM +0200, Jakub Hrozek wrote: On Mon, Oct 21, 2013 at 02:54:24PM +0200, Sumit Bose wrote: Hi, these two patches are the SSSD part to fix https://fedorahosted.org/sssd/ticket/2030 . To reset

[SSSD] [PATCHES] IPA: add trusted domains with missing idrange

2013-10-24 Thread Sumit Bose
member domain gets a proper range assigned if the forest root is configured to manage the POSIX attributes. bye, Sumit From e1a86771137f67e0e8d24c4bbb014bfc21d85538 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Wed, 23 Oct 2013 14:39:55 +0200 Subject: [PATCH 1/4] find_subdomain_by_sid

Re: [SSSD] [PATCH] AD: fall back to LDAP if GC is not available.

2013-10-25 Thread Sumit Bose
On Thu, Oct 24, 2013 at 11:54:30AM +0200, Lukas Slebodnik wrote: ehlo, Global catalog port was ignored from SRV record, hard coded value was used every time. 1st patch should fix it. good catch, but see my comment below. 2nd patch add fall back to LDAP if GC is not available. with this

Re: [SSSD] [PATCHES] IPA: add trusted domains with missing idrange

2013-10-25 Thread Sumit Bose
On Fri, Oct 25, 2013 at 11:21:28AM +0200, Jakub Hrozek wrote: On Thu, Oct 24, 2013 at 02:14:59PM +0200, Sumit Bose wrote: Hi, this patch set tries to fix https://fedorahosted.org/sssd/ticket/2101 . Currently we rely on the fact that the external mapping is the default in the case

Re: [SSSD] [PATCHES] dp: free sdap domain if subdomain is removed

2013-10-25 Thread Sumit Bose
On Thu, Oct 24, 2013 at 01:13:25PM +0200, Pavel Březina wrote: https://fedorahosted.org/sssd/ticket/1968 The patches do not cleanly apply to current master, can you send a rebased version? bye, Sumit ___ sssd-devel mailing list

Re: [SSSD] [PATCH] AD: fall back to LDAP if GC is not available.

2013-10-25 Thread Sumit Bose
On Fri, Oct 25, 2013 at 02:46:31PM +0200, Lukas Slebodnik wrote: On (25/10/13 11:54), Sumit Bose wrote: On Thu, Oct 24, 2013 at 11:54:30AM +0200, Lukas Slebodnik wrote: ehlo, Global catalog port was ignored from SRV record, hard coded value was used every time. 1st patch should fix

Re: [SSSD] [PATCHES] dp: free sdap domain if subdomain is removed

2013-10-25 Thread Sumit Bose
On Fri, Oct 25, 2013 at 03:09:54PM +0200, Pavel Březina wrote: On 10/25/2013 02:44 PM, Sumit Bose wrote: On Thu, Oct 24, 2013 at 01:13:25PM +0200, Pavel Březina wrote: https://fedorahosted.org/sssd/ticket/1968 The patches do not cleanly apply to current master, can you send a rebased

Re: [SSSD] [PATCH] ad: support cross domain membership

2013-10-25 Thread Sumit Bose
On Fri, Oct 25, 2013 at 12:58:23PM +0200, Pavel Březina wrote: On 10/25/2013 10:55 AM, Pavel Březina wrote: On 10/24/2013 08:40 PM, Jakub Hrozek wrote: On Wed, Oct 02, 2013 at 04:13:32PM +0200, Pavel Březina wrote: On 10/01/2013 09:54 PM, Jakub Hrozek wrote: On Tue, Sep 24, 2013 at 03:17:47PM

Re: [SSSD] [PATCHES] dp: free sdap domain if subdomain is removed

2013-10-25 Thread Sumit Bose
On Fri, Oct 25, 2013 at 01:42:56PM -0400, Pavel Brezina wrote: - Original Message - From: Sumit Bose sb...@redhat.com To: sssd-devel@lists.fedorahosted.org Sent: Friday, October 25, 2013 4:56:58 PM Subject: Re: [SSSD] [PATCHES] dp: free sdap domain if subdomain is removed

Re: [SSSD] [PATCH] NSS: Print FQDN for groups with mixed domain membership

2013-10-29 Thread Sumit Bose
On Mon, Oct 28, 2013 at 10:28:07PM +0100, Jakub Hrozek wrote: On Mon, Oct 28, 2013 at 10:20:24PM +0100, Sumit Bose wrote: On Mon, Oct 28, 2013 at 04:55:17PM +0100, Jakub Hrozek wrote: Hi, The first patch adds a unit test for getgrnam. I wanted to make sure we don't break anything

Re: [SSSD] [PATCH] NSS: Print FQDN for groups with mixed domain membership

2013-10-29 Thread Sumit Bose
On Tue, Oct 29, 2013 at 11:41:52AM +0100, Jakub Hrozek wrote: On Tue, Oct 29, 2013 at 10:12:34AM +0100, Jakub Hrozek wrote: On Tue, Oct 29, 2013 at 09:43:08AM +0100, Sumit Bose wrote: On Mon, Oct 28, 2013 at 10:28:07PM +0100, Jakub Hrozek wrote: On Mon, Oct 28, 2013 at 10:20:24PM +0100

Re: [SSSD] [PATCH] NSS: Print FQDN for groups with mixed domain membership

2013-10-29 Thread Sumit Bose
On Tue, Oct 29, 2013 at 02:46:22PM +0100, Jakub Hrozek wrote: On Tue, Oct 29, 2013 at 12:37:11PM +0100, Sumit Bose wrote: On Tue, Oct 29, 2013 at 11:41:52AM +0100, Jakub Hrozek wrote: On Tue, Oct 29, 2013 at 10:12:34AM +0100, Jakub Hrozek wrote: On Tue, Oct 29, 2013 at 09:43:08AM +0100

[SSSD] [PATCH] ad_subdom_store: check ID mapping of the domain not of the

2013-10-29 Thread Sumit Bose
Hi, Pavel found an issue while using getpwuid() or getgrgid() with algorithmic mapping for sub-domain users and an empty cache. This patch should fix the issue. bye, Sumit From 9bd5a2eb683485e092d64a2fddff047f56fa7836 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Tue, 29 Oct

Re: [SSSD] [PATCH] free sid obtained from sss_idmap_unix_to_sid()

2013-10-30 Thread Sumit Bose
On Wed, Oct 30, 2013 at 04:32:58PM +0100, Jakub Hrozek wrote: On Wed, Oct 30, 2013 at 11:26:21AM -0400, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/30/2013 10:29 AM, Pavel Březina wrote: Nack. This happens to work by coincidence (we're

[SSSD] [PATCH] be_spy_create: free be_req and not the long living data

2013-10-30 Thread Sumit Bose
Hi, Steeve found some unusual behaviour during his test which led to the shutdown of the whole SSSD. The attached patch should fix it. bye, Sumit From 005ac171d7bcc57db262f9df50a8ba22b01ec510 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Wed, 30 Oct 2013 16:49:26 +0100 Subject

Re: [SSSD] [PATCH] ad: support cross domain membership

2013-10-30 Thread Sumit Bose
On Wed, Oct 30, 2013 at 03:21:16PM +0100, Pavel Březina wrote: On 10/29/2013 01:43 PM, Pavel Březina wrote: On 10/28/2013 10:00 PM, Sumit Bose wrote: On Mon, Oct 28, 2013 at 04:51:27PM +0100, Jakub Hrozek wrote: On Fri, Oct 25, 2013 at 10:40:28PM +0200, Jakub Hrozek wrote: On Fri, Oct 25

Re: [SSSD] [PATCH] AD: Fix ad_access_filter parsing with empty filter

2013-10-30 Thread Sumit Bose
On Wed, Oct 30, 2013 at 09:43:55PM +0100, Jakub Hrozek wrote: I'm sorry about the breakage, but if the ad_access_filter was unset yet access_provider was set to AD, access was denied. Even though the access order was set correctly to expire, filter, the filter being NULL caused problems. A

Re: [SSSD] [PATCH] NSS: Check allocation result

2013-11-01 Thread Sumit Bose
On Thu, Oct 31, 2013 at 07:51:20PM +0100, Jakub Hrozek wrote: On Thu, Oct 31, 2013 at 10:37:13AM +0100, Pavel Březina wrote: On 10/22/2013 12:29 PM, Jakub Hrozek wrote: On Mon, Oct 21, 2013 at 05:33:33PM +0200, Jakub Hrozek wrote: On Mon, Oct 21, 2013 at 10:38:19AM -0400, Simo Sorce wrote:

[SSSD] [PATCH] Build cifs plugin depending on the existence of cifsidmap.h

2013-11-01 Thread Sumit Bose
Hi, with this patch it is not required anymore to have cifs-utils-devel installed for the default build. Fixes https://fedorahosted.org/sssd/ticket/2125 bye, Sumit From 35f5932946d67a943146411a336afac34a78fb90 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Fri, 1 Nov 2013 18

[SSSD] [PATCH] Enhance/add unit tests for find_subdomain_by_sid/name

2013-11-01 Thread Sumit Bose
Hi, recently I added some unit tests for find_subdomain_by_sid. This patch enhances those and adds similar tests for find_subdomain_by_name. bye, Sumit From b388d07ff5f81473c6f54dade9a7acd1a17f7d0c Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Fri, 1 Nov 2013 18:40:08 +0100

Re: [SSSD] [PATCHES] idmap: add API to free allocated SIDs

2013-11-04 Thread Sumit Bose
On Mon, Nov 04, 2013 at 12:13:52PM +0100, Pavel Březina wrote: https://fedorahosted.org/sssd/ticket/2133 Patches are looking good, I wonder why you did not cover binary SIDs, i.e. *_to_bin_sid() calls? bye, Sumit ___ sssd-devel mailing list

Re: [SSSD] [PATCH] Build cifs plugin depending on the existence of cifsidmap.h

2013-11-04 Thread Sumit Bose
On Mon, Nov 04, 2013 at 12:05:15PM +0100, Lukas Slebodnik wrote: On (01/11/13 18:41), Sumit Bose wrote: Hi, with this patch it is not required anymore to have cifs-utils-devel installed for the default build. Fixes https://fedorahosted.org/sssd/ticket/2125 bye, Sumit From

Re: [SSSD] [PATCH] Build cifs plugin depending on the existence of cifsidmap.h

2013-11-04 Thread Sumit Bose
On Mon, Nov 04, 2013 at 10:36:56AM -0500, Simo Sorce wrote: On Mon, 2013-11-04 at 16:21 +0100, Sumit Bose wrote: On Mon, Nov 04, 2013 at 12:05:15PM +0100, Lukas Slebodnik wrote: On (01/11/13 18:41), Sumit Bose wrote: Hi, with this patch it is not required anymore to have cifs-utils

Re: [SSSD] [PATCHES] idmap: add API to free allocated SIDs

2013-11-06 Thread Sumit Bose
On Tue, Nov 05, 2013 at 12:29:25PM +0100, Pavel Březina wrote: On 11/04/2013 04:39 PM, Pavel Brezina wrote: - Original Message - From: Sumit Bose sb...@redhat.com To: sssd-devel@lists.fedorahosted.org Sent: Monday, November 4, 2013 3:03:04 PM Subject: Re: [SSSD] [PATCHES] idmap

Re: [SSSD] [PATCH] Initialize sid_str to NULL to avoid freeing random data

2013-11-07 Thread Sumit Bose
On Thu, Nov 07, 2013 at 12:02:12PM +0100, Jakub Hrozek wrote: See attached patch. ACK bye, Sumit ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Re: [SSSD] German po4a translation

2013-11-08 Thread Sumit Bose
On Fri, Nov 08, 2013 at 10:32:04AM +0100, Chris Leick wrote: Hi, please find attached the german po4a translation of sssd. While translating, I've found some bugs in the english text. They are marked in the po file with »FIXME«. Thanks a lot for this contribution. I've found a few minor

[SSSD] [PATCH] Replace prog_DEPENDENCIES with EXTRA_prog_DEPENDENCIES

2013-11-08 Thread Sumit Bose
/manual/html_node/Linking.html for further details. bye, Sumit From a2b6c827cdf83372324081f0a63f02ca89fc990a Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Fri, 8 Nov 2013 14:51:34 +0100 Subject: [PATCH] Replace prog_DEPENDENCIES with EXTRA_prog_DEPENDENCIES Automake computes build

Re: [SSSD] [PATCH] Replace prog_DEPENDENCIES with EXTRA_prog_DEPENDENCIES

2013-11-11 Thread Sumit Bose
On Mon, Nov 11, 2013 at 09:24:17AM +0100, Lukas Slebodnik wrote: On (08/11/13 15:01), Sumit Bose wrote: Hi, I was fighting with some failing unit tests until I discovered that some build dependencies were not re-compiled although I've modified them. After some further digging I came across

Re: [SSSD] [PATCHES] Sig handlers cleanups

2013-11-11 Thread Sumit Bose
On Mon, Nov 11, 2013 at 08:56:12AM -0500, Simo Sorce wrote: On Mon, 2013-11-11 at 09:20 +0100, Sumit Bose wrote: On Sat, Nov 09, 2013 at 04:26:36PM -0500, Simo Sorce wrote: While checking if our custom signal handlers properly handle errno, I stumbled on a few cleanups, they are attached

Re: [SSSD] [PATCHES] nss: check for Well-Known SIDs in SID based requests

2013-11-11 Thread Sumit Bose
On Mon, Nov 11, 2013 at 10:41:46AM -0500, Simo Sorce wrote: On Mon, 2013-11-11 at 15:01 +0100, Sumit Bose wrote: Hi, with the patch set SSSD can resolve so called Well-Known SID, i.e. SIDs with a special, hard-coded meaning. Currently a man page entry for this feature is missing. I

Re: [SSSD] [PATCHES] nss: check for Well-Known SIDs in SID based requests

2013-11-11 Thread Sumit Bose
On Mon, Nov 11, 2013 at 10:03:11PM +0100, Sumit Bose wrote: On Mon, Nov 11, 2013 at 10:41:46AM -0500, Simo Sorce wrote: On Mon, 2013-11-11 at 15:01 +0100, Sumit Bose wrote: Hi, with the patch set SSSD can resolve so called Well-Known SID, i.e. SIDs with a special, hard-coded

Re: [SSSD] [PATCH] pac: fix double free

2013-11-12 Thread Sumit Bose
On Mon, Nov 11, 2013 at 12:50:54PM +0100, Pavel Březina wrote: From f9f6e1ce452f9dc507c4779e6ff74aea412e9457 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= pbrez...@redhat.com Date: Mon, 11 Nov 2013 12:47:53 +0100 Subject: [PATCH] pac: fix double free ---

Re: [SSSD] [PATCHES] Sig handlers cleanups

2013-11-12 Thread Sumit Bose
On Mon, Nov 11, 2013 at 02:37:39PM -0500, Simo Sorce wrote: On Mon, 2013-11-11 at 17:33 +0100, Sumit Bose wrote: On Mon, Nov 11, 2013 at 08:56:12AM -0500, Simo Sorce wrote: On Mon, 2013-11-11 at 09:20 +0100, Sumit Bose wrote: On Sat, Nov 09, 2013 at 04:26:36PM -0500, Simo Sorce wrote

Re: [SSSD] [PATCH] Build cifs plugin depending on the existence of cifsidmap.h

2013-11-12 Thread Sumit Bose
On Mon, Nov 11, 2013 at 05:29:17PM +0100, Lukas Slebodnik wrote: On (04/11/13 10:36), Simo Sorce wrote: On Mon, 2013-11-04 at 16:21 +0100, Sumit Bose wrote: On Mon, Nov 04, 2013 at 12:05:15PM +0100, Lukas Slebodnik wrote: On (01/11/13 18:41), Sumit Bose wrote: Hi, with this patch

Re: [SSSD] [PATCHES] Sig handlers cleanups

2013-11-12 Thread Sumit Bose
On Tue, Nov 12, 2013 at 10:45:48AM +0100, Jakub Hrozek wrote: On Tue, Nov 12, 2013 at 10:27:48AM +0100, Sumit Bose wrote: On Mon, Nov 11, 2013 at 02:37:39PM -0500, Simo Sorce wrote: On Mon, 2013-11-11 at 17:33 +0100, Sumit Bose wrote: On Mon, Nov 11, 2013 at 08:56:12AM -0500, Simo Sorce

Re: [SSSD] [PATCHES] nss: check for Well-Known SIDs in SID based requests

2013-11-12 Thread Sumit Bose
On Tue, Nov 12, 2013 at 10:41:16AM +0100, Jakub Hrozek wrote: On Mon, Nov 11, 2013 at 06:28:33PM -0500, Simo Sorce wrote: On Mon, 2013-11-11 at 22:03 +0100, Sumit Bose wrote: On Mon, Nov 11, 2013 at 10:41:46AM -0500, Simo Sorce wrote: Why should we reserve these names ? These SID

Re: [SSSD] [PATCH] PAC: Free config attribute when it's processed

2013-11-12 Thread Sumit Bose
On Tue, Nov 12, 2013 at 01:40:50PM +0100, Jakub Hrozek wrote: We kept the string form of the PAC UID list allocated on top responder context for no reason. ACK bye, Sumit ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org

Re: [SSSD] [PATCH] pac: fix double free

2013-11-13 Thread Sumit Bose
On Tue, Nov 12, 2013 at 01:42:32PM +0100, Pavel Březina wrote: On 11/12/2013 10:03 AM, Sumit Bose wrote: On Mon, Nov 11, 2013 at 12:50:54PM +0100, Pavel Březina wrote: From f9f6e1ce452f9dc507c4779e6ff74aea412e9457 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= pbrez

Re: [SSSD] [PATCHES] nss: check for Well-Known SIDs in SID based requests

2013-11-15 Thread Sumit Bose
On Fri, Nov 15, 2013 at 05:47:08PM +0100, Jakub Hrozek wrote: On Wed, Nov 13, 2013 at 01:12:02PM +0100, Sumit Bose wrote: On Mon, Nov 11, 2013 at 06:28:33PM -0500, Simo Sorce wrote: On Mon, 2013-11-11 at 22:03 +0100, Sumit Bose wrote: On Mon, Nov 11, 2013 at 10:41:46AM -0500, Simo Sorce

Re: [SSSD] [PATCH] LDAP: Initialize user count for AD matching rule

2013-11-18 Thread Sumit Bose
On Mon, Nov 18, 2013 at 04:44:46PM +0100, Jakub Hrozek wrote: A RHEL customer was hitting this issue. To reproduce, just enable the matching rule and request an empty group. ACK. But I think the main problem is that we are a bit inconsistent handling ENOENT and the return values. If haven't

Re: [SSSD] [PATCH] pac: fix double free

2013-11-19 Thread Sumit Bose
On Fri, Nov 15, 2013 at 01:45:15PM +0100, Pavel Březina wrote: On 11/13/2013 11:43 AM, Sumit Bose wrote: On Tue, Nov 12, 2013 at 01:42:32PM +0100, Pavel Březina wrote: On 11/12/2013 10:03 AM, Sumit Bose wrote: On Mon, Nov 11, 2013 at 12:50:54PM +0100, Pavel Březina wrote: From

Re: [SSSD] [PATCH] pac: fix double free

2013-11-21 Thread Sumit Bose
On Wed, Nov 20, 2013 at 02:11:42PM +0100, Pavel Březina wrote: On 11/19/2013 10:38 AM, Sumit Bose wrote: On Fri, Nov 15, 2013 at 01:45:15PM +0100, Pavel Březina wrote: On 11/13/2013 11:43 AM, Sumit Bose wrote: On Tue, Nov 12, 2013 at 01:42:32PM +0100, Pavel Březina wrote: On 11/12/2013 10:03

[SSSD] [PATCHES] Fixes for sss_cache

2013-11-26 Thread Sumit Bose
environment can test them for the other object types as well. bye, Sumit From ad4fd97a4aa9460f7958d0e49d82c8a899f92a52 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Mon, 25 Nov 2013 17:54:06 +0100 Subject: [PATCH 1/2] sss_cache: initialize names member of sss_domain_info sss_tc_fqname

Re: [SSSD] kerberos problems with 2008R2 AD

2013-11-28 Thread Sumit Bose
On Thu, Nov 28, 2013 at 08:54:40AM +, greg.lehm...@csiro.au wrote: Hi All, I'm after some help tracking this problem down. I am seeing this from a few different OSes all with the same AD realm: CentOS 6.4, SLES 11SP3 and opensuse 13.1 all of which run sssd 1.9.x and SLES

Re: [SSSD] [PATCH] KRB5: Go offline in case of clock skew

2013-11-29 Thread Sumit Bose
On Thu, Nov 28, 2013 at 04:40:04PM +0100, Jakub Hrozek wrote: Hi, while testing the offline subdomain logins, I found out that clock skew (which is still an issue in trusted environments even after the recent MIT Kerberos changes) results in System Error. The attached patch simply treats

Re: [SSSD] [PATCH] SUBDOMAINS: Reuse cached results if DP is offline

2013-11-29 Thread Sumit Bose
On Thu, Nov 28, 2013 at 04:02:21PM +0100, Jakub Hrozek wrote: Please see the simple attached patch. To reproduce, start sssd in offline mode and attempt to authenticate as subdomain user. The patch is working as expected. I wonder if it would be better to call sysdb_update_subdomains() during

[SSSD] [RFC] How to fix #2148 Individual group search returned multiple results in GC lookups

2013-12-02 Thread Sumit Bose
Hi, I have two ideas how to fix #2148 Individual group search returned multiple results in GC lookups. First a short summary of the issue. In an AD forest where domain have hierarchical DNS name, e.g. example.com, child.example.com, grandchild.example.com, a global catalog search for the group

Re: [SSSD] [RFC] How to fix #2148 Individual group search returned multiple results in GC lookups

2013-12-02 Thread Sumit Bose
On Mon, Dec 02, 2013 at 01:24:53PM +0100, Jakub Hrozek wrote: On Mon, Dec 02, 2013 at 01:06:12PM +0100, Sumit Bose wrote: Hi, I have two ideas how to fix #2148 Individual group search returned multiple results in GC lookups. First a short summary of the issue. In an AD forest where

Re: [SSSD] [PATCHES] Fixes for sss_cache

2013-12-04 Thread Sumit Bose
On Tue, Dec 03, 2013 at 02:01:27PM +0100, Jakub Hrozek wrote: On Thu, Nov 28, 2013 at 05:55:44PM +0100, Sumit Bose wrote: On Wed, Nov 27, 2013 at 02:50:35PM +0100, Jakub Hrozek wrote: On Tue, Nov 26, 2013 at 11:51:41AM +0100, Sumit Bose wrote: Hi, Steeve found some issues when

Re: [SSSD] [PATCH] SUBDOMAINS: Reuse cached results if DP is offline

2013-12-04 Thread Sumit Bose
On Tue, Dec 03, 2013 at 03:49:56PM +0100, Jakub Hrozek wrote: On Fri, Nov 29, 2013 at 12:11:03PM +0100, Jakub Hrozek wrote: On Fri, Nov 29, 2013 at 12:06:37PM +0100, Sumit Bose wrote: On Thu, Nov 28, 2013 at 04:02:21PM +0100, Jakub Hrozek wrote: Please see the simple attached patch

Re: [SSSD] [PATCHES] Fixes for sss_cache

2013-12-04 Thread Sumit Bose
On Wed, Dec 04, 2013 at 05:22:06PM +0100, Jakub Hrozek wrote: On Wed, Dec 04, 2013 at 10:42:52AM +0100, Sumit Bose wrote: On Tue, Dec 03, 2013 at 02:01:27PM +0100, Jakub Hrozek wrote: On Thu, Nov 28, 2013 at 05:55:44PM +0100, Sumit Bose wrote: On Wed, Nov 27, 2013 at 02:50:35PM +0100

[SSSD] [PATCH] rfc2307bis_nested_groups_send: reuse search base

2013-12-05 Thread Sumit Bose
17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Thu, 5 Dec 2013 13:26:39 +0100 Subject: [PATCH] rfc2307bis_nested_groups_send: reuse search base If there are multiple members in the sdom list, always the search base of the first entry were used. --- src/providers/ldap

Re: [SSSD] [PATCH] SUBDOMAINS: Reuse cached results if DP is offline

2013-12-05 Thread Sumit Bose
On Thu, Dec 05, 2013 at 02:09:05PM +0100, Jakub Hrozek wrote: On Wed, Dec 04, 2013 at 05:25:48PM +0100, Sumit Bose wrote: On Tue, Dec 03, 2013 at 03:49:56PM +0100, Jakub Hrozek wrote: On Fri, Nov 29, 2013 at 12:11:03PM +0100, Jakub Hrozek wrote: On Fri, Nov 29, 2013 at 12:06:37PM +0100

Re: [SSSD] [PATCH] SUBDOMAINS: Reuse cached results if DP is offline

2013-12-05 Thread Sumit Bose
On Thu, Dec 05, 2013 at 02:14:59PM +0100, Jakub Hrozek wrote: On Thu, Dec 05, 2013 at 02:14:11PM +0100, Jakub Hrozek wrote: On Thu, Dec 05, 2013 at 02:09:05PM +0100, Jakub Hrozek wrote: On Wed, Dec 04, 2013 at 05:25:48PM +0100, Sumit Bose wrote: On Tue, Dec 03, 2013 at 03:49:56PM +0100

Re: [SSSD] AUTOTOOLS: krb5 1.12 is also supported krb5 libs

2013-12-10 Thread Sumit Bose
On Tue, Dec 10, 2013 at 02:44:37PM +0100, Lukas Slebodnik wrote: ehlo, krb5-1.12-beta2 was released few days ago. pac responder was not properly detected with krb5 1.12 library, because it was not recognized as supported. The simple patch is attached. LS ACK Just for your

Re: [SSSD] AUTOTOOLS: krb5 1.12 is also supported krb5 libs

2013-12-10 Thread Sumit Bose
On Tue, Dec 10, 2013 at 02:55:24PM +0100, Jakub Hrozek wrote: On Tue, Dec 10, 2013 at 02:44:37PM +0100, Lukas Slebodnik wrote: ehlo, krb5-1.12-beta2 was released few days ago. pac responder was not properly detected with krb5 1.12 library, because it was not recognized as supported.

Re: [SSSD] AUTOTOOLS: krb5 1.12 is also supported krb5 libs

2013-12-10 Thread Sumit Bose
On Tue, Dec 10, 2013 at 04:20:19PM +0100, Jakub Hrozek wrote: On Tue, Dec 10, 2013 at 03:01:59PM +0100, Sumit Bose wrote: On Tue, Dec 10, 2013 at 02:55:24PM +0100, Jakub Hrozek wrote: On Tue, Dec 10, 2013 at 02:44:37PM +0100, Lukas Slebodnik wrote: ehlo, krb5-1.12-beta2

Re: [SSSD] [PATCHES] ad: use tokengroups even when id mapping is disabled

2013-12-10 Thread Sumit Bose
On Wed, Nov 20, 2013 at 02:41:49PM +0100, Pavel Březina wrote: On 11/19/2013 11:52 AM, Jakub Hrozek wrote: On Fri, Nov 15, 2013 at 12:22:53PM +0100, Pavel Březina wrote: https://fedorahosted.org/sssd/ticket/1568 From b66343b207679cbbbdb5d4a54a7f465fbf2ec97f Mon Sep 17 00:00:00 2001 From:

[SSSD] [PATCH] AD: use LDAP for group lookups

2013-12-11 Thread Sumit Bose
09f69a209548102d00f484f0665ffcb810d5722c Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Mon, 9 Dec 2013 11:45:28 +0100 Subject: [PATCH] AD: use LDAP for group lookups The group memberships cannot be reliable retrieved from the Global Catalog. By default the memberOf attribute

Re: [SSSD] [PATCHES] ad: use tokengroups even when id mapping is disabled

2013-12-12 Thread Sumit Bose
On Thu, Dec 12, 2013 at 11:46:01AM +0100, Pavel Březina wrote: On 12/10/2013 04:59 PM, Sumit Bose wrote: On Wed, Nov 20, 2013 at 02:41:49PM +0100, Pavel Březina wrote: On 11/19/2013 11:52 AM, Jakub Hrozek wrote: On Fri, Nov 15, 2013 at 12:22:53PM +0100, Pavel Březina wrote: https

Re: [SSSD] [PATCH] AD: use LDAP for group lookups

2013-12-12 Thread Sumit Bose
On Thu, Dec 12, 2013 at 09:57:38PM +0100, Jakub Hrozek wrote: On Wed, Dec 11, 2013 at 03:12:13PM +0100, Sumit Bose wrote: Hi, this patch should fix the issues related to group-memberships in the AD provider. The aim was to fix https://fedorahosted.org/sssd/ticket/2161 but since now

Re: [SSSD] [PATCH] AD: Always refresh LDAP subdomain list

2013-12-16 Thread Sumit Bose
On Sat, Dec 14, 2013 at 10:18:32PM +0100, Jakub Hrozek wrote: Hi, I found this bug when testing the GC patches. Previously, when SSSD was started, but subdomains list was up-to-date, the ad_ctx was not initialized for the subdomain. I was also thinking whether we should re-initialize the

Re: [SSSD] [PATCHES] Fixes for sss_cache

2013-12-16 Thread Sumit Bose
On Thu, Dec 05, 2013 at 01:56:41PM +0100, Jakub Hrozek wrote: On Wed, Dec 04, 2013 at 05:56:30PM +0100, Sumit Bose wrote: On Wed, Dec 04, 2013 at 05:22:06PM +0100, Jakub Hrozek wrote: On Wed, Dec 04, 2013 at 10:42:52AM +0100, Sumit Bose wrote: On Tue, Dec 03, 2013 at 02:01:27PM +0100

Re: [SSSD] [PATCH] AD: Always refresh LDAP subdomain list

2013-12-16 Thread Sumit Bose
On Mon, Dec 16, 2013 at 07:05:16PM +0100, Jakub Hrozek wrote: On Mon, Dec 16, 2013 at 07:03:11PM +0100, Jakub Hrozek wrote: On Mon, Dec 16, 2013 at 12:04:44PM +0100, Sumit Bose wrote: On Sat, Dec 14, 2013 at 10:18:32PM +0100, Jakub Hrozek wrote: Hi, I found this bug when testing

Re: [SSSD] [PATCH] AD: Always refresh LDAP subdomain list

2013-12-18 Thread Sumit Bose
On Tue, Dec 17, 2013 at 05:34:44PM +0100, Jakub Hrozek wrote: On Tue, Dec 17, 2013 at 05:02:07PM +0100, Jakub Hrozek wrote: On Mon, Dec 16, 2013 at 10:09:58PM +0100, Sumit Bose wrote: On Mon, Dec 16, 2013 at 07:05:16PM +0100, Jakub Hrozek wrote: On Mon, Dec 16, 2013 at 07:03:11PM +0100

Re: [SSSD] [PATCH] IPA: Call ipa_ad_subdom_refresh when server mode is initialized

2013-12-18 Thread Sumit Bose
On Wed, Dec 18, 2013 at 06:17:50PM +0100, Jakub Hrozek wrote: Hi, I'm sorry, but I broke the IPA server mode with my previous patch :-( ipa_ad_subdom_refresh was called before IPA server context was initialized. On IPA server, this caused the code to dereference a NULL pointer and crash.

Re: [SSSD] [PATCHES] Fixes for sss_cache

2013-12-18 Thread Sumit Bose
On Wed, Dec 18, 2013 at 03:30:41PM +0100, Jakub Hrozek wrote: On Mon, Dec 16, 2013 at 03:49:01PM +0100, Sumit Bose wrote: On Thu, Dec 05, 2013 at 01:56:41PM +0100, Jakub Hrozek wrote: On Wed, Dec 04, 2013 at 05:56:30PM +0100, Sumit Bose wrote: On Wed, Dec 04, 2013 at 05:22:06PM +0100

Re: [SSSD] [PATCHES] Fixes for sss_cache

2013-12-19 Thread Sumit Bose
://lists.fedorahosted.org/mailman/listinfo/sssd-devel From 9ec215c6a84e7fdc2e3df4c92e7b6ed7db118742 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Mon, 25 Nov 2013 17:54:06 +0100 Subject: [PATCH 1/5] sss_cache: initialize names member of sss_domain_info sss_tc_fqname() called

Re: [SSSD] [PATCH] Add an option to disable GC lookups

2013-12-19 Thread Sumit Bose
On Thu, Dec 19, 2013 at 11:10:08AM +0100, Jakub Hrozek wrote: On Sat, Dec 14, 2013 at 10:15:14PM +0100, Jakub Hrozek wrote: Hi, we're debating what is the right approach to GC lookups by default, but for the 1.11.3 release, we should offer an option to fall back from GC to LDAP. The

Re: [SSSD] forest attribute in AD domains

2013-12-19 Thread Sumit Bose
On Tue, Dec 17, 2013 at 08:02:58PM +0100, Pavel Reichl wrote: Hello, please see attached patch fixing missing attribute forest for AD domains. the patch looks good, but you only set the forest for the configured domain (the domain the client is joined to) but not for all other domains in

[SSSD] IPA: fix for recent AD group membership changes

2014-01-07 Thread Sumit Bose
Hi, some of the recent changes to the AD group membership lookups broke those lookups for the IPA server mode. This patch should fix it. bye, Sumit From 48afb0dd8bff534c1867e7f767e563fe97402db4 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Tue, 7 Jan 2014 13:04:58 +0100

Re: [SSSD] forest attribute in AD domains

2014-01-08 Thread Sumit Bose
On Thu, Dec 19, 2013 at 09:10:59PM +0100, Pavel Reichl wrote: On Thu, 2013-12-19 at 13:54 +0100, Sumit Bose wrote: On Tue, Dec 17, 2013 at 08:02:58PM +0100, Pavel Reichl wrote: Hello, please see attached patch fixing missing attribute forest for AD domains. the patch looks

Re: [SSSD] [PATCH] LDAP: Add a new error code for malformed access control filter

2014-01-09 Thread Sumit Bose
On Wed, Jan 08, 2014 at 05:55:35PM +0100, Jakub Hrozek wrote: Hi, the attached patch solves https://fedorahosted.org/sssd/ticket/2164 by special casing an openldap return code. One drawback of the patch is that if the new return code bubbles all the way up, calls to strerror (as opposed

Re: [SSSD] [PATCH] LDAP: Add a new error code for malformed access control filter

2014-01-09 Thread Sumit Bose
On Thu, Jan 09, 2014 at 10:50:36AM +0100, Jakub Hrozek wrote: On Thu, Jan 09, 2014 at 10:39:25AM +0100, Sumit Bose wrote: On Wed, Jan 08, 2014 at 05:55:35PM +0100, Jakub Hrozek wrote: Hi, the attached patch solves https://fedorahosted.org/sssd/ticket/2164 by special casing

Re: [SSSD] [PATCHES] MAN: Describe change in idmapping with ldap provider

2014-01-09 Thread Sumit Bose
On Tue, Dec 17, 2013 at 05:18:38PM +0100, Lukas Slebodnik wrote: ehlo, attached patches address ticket #2172 I think you meant #2175? LS From e9bc3fa6bd52afc5108e79182f32bb26d2843609 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik lsleb...@redhat.com Date: Fri, 13 Dec 2013 15:33:23

Re: [SSSD] [PATCHES] MAN: Describe change in idmapping with ldap provider

2014-01-09 Thread Sumit Bose
On Thu, Jan 09, 2014 at 06:01:21PM +0100, Lukas Slebodnik wrote: On (09/01/14 14:10), Sumit Bose wrote: On Tue, Dec 17, 2013 at 05:18:38PM +0100, Lukas Slebodnik wrote: ehlo, attached patches address ticket #2172 I think you meant #2175? I meant #2172. LS From

Re: [SSSD] [PATCH] Connect to GC during enumeration

2014-01-10 Thread Sumit Bose
On Tue, Dec 17, 2013 at 09:00:25PM +0100, Jakub Hrozek wrote: Hi, the attached patches address ticket https://fedorahosted.org/sssd/ticket/2142 There are some things I'm still not satisfied with and one of them is refreshing subdomains. Currently the subdomain refresh happens after

Re: [SSSD] [PATCH] Connect to GC during enumeration

2014-01-10 Thread Sumit Bose
On Fri, Jan 10, 2014 at 02:35:12PM +0100, Jakub Hrozek wrote: On Fri, Jan 10, 2014 at 12:59:05PM +0100, Sumit Bose wrote: On Tue, Dec 17, 2013 at 09:00:25PM +0100, Jakub Hrozek wrote: Hi, the attached patches address ticket https://fedorahosted.org/sssd/ticket/2142

Re: [SSSD] sssd not setting IPA AD trusted user homedir

2014-01-15 Thread Sumit Bose
On Wed, Jan 15, 2014 at 04:10:09PM +0100, Pavel Reichl wrote: Hello, please see attached patch. PR I'm quite confident that the patch works as expected, but I think it is a bit too strong. The ticket only asks to do this for the IPA server running in ipa-server-mode. Your patch will

Re: [SSSD] sssd not setting IPA AD trusted user homedir

2014-01-15 Thread Sumit Bose
On Wed, Jan 15, 2014 at 05:05:05PM +0100, Jakub Hrozek wrote: On Wed, Jan 15, 2014 at 04:51:11PM +0100, Sumit Bose wrote: On Wed, Jan 15, 2014 at 04:10:09PM +0100, Pavel Reichl wrote: Hello, please see attached patch. PR I'm quite confident that the patch works as expected

Re: [SSSD] sssd not setting IPA AD trusted user homedir

2014-01-17 Thread Sumit Bose
On Fri, Jan 17, 2014 at 12:04:38PM +0100, Jakub Hrozek wrote: On Fri, Jan 17, 2014 at 11:55:08AM +0100, Pavel Reichl wrote: We just have to remember to touch this code, if we start to support home directories defined in AD. I'm sorry that I failed to see what you were implying.

Re: [SSSD] sssd not setting IPA AD trusted user homedir

2014-01-17 Thread Sumit Bose
On Fri, Jan 17, 2014 at 12:56:09PM +0100, Jakub Hrozek wrote: On Fri, Jan 17, 2014 at 12:43:04PM +0100, Sumit Bose wrote: On Fri, Jan 17, 2014 at 12:04:38PM +0100, Jakub Hrozek wrote: On Fri, Jan 17, 2014 at 11:55:08AM +0100, Pavel Reichl wrote: We just have to remember to touch

Re: [SSSD] [PATCH] MAN: Fix a typo

2014-01-20 Thread Sumit Bose
On Mon, Jan 20, 2014 at 05:07:32PM +0100, Jakub Hrozek wrote: I found this small typo in man page when working on another bugzilla. ACK bye, Sumit ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org

Re: [SSSD] [PATCHES] MAN: Describe change in idmapping with ldap provider

2014-01-20 Thread Sumit Bose
On Wed, Jan 15, 2014 at 03:51:05PM +0100, Lukas Slebodnik wrote: On (09/01/14 18:58), Sumit Bose wrote: On Thu, Jan 09, 2014 at 06:01:21PM +0100, Lukas Slebodnik wrote: On (09/01/14 14:10), Sumit Bose wrote: On Tue, Dec 17, 2013 at 05:18:38PM +0100, Lukas Slebodnik wrote: ehlo

Re: [SSSD] sssd and rpc

2014-01-22 Thread Sumit Bose
On Tue, Jan 21, 2014 at 07:08:55PM -0500, Yassir Elley wrote: It seems that the only network protocols used by SSSD are LDAP, KRB5, and DNS. On the other hand, Samba makes RPC calls all over the place (for authentication, etc). * Does sssd make any RPC calls (e.g. when interacting with a

Re: [SSSD] [PATCH] LDAP: Don't abort request if no id mapping domain matches

2014-01-24 Thread Sumit Bose
On Fri, Jan 24, 2014 at 10:53:02AM +0100, Jakub Hrozek wrote: Hi, During further testing, Kaushik found out that requesting an ID that doesn't match any configured ID mapping domain still emits strange error messages: (Wed Jan 22 11:35:58 2014) [sssd[be[sssdad2012.com]]]

Re: [SSSD] [PATCH] LDAP: Don't abort request if no id mapping domain matches

2014-01-24 Thread Sumit Bose
On Fri, Jan 24, 2014 at 10:53:02AM +0100, Jakub Hrozek wrote: Hi, During further testing, Kaushik found out that requesting an ID that doesn't match any configured ID mapping domain still emits strange error messages: (Wed Jan 22 11:35:58 2014) [sssd[be[sssdad2012.com]]]

Re: [SSSD] [PATCH] LDAP: Don't abort request if no id mapping domain matches

2014-01-24 Thread Sumit Bose
On Fri, Jan 24, 2014 at 01:21:36PM +0100, Jakub Hrozek wrote: On Fri, Jan 24, 2014 at 12:00:13PM +0100, Sumit Bose wrote: ACK. I wonder if you want to fix a copy-and-paste error in the following comment before push the patch? @@ -497,7 +513,19 @@ struct tevent_req *groups_get_send

Re: [SSSD] [PATCH] CLIENT: Remove unused macros

2014-01-24 Thread Sumit Bose
On Tue, Jan 21, 2014 at 11:30:47AM +0100, Lukas Slebodnik wrote: ehlo, I found few unused macros: PAM_SM_AUTH, PAM_SM_ACCOUNT, PAM_SM_SESSION, PAM_SM_PASSWORD. In my opinion, they were proposed for the same purpose as values from enum sss_cli_command (SSS_PAM_AUTHENTICATE,

[SSSD] [PATCH] AD SRV: use right domain name for CLDAP ping

2014-01-24 Thread Sumit Bose
Hi, while testing Jakub's enumeration fixes I came across this. bye, Sumit From 5199aa89f5e856aa390161d142480187d0e4651b Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Fri, 24 Jan 2014 16:52:22 +0100 Subject: [PATCH] AD SRV: use right domain name for CLDAP ping Currently

Re: [SSSD] sssd vs winbind

2014-01-27 Thread Sumit Bose
On Mon, Jan 27, 2014 at 03:49:15PM +, Rowland Penny wrote: Hi, there is a bit of a debate going on over on the samba list, about using sssd or winbind. It is now being said that sssd should not be used on a file server because sssd cannot do what winbind can do. So here are the

Re: [SSSD] sssd vs winbind

2014-01-27 Thread Sumit Bose
On Mon, Jan 27, 2014 at 04:25:26PM +, Rowland Penny wrote: On 27/01/14 16:10, Sumit Bose wrote: On Mon, Jan 27, 2014 at 03:49:15PM +, Rowland Penny wrote: Hi, there is a bit of a debate going on over on the samba list, about using sssd or winbind. It is now being said that sssd should

Re: [SSSD] [PATCH] Connect to GC during enumeration

2014-01-29 Thread Sumit Bose
On Tue, Jan 28, 2014 at 03:34:52PM +0100, Jakub Hrozek wrote: On Tue, Jan 28, 2014 at 11:17:55AM +0100, Sumit Bose wrote: Thank you for the review. A new set of patches is attached. Patches 1, 2, 3 and 5 are looking good. In patch 4 you add ad_enum_subdom_send

Re: [SSSD] [PATCH] LDAP: Detect the presence of POSIX attributes

2014-01-29 Thread Sumit Bose
On Wed, Jan 29, 2014 at 03:39:41PM +0100, Pavel Březina wrote: On 01/27/2014 11:33 PM, Jakub Hrozek wrote: Hi, When the schema is set to AD and ID mapping is used, there is a one-time you wanted to say when ID mapping is *not* used check ran when searching for users to detect the

Re: [SSSD] [PATCH] Connect to GC during enumeration

2014-01-29 Thread Sumit Bose
On Wed, Jan 29, 2014 at 05:20:55PM +0100, Jakub Hrozek wrote: On Wed, Jan 29, 2014 at 04:03:15PM +0100, Sumit Bose wrote: On Wed, Jan 29, 2014 at 02:53:15PM +0100, Jakub Hrozek wrote: On Wed, Jan 29, 2014 at 02:14:38PM +0100, Jakub Hrozek wrote: On Wed, Jan 29, 2014 at 01:33:52PM +0100

Re: [SSSD] [PATCH] Connect to GC during enumeration

2014-01-29 Thread Sumit Bose
On Wed, Jan 29, 2014 at 05:49:03PM +0100, Lukas Slebodnik wrote: On (29/01/14 16:03), Sumit Bose wrote: On Wed, Jan 29, 2014 at 02:53:15PM +0100, Jakub Hrozek wrote: On Wed, Jan 29, 2014 at 02:14:38PM +0100, Jakub Hrozek wrote: On Wed, Jan 29, 2014 at 01:33:52PM +0100, Sumit Bose wrote

Re: [SSSD] [PATCH] LDAP: Detect the presence of POSIX attributes

2014-01-30 Thread Sumit Bose
On Wed, Jan 29, 2014 at 05:11:59PM +0100, Jakub Hrozek wrote: On Wed, Jan 29, 2014 at 03:39:41PM +0100, Pavel Březina wrote: On 01/27/2014 11:33 PM, Jakub Hrozek wrote: Hi, When the schema is set to AD and ID mapping is used, there is a one-time you wanted to say when ID mapping is

Re: [SSSD] [PATCH v1 1/5] NEW CLIENT: plugin for NFSv4 rpc.idmapd

2014-02-03 Thread Sumit Bose
On Mon, Feb 03, 2014 at 09:19:49AM +0100, Lukas Slebodnik wrote: On (02/02/14 11:16), Noam Meltzer wrote: +return 0; +} + +static int sss_nfs_princ_to_ids(char *secname, char *princ, uid_t *uid, +gid_t *gid, extra_mapping_params **ex) +{ +

<    5   6   7   8   9   10   11   12   13   14   >