On (15/04/16 16:39), Sumit Bose wrote: >On Thu, Apr 14, 2016 at 04:30:24PM +0200, Lukas Slebodnik wrote: > >... > >> >> >From 62a3c79d7923dceb2c92c1b2d31388afd744a8ac Mon Sep 17 00:00:00 2001 >> >From: Sumit Bose <sb...@redhat.com> >> >Date: Wed, 10 Feb 2016 14:59:06 +0100 >> >Subject: [PATCH 4/8] AD: process PAC during initgroups request >> > >> >If there is a recently attached PAC blob in the cached user entry the >> >PAC data is used to update the group memberships data of the user. If >> >there is no PAC attached or if it is too old the other configured >> >methods will be used. >> >--- >> > Makefile.am | 20 ++ >> > src/providers/ad/ad_id.c | 52 ++- >> > src/providers/ad/ad_pac.c | 666 >> > ++++++++++++++++++++++++++++++++++++++ >> > src/providers/ad/ad_pac.h | 82 +++++ >> > src/providers/ad/ad_pac_common.c | 86 +++++ >> > src/tests/cmocka/test_ad_common.c | 346 +++++++++++++++++++- >> > 6 files changed, 1243 insertions(+), 9 deletions(-) >> > create mode 100644 src/providers/ad/ad_pac.c >> > create mode 100644 src/providers/ad/ad_pac.h >> > create mode 100644 src/providers/ad/ad_pac_common.c >> > >> I assume (I didn't try to bisect) this patch broke a build >> with disabled pac responder and missing header file gen_ndr/krb5pac.h > >The attached patch should fix it in the sense that already configure >will fail if the NDR krb5pac library is not available. To proceed in >this case either --with-samba=no can be used which will basically >disable the build of the IPA and AD provider and the PAC responder. Or >on platforms like Debian and S.u.S.E where the different NDR libraries >are in separate packages the related libndr-krb5pac-devel can be >installed. > Thank you very much for finding this package. My zypper skills were not ehough to find this build dependency. I tried "zypper what-provides */ndr_krb5pac.h" but it was not enough because it did not search in content of packages.
I could try to find pkg config file zypper search --provides "pkgconfig(ndr_krb5pac)" becuase I was not able to find equivalent of dnf provides */ndr_krb5pac.h How did you find it? >This follows the logic we already use for the NDR NBT library we use to >parse the CLDAP response in the AD provider. And since the PAC >processing code is now in the AD provider as well I think NDR krb5pac >should be handled the same way. > It looks like ther isn't any problem with this build dependency in opensuse. https://build.opensuse.org/request/show/390555 >While testing with --with-samba=no I found that some tests cannot be >build in the case as well. Since they are related to the AD and IPA >provider which are not build as well the patch just skip them in this >case. Please let me know if you think that this is not a good idea. Then >I can try to make the tests still buildable with some #ifdef in the >code. > I'm fine with running some tests only with samba. It does not worth to complicate tests with "#ifdef-s" I will review patch later after CI results and additional testing. LS _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
