[SSSD] [sssd PR#454][+Changes requested] TESTS: Order list of entries in some lists

[fidencio]

  URL: https://github.com/SSSD/sssd/pull/454
Title: #454: TESTS: Order list of entries in some lists

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#454][comment] TESTS: Order list of entries in some lists

[fidencio]

  URL: https://github.com/SSSD/sssd/pull/454
Title: #454: TESTS: Order list of entries in some lists

fidencio commented:
"""
@mzidek-rh, please, also revert 44bc6e8f49ee in the next iteration of this PR.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/454#issuecomment-345075914
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#451][closed] BUILD: Disable tests with know failures

[jhrozek]

   URL: https://github.com/SSSD/sssd/pull/451
Author: lslebodn
 Title: #451: BUILD: Disable tests with know failures
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/451/head:pr451
git checkout pr451
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#451][+Pushed] BUILD: Disable tests with know failures

[jhrozek]

  URL: https://github.com/SSSD/sssd/pull/451
Title: #451: BUILD: Disable tests with know failures

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#451][comment] BUILD: Disable tests with know failures

[jhrozek]

  URL: https://github.com/SSSD/sssd/pull/451
Title: #451: BUILD: Disable tests with know failures

jhrozek commented:
"""
* master: .44bc6e8f49eec9e7ab9a952845bffcc0fd3b3a44
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/451#issuecomment-345060225
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#451][+Accepted] BUILD: Disable tests with know failures

[fidencio]

  URL: https://github.com/SSSD/sssd/pull/451
Title: #451: BUILD: Disable tests with know failures

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#451][comment] BUILD: Disable tests with know failures

[fidencio]

  URL: https://github.com/SSSD/sssd/pull/451
Title: #451: BUILD: Disable tests with know failures

fidencio commented:
"""
Unfortunately, as PR #454 is not passing our CI and also has some comments to 
be addressed (which most likely won't happen till next week), let's have this 
PR merged ASAP and unblock non-SSSD developers who depend on us.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/451#issuecomment-345045723
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#454][comment] TESTS: Order list of entries in some lists

[lslebodn]

  URL: https://github.com/SSSD/sssd/pull/454
Title: #454: TESTS: Order list of entries in some lists

lslebodn commented:
"""
On (16/11/17 17:12), mzidek-rh wrote:
>Some tests started to fail becuase we depended on specific
>order users in groups or messages in ldb results to be
>returned and that order changed.
>
>This patch adds a simple helper functions into these tests
>that order the entries before comparison with expected results.
>more deterministic.
>

Is there any reason why need custom implementation of sorting
if there is `qsort` available in `stdlib.h`?

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/454#issuecomment-345034514
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#451][comment] BUILD: Disable tests with know failures

[mzidek-rh]

  URL: https://github.com/SSSD/sssd/pull/451
Title: #451: BUILD: Disable tests with know failures

mzidek-rh commented:
"""
Here is the PR:
https://github.com/SSSD/sssd/pull/454
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/451#issuecomment-344992710
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#454][opened] TESTS: Order list of entries in some lists

[mzidek-rh]

   URL: https://github.com/SSSD/sssd/pull/454
Author: mzidek-rh
 Title: #454: TESTS: Order list of entries in some lists
Action: opened

PR body:
"""
Some tests started to fail becuase we depended on specific
order users in groups or messages in ldb results to be
returned and that order changed.

This patch adds a simple helper functions into these tests
that order the entries before comparison with expected results.
more deterministic.

Resolves:
https://pagure.io/SSSD/sssd/issue/3563
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/454/head:pr454
git checkout pr454
From 108c0a8b5cf61622344ae1e0767086d7149f7fad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= 
Date: Mon, 13 Nov 2017 16:15:21 +0100
Subject: [PATCH] TESTS: Order list of entries in some lists

Some tests started to fail becuase we depended on specific
order users in groups or messages in ldb results to be
returned and that order changed.

This patch adds a simple helper functions into these tests
that order the entries before comparison with expected results.
more deterministic.

Resolves:
https://pagure.io/SSSD/sssd/issue/3563
---
 src/tests/cmocka/test_nss_srv.c | 31 +++
 src/tests/cmocka/test_sysdb_views.c | 49 +
 2 files changed, 75 insertions(+), 5 deletions(-)

diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
index 6aa726153..3ccbd3907 100644
--- a/src/tests/cmocka/test_nss_srv.c
+++ b/src/tests/cmocka/test_nss_srv.c
@@ -585,6 +585,34 @@ static errno_t delete_group(struct nss_test_ctx *ctx,
 return ret;
 }
 
+static void order_string_array(char **_list, int size)
+{
+char **pos1 = NULL;
+char **pos2 = NULL;
+char *tmp = NULL;
+int rounds;
+int rounds2;
+
+if (_list == NULL || *_list == NULL || size < 2) {
+/* Nothing to do */
+return;
+}
+
+/* The point is to have deterministic order of the
+ * strings. strcmp is used for comparisons */
+for (rounds = 0; rounds != size - 1; rounds++) {
+for (pos1 = _list, pos2 = _list + 1, rounds2 = rounds;
+ rounds2 != size - 1;
+ pos1++, pos2++, rounds2++) {
+if (strcmp(*pos1, *pos2) > 0) {
+tmp = *pos1;
+*pos1 = *pos2;
+*pos2 = tmp;
+}
+}
+}
+}
+
 static void assert_groups_equal(struct group *expected,
 struct group *gr, const int nmem)
 {
@@ -594,6 +622,9 @@ static void assert_groups_equal(struct group *expected,
 assert_string_equal(gr->gr_name, expected->gr_name);
 assert_string_equal(gr->gr_passwd, expected->gr_passwd);
 
+order_string_array(gr->gr_mem, nmem);
+order_string_array(expected->gr_mem, nmem);
+
 for (i = 0; i < nmem; i++) {
 assert_string_equal(gr->gr_mem[i], expected->gr_mem[i]);
 }
diff --git a/src/tests/cmocka/test_sysdb_views.c b/src/tests/cmocka/test_sysdb_views.c
index 0378254b4..2176b59fb 100644
--- a/src/tests/cmocka/test_sysdb_views.c
+++ b/src/tests/cmocka/test_sysdb_views.c
@@ -612,6 +612,39 @@ static int test_enum_users_setup(void **state)
 return 0;
 }
 
+/* Make the order of ldb results deterministic */
+static void order_ldb_res_msgs(struct ldb_result *res, const char *key)
+{
+struct ldb_message **pos1 = NULL;
+struct ldb_message **pos2 = NULL;
+struct ldb_message *tmp = NULL;
+const char *str1;
+const char *str2;
+int rounds;
+int rounds2;
+
+if (res == NULL || res->count < 2) {
+/* Nothing to do */
+return;
+}
+
+/* The point is to have deterministic order of the
+ * results. strcmp is used for comparison of key attributes */
+for (rounds = 0; rounds != res->count - 1; rounds++) {
+for (pos1 = >msgs[0], pos2 = >msgs[1], rounds2 = rounds;
+ rounds2 != res->count - 1;
+ pos1++, pos2++, rounds2++) {
+str1 = ldb_msg_find_attr_as_string(*pos1, key, NULL);
+str2 = ldb_msg_find_attr_as_string(*pos2, key, NULL);
+if (strcmp(str1, str2) > 0) {
+tmp = *pos1;
+*pos1 = *pos2;
+*pos2 = tmp;
+}
+}
+}
+}
+
 static void assert_user_attrs(struct ldb_message *msg,
   struct sss_domain_info *dom,
   const char *shortname,
@@ -660,8 +693,9 @@ static void check_enumpwent(int ret, struct sss_domain_info *dom,
 assert_int_equal(ret, EOK);
 assert_int_equal(res->count, N_ELEMENTS(users)-1);
 
-assert_user_attrs(res->msgs[0], dom, "barney", views);
-assert_user_attrs(res->msgs[1], dom, "alice", views);
+order_ldb_res_msgs(res, SYSDB_NAME);
+assert_user_attrs(res->msgs[0], dom, "alice", views);
+assert_user_attrs(res->msgs[1], dom, "barney", views);
 assert_user_attrs(res->msgs[2], dom, 

[SSSD] [sssd PR#139][comment] Initial revision of sssd pytest framework

[mrniranjan]

  URL: https://github.com/SSSD/sssd/pull/139
Title: #139: Initial revision of sssd pytest framework

mrniranjan commented:
"""
+1 from me for team
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/139#issuecomment-344963921
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Design document: Using the Global Catalog to speed up lookups by ID

[Jakub Hrozek]

Hi,

below you can find the design proposal for ticket 
https://pagure.io/SSSD/sssd/issue/3468

I also submitted a Pagure PR:
https://pagure.io/SSSD/docs/pull-request/56

Using the Global Catalog to speed up lookups by ID
==

Related ticket(s):
--
 https://pagure.io/SSSD/sssd/issue/3468

Problem statement
-
When SSSD is connected to a forest with multiple domains, each lookup,
unless qualified with the domain name, iterates over all the domains.
Moreover, some lookups, such as by-ID cannot be qualified using the
NSS interface at all.

This means the SSSD will issue N LDAP searches for N domains. If
the object SSSD is searching for exists in the LDAP database in one of the
domains, the performance impact can be mitigated with the already existing
option ``cache_first``, which will, even for non-qualified searches, first
check if the requested object exists in the local database and if it does,
searches the corresponding domain only.

But this option doesn't solve the problem of looking for objects, especially
numerical IDs, that do not exist in the remote database at all. A search for
such non-existent object will always traverse all the domains every time the
negative cache from a previous request expires.

In environments that use the Global Catalog, this issue can be mitigated
by locating the object's domain in the Global Catalog, provided that the
search key is present in the Global Catalog in the first place.

Use-cases
-
Currently the primary use-case is SSSD joined to an AD forest consisting of
multiple domains and configured with ``id_provider=ad``, because only the AD
provider supports Global Catalog lookups. There are some plans to implement
the Global Catalog e.g. for FreeIPA, but so far no implementation exists.

At the same time, only environment that use POSIX UID and GID attributes set
by the administrator will benefit from this enhancement, becase if the client
maps the IDs algorithmically from the SIDs, the AD provider is already able
to shortcut the by-ID request after computing the SID from the requested
ID and realizing that the domain SID does not come from the current domain.

The current state of Global Catalog support in SSSD
---
The Global Catalog is an LDAP database, which contains a subset of attributes
about objects from all the domains in the whole forest. What attributes
are replicated to the Global Catalog is defined by the `Partial Attribute Set 
`_.
It is possible to query for the attributes
that are replicated to the Global Catalog using an LDAP query based in
the ``cn=schema,cn=configuration`` subtree and check for the presence of
``isMemberOfPartialAttributeSet=TRUE``, for example::

ldapsearch -Y GSSAPI \
   -H ldap://dc.win.trust.test:389 \
   -b cn=schema,cn=configuration,dc=win,dc=trust,dc=test \
   
'(&(objectClass=attributeSchema)(isMemberOfPartialAttributeSet=TRUE))'

It is important to note that because the POSIX attributes such as
``uidNumber`` or ``gidNumber`` are neither part of the default Active
Directory schema, nor replicated to the Global Catalog by default.
To learn how to extend the schema to set the POSIX attributes at all,
follow the `Install Identity Management for UNIX Components 
`_
article on the Microsoft TechNet site. How to extend the Partial Attribute Set
is described for example in the `AD DS: Global Catalogs and the Partial 
Attribute Set 
`_
TechNet blog post.

The purpose of using the Global Catalog in SSSD is two-fold:

 * to avoid having to connect to the LDAP server of a DC from every domain in 
the forest

 * to look up the cross-domain members of Universal Groups, which are only 
present in the Global Catalog

Because not all the attributes required by SSSD are guaranteed to be
replicated to the Global Catalog (especially the ``uidNumber`` and
``gidNumber`` attributes), SSSD runs a search that checks for
the presence of any objects with either ``uidNumber`` or ``gidNumber``
during the very first request for a numerical ID. If no objects with
either attribute are present, the Global Catalog support is disabled
except for looking up Universal Group members.

However, at the moment, SSSD will either use whole entry it finds in
the Global Catalog or not use the Global Catalog at all. This puts
a bit of responsibility on the administrator in the sense that the
object in the Global Catalog must contain all the required entries or
the administrator might need to disable the Global Catalog support
manually in the configuration file.  In the future (see e.g. ticket

[SSSD] [sssd PR#448][comment] common: Correction of cache_req debug string ID format

[jhrozek]

  URL: https://github.com/SSSD/sssd/pull/448
Title: #448: common: Correction of cache_req debug string ID format

jhrozek commented:
"""
btw which platforms use 64bit id_t?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/448#issuecomment-344953635
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#451][comment] BUILD: Disable tests with know failures

[mzidek-rh]

  URL: https://github.com/SSSD/sssd/pull/451
Title: #451: BUILD: Disable tests with know failures

mzidek-rh commented:
"""
@lslebodn yeah I see (just tried the patch)... the tests need to be modified 
and that part in the branch may not be even necessary... so forget the branch, 
I will push new version that modifies the tests. If I do not do it today, we 
can use this patch, but I think I will make it.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/451#issuecomment-344930140
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#424][comment] TOOLS: Add a new sssctl command access-report

[pbrezina]

  URL: https://github.com/SSSD/sssd/pull/424
Title: #424: TOOLS: Add a new sssctl command access-report

pbrezina commented:
"""
Ack to Jakub's part of the patch set.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/424#issuecomment-344927528
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#451][comment] BUILD: Disable tests with know failures

[lslebodn]

  URL: https://github.com/SSSD/sssd/pull/451
Title: #451: BUILD: Disable tests with know failures

lslebodn commented:
"""
On (16/11/17 12:40), mzidek-rh wrote:
>Here is the branch if interested to look at the scope, but as I said I need to 
>run it in the environment where it was failing before submitting PR
>https://github.com/mzidek-rh/sssd/commits/ordererd-string-arrays
>

That patch obviously does not fix tests
If you do not have a time to prepare complete patch today then
we should disable tests.

There were already complains from non-sssd developers that
building sssd git master fails on f27 and rawhide.

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/451#issuecomment-344918145
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#399][comment] Backport of PR#57 to SSSD-1.13

[lslebodn]

  URL: https://github.com/SSSD/sssd/pull/399
Title: #399: Backport of PR#57 to SSSD-1.13

lslebodn commented:
"""
@sumit-bose I prepared rebased version of PR + I squashed last commit to 
previous original ommit.
Reason: it would be really good to have git bisect working even on 1.13 branch.

https://pagure.io/fork/lslebodn/SSSD/sssd/commits/sbose_PR

Could you double check that changes are identical?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/399#issuecomment-344914217
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#451][comment] BUILD: Disable tests with know failures

[mzidek-rh]

  URL: https://github.com/SSSD/sssd/pull/451
Title: #451: BUILD: Disable tests with know failures

mzidek-rh commented:
"""
Here is the branch if interested to look at the scope, but as I said I need to 
run it in the environment where it was failing before submitting PR
https://github.com/mzidek-rh/sssd/commits/ordererd-string-arrays
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/451#issuecomment-344911270
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#451][comment] BUILD: Disable tests with know failures

[mzidek-rh]

  URL: https://github.com/SSSD/sssd/pull/451
Title: #451: BUILD: Disable tests with know failures

mzidek-rh commented:
"""
Sorry I forgot about this. I do have a patch for 
https://pagure.io/SSSD/sssd/issue/3563 in ordererd-string-arrays (I just pushed 
the branch to gh). But I only tested it on my fedora machine, not with the 
failing tests. So I need to run a test before I open PR (there may be some 
minor changes needed in the expected order in the tests).
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/451#issuecomment-344910156
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#452][comment] SPEC: Reduce build time dependencies

[fidencio]

  URL: https://github.com/SSSD/sssd/pull/452
Title: #452: SPEC: Reduce build time dependencies

fidencio commented:
"""
@lslebodn, just one question (trying to learn a little bit here) why did you 
choose your approach over BuildRequires: pkgconfig(gdm-pam-extensions) ?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/452#issuecomment-344903809
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#449][comment] cache: Check for max_id/min_id in cache_req

[amitkumar50]

  URL: https://github.com/SSSD/sssd/pull/449
Title: #449: cache: Check for max_id/min_id in cache_req

amitkumar50 commented:
"""
@jhrozek Thanks for comments.
So Shall I not work on this patch as of now?
Or instead of EOK define `ERR_UID_OUTSIDE_RANGE` in `./src/util/util_errors.h` 
and return.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/449#issuecomment-344902647
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#452][comment] SPEC: Reduce build time dependencies

[fidencio]

  URL: https://github.com/SSSD/sssd/pull/452
Title: #452: SPEC: Reduce build time dependencies

fidencio commented:
"""
I'd like to ask a mention in the commit message the commit you filed that ended 
up with the gdm-pam-extensions-devel creation.

Anyways, obvious ACK!
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/452#issuecomment-344900698
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#452][opened] SPEC: Reduce build time dependencies

[lslebodn]

   URL: https://github.com/SSSD/sssd/pull/452
Author: lslebodn
 Title: #452: SPEC: Reduce build time dependencies
Action: opened

PR body:
"""
Total download size: 139 M
Installed size: 465 M

vs

Total size: 11 k
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/452/head:pr452
git checkout pr452
From 44cd9b3f86dbc655e67083010e230aa2004ebe5c Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Thu, 16 Nov 2017 12:11:28 +0100
Subject: [PATCH] SPEC: Reduce build time dependencies

Total download size: 139 M
Installed size: 465 M

vs

Total size: 11 k
---
 contrib/sssd.spec.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index c716efdce..d1cd1965f 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -240,7 +240,7 @@ BuildRequires: jansson-devel
 BuildRequires: libcurl-devel
 %endif
 %if (0%{?with_gdm_pam_extensions} == 1)
-BuildRequires: gdm-devel
+BuildRequires: gdm-pam-extensions-devel
 %endif
 
 %description
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#451][comment] BUILD: Disable tests with know failures

[fidencio]

  URL: https://github.com/SSSD/sssd/pull/451
Title: #451: BUILD: Disable tests with know failures

fidencio commented:
"""
Although the patch looks good and there's a strong motivation behind this 
(having our internal CI tests passing), I'd like to hear from @mzidek-rh about 
what's the status of https://pagure.io/SSSD/sssd/issue/3563

If the status is "I've cooked a patch and the PR will be opened soon", then 
maybe better to wait for the PR. Otherwise, sadly, I'm fine with this PR.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/451#issuecomment-344888572
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#451][opened] BUILD: Disable tests with know failures

[lslebodn]

   URL: https://github.com/SSSD/sssd/pull/451
Author: lslebodn
 Title: #451: BUILD: Disable tests with know failures
Action: opened

PR body:
"""
Temporary workaround for:
https://pagure.io/SSSD/sssd/issue/3563
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/451/head:pr451
git checkout pr451
From 125c4d668304758bf638d8be203d311628557664 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Thu, 16 Nov 2017 11:46:07 +0100
Subject: [PATCH] BUILD: Disable tests with know failures

Temporary workaround for:
https://pagure.io/SSSD/sssd/issue/3563
---
 Makefile.am | 2 --
 1 file changed, 2 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 16bcb4efc..a6f20c1c2 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -237,7 +237,6 @@ endif # HAVE_CHECK
 
 if HAVE_CMOCKA
 non_interactive_cmocka_based_tests = \
-nss-srv-tests \
 test-find-uid \
 test-io \
 test-negcache \
@@ -260,7 +259,6 @@ if HAVE_CMOCKA
 test_sdap_certmap \
 sdap-tests \
 test_sysdb_ts_cache \
-test_sysdb_views \
 test_sysdb_subdomains \
 test_sysdb_certmap \
 test_sysdb_sudo \
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#448][comment] common: Correction of cache_req debug string ID format

[lslebodn]

  URL: https://github.com/SSSD/sssd/pull/448
Title: #448: common: Correction of cache_req debug string ID format

lslebodn commented:
"""
master:
* d25646c64a7117a6551468256efa82d01647751e
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/448#issuecomment-344886324
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#448][closed] common: Correction of cache_req debug string ID format

[lslebodn]

   URL: https://github.com/SSSD/sssd/pull/448
Author: amitkumar50
 Title: #448: common: Correction of cache_req debug string ID format
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/448/head:pr448
git checkout pr448
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#448][+Pushed] common: Correction of cache_req debug string ID format

[lslebodn]

  URL: https://github.com/SSSD/sssd/pull/448
Title: #448: common: Correction of cache_req debug string ID format

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#450][opened] sysdb: do not use objectClass for users and groups

[sumit-bose]

   URL: https://github.com/SSSD/sssd/pull/450
Author: sumit-bose
 Title: #450: sysdb: do not use objectClass for users and groups
Action: opened

PR body:
"""
The majority of the object in the SSSD cache are users and groups. If there
are many user and groups in the cache the index objects of the objectclass
attributes 'user' and 'group' become  large because the must hold
references to all objects of those object classes.

As a result the management of these index objects becomes costly because
they must be parsed and split apart quite often. Additionally they are
mostly useless because user and groups are lookup up by more specific
attributes in general.

Only when enumerating all user or groups this kind of index might be
useful.

There are two way of removing this kind of index from the user and group
objects. Either by removing objectClass from the list of indexes and add a
new attribute to all other type of object we want and index for. Or by
replacing objectClass with a different attribute for the user and group
objects. After some testing I think the latter one is the more reliable one
and implemented it in this patch.

Related to https://pagure.io/SSSD/sssd/issue/3503

Additionally this patch set removes the one-level search index IDXONE and
replaces LDB_SCOPE_ONELEVEL searches with LDB_SCOPE_SUBTREE searches in the
callers.
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/450/head:pr450
git checkout pr450
From 26314f9f3fcf232fcf92e75f6c16dc0c1bb56641 Mon Sep 17 00:00:00 2001
From: Sumit Bose 
Date: Wed, 8 Nov 2017 14:04:40 +0100
Subject: [PATCH 1/4] sysdb: be_refresh_get_values_ex() remove unused option

The objectclass argument is not used in be_refresh_get_values_ex()
anymore.

Related to https://pagure.io/SSSD/sssd/issue/3503
---
 src/providers/be_refresh.c | 7 +--
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c
index 81f2c5d1d..e8cf5da75 100644
--- a/src/providers/be_refresh.c
+++ b/src/providers/be_refresh.c
@@ -32,7 +32,6 @@
 static errno_t be_refresh_get_values_ex(TALLOC_CTX *mem_ctx,
 struct sss_domain_info *domain,
 time_t period,
-const char *objectclass,
 struct ldb_dn *base_dn,
 const char *attr,
 char ***_values)
@@ -96,21 +95,17 @@ static errno_t be_refresh_get_values(TALLOC_CTX *mem_ctx,
  char ***_values)
 {
 struct ldb_dn *base_dn = NULL;
-const char *class = NULL;
 errno_t ret;
 
 switch (type) {
 case BE_REFRESH_TYPE_USERS:
 base_dn = sysdb_user_base_dn(mem_ctx, domain);
-class = SYSDB_USER_CLASS;
 break;
 case BE_REFRESH_TYPE_GROUPS:
 base_dn = sysdb_group_base_dn(mem_ctx, domain);
-class = SYSDB_GROUP_CLASS;
 break;
 case BE_REFRESH_TYPE_NETGROUPS:
 base_dn = sysdb_netgroup_base_dn(mem_ctx, domain);
-class = SYSDB_NETGROUP_CLASS;
 break;
 case BE_REFRESH_TYPE_SENTINEL:
 return ERR_INTERNAL;
@@ -121,7 +116,7 @@ static errno_t be_refresh_get_values(TALLOC_CTX *mem_ctx,
 return ENOMEM;
 }
 
-ret = be_refresh_get_values_ex(mem_ctx, domain, period, class,
+ret = be_refresh_get_values_ex(mem_ctx, domain, period,
base_dn, SYSDB_NAME, _values);
 
 talloc_free(base_dn);

From 520ffd5ec96187241c3cc64fe92d69ac9ddbfa7a Mon Sep 17 00:00:00 2001
From: Sumit Bose 
Date: Wed, 8 Nov 2017 15:14:58 +0100
Subject: [PATCH 2/4] sysdb: do not use objectClass for users and groups

The majority of the object in the SSSD cache are users and groups. If
there are many user and groups in the cache the index objects of the
objectclass attributes 'user' and 'group' become  large because the
must hold references to all objects of those object classes.

As a result the management of these index objects becomes costly because
they must be parsed and split apart quite often. Additionally they are
mostly useless because user and groups are lookup up by more specific
attributes in general.

Only when enumerating all user or groups this kind of index might be
useful.

There are two way of removing this kind of index from the user and group
objects. Either by removing objectClass from the list of indexes and add
a new attribute to all other type of object we want and index for. Or by
replacing objectClass with a different attribute for the user and group
objects. After some testing I think the latter one is the more reliable
one and implemented it in this patch.

Related to https://pagure.io/SSSD/sssd/issue/3503
---
 src/db/sysdb.h | 10 +++---
 src/db/sysdb_init.c  

[SSSD] [sssd PR#448][-Changes requested] common: Correction of cache_req debug string ID format

[fidencio]

  URL: https://github.com/SSSD/sssd/pull/448
Title: #448: common: Correction of cache_req debug string ID format

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#448][comment] common: Correction of cache_req debug string ID format

[fidencio]

  URL: https://github.com/SSSD/sssd/pull/448
Title: #448: common: Correction of cache_req debug string ID format

fidencio commented:
"""
@lslebodn, hmm. makes sense, thanks for the explanation.

Seems that @amitkumar50 new PR is okay with your suggestion, but I'd like to 
hear it from you.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/448#issuecomment-344884804
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#448][comment] common: Correction of cache_req debug string ID format

[amitkumar50]

  URL: https://github.com/SSSD/sssd/pull/448
Title: #448: common: Correction of cache_req debug string ID format

amitkumar50 commented:
"""
@fidencio Thanks I read inttypes.h convention here goes PRIuN.
Done.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/448#issuecomment-344884010
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#448][comment] common: Correction of cache_req debug string ID format

[lslebodn]

  URL: https://github.com/SSSD/sssd/pull/448
Title: #448: common: Correction of cache_req debug string ID format

lslebodn commented:
"""
>This is not fixed. Although it seems nitpicking to me as gid_t, uid_t and id_t 
>as all of those ended up being defined as u32 type anyways ... all of those 
>should use PRIu32 in order to address @lslebodn's comment.

It is not nitpick. Some platform have 64 bit id_t. Therefore we have custom 
string formats for
`gid_t`, `uid_t` and `id_t` And you should not use PRIu32 for formatting 64 bit 
integers.
Therefore we need to use the format string which is tight to type (uint32_t) in 
this case. 
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/448#issuecomment-344883786
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#448][synchronized] common: Correction of cache_req debug string ID format

[amitkumar50]

   URL: https://github.com/SSSD/sssd/pull/448
Author: amitkumar50
 Title: #448: common: Correction of cache_req debug string ID format
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/448/head:pr448
git checkout pr448
From c7197da6a4240b01c11b750b0233b3098ac3ddad Mon Sep 17 00:00:00 2001
From: amitkuma 
Date: Tue, 14 Nov 2017 13:59:12 +0530
Subject: [PATCH] common: Correction of cache_req debug string ID format

The cache-req debug string representation uses a wrong format
specifier for by-ID requests.
data->id (uint32_t) should be replaced with  %"PRIu32"
in cache_req_group_by_id.c, cache_req_object_by_id.c &
cache_req_user_by_id.c.

Resolves: https://pagure.io/SSSD/sssd/issue/3570
---
 src/responder/common/cache_req/plugins/cache_req_group_by_id.c  | 2 +-
 src/responder/common/cache_req/plugins/cache_req_object_by_id.c | 2 +-
 src/responder/common/cache_req/plugins/cache_req_user_by_id.c   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/responder/common/cache_req/plugins/cache_req_group_by_id.c b/src/responder/common/cache_req/plugins/cache_req_group_by_id.c
index 5ca64283a..121f95abe 100644
--- a/src/responder/common/cache_req/plugins/cache_req_group_by_id.c
+++ b/src/responder/common/cache_req/plugins/cache_req_group_by_id.c
@@ -31,7 +31,7 @@ cache_req_group_by_id_create_debug_name(TALLOC_CTX *mem_ctx,
 struct cache_req_data *data,
 struct sss_domain_info *domain)
 {
-return talloc_asprintf(mem_ctx, "GID:%d@%s", data->id, domain->name);
+return talloc_asprintf(mem_ctx, "GID:%"PRIu32"@%s", data->id, domain->name);
 }
 
 static errno_t
diff --git a/src/responder/common/cache_req/plugins/cache_req_object_by_id.c b/src/responder/common/cache_req/plugins/cache_req_object_by_id.c
index 339bd4f5f..4c88e1035 100644
--- a/src/responder/common/cache_req/plugins/cache_req_object_by_id.c
+++ b/src/responder/common/cache_req/plugins/cache_req_object_by_id.c
@@ -31,7 +31,7 @@ cache_req_object_by_id_create_debug_name(TALLOC_CTX *mem_ctx,
  struct cache_req_data *data,
  struct sss_domain_info *domain)
 {
-return talloc_asprintf(mem_ctx, "ID:%d@%s", data->id, domain->name);
+return talloc_asprintf(mem_ctx, "ID:%"PRIu32"@%s", data->id, domain->name);
 }
 
 static errno_t
diff --git a/src/responder/common/cache_req/plugins/cache_req_user_by_id.c b/src/responder/common/cache_req/plugins/cache_req_user_by_id.c
index 913f9be5b..3c25c7631 100644
--- a/src/responder/common/cache_req/plugins/cache_req_user_by_id.c
+++ b/src/responder/common/cache_req/plugins/cache_req_user_by_id.c
@@ -31,7 +31,7 @@ cache_req_user_by_id_create_debug_name(TALLOC_CTX *mem_ctx,
struct cache_req_data *data,
struct sss_domain_info *domain)
 {
-return talloc_asprintf(mem_ctx, "UID:%d@%s", data->id, domain->name);
+return talloc_asprintf(mem_ctx, "UID:%"PRIu32"@%s", data->id, domain->name);
 }
 
 static errno_t
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#139][comment] Initial revision of sssd pytest framework

[fidencio]

  URL: https://github.com/SSSD/sssd/pull/139
Title: #139: Initial revision of sssd pytest framework

fidencio commented:
"""
I really like the idea of having the team there. So, +1 from me.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/139#issuecomment-344871272
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#139][comment] Initial revision of sssd pytest framework

[jhrozek]

  URL: https://github.com/SSSD/sssd/pull/139
Title: #139: Initial revision of sssd pytest framework

jhrozek commented:
"""
OK, I added @mrniranjan to commit group for https://pagure.io/SSSD/docs/

Then I created the tag "tests" in pagure and added @mrniranjan to the main 
pagure repo with "ticket" privileges.

I also wonder if we should add a new github team where we would initially add 
@mrniranjan but also anyone else who would be sending PRs for the pytests. One 
advantage of having a team is that you can @mention the whole team and set 
granular permissions for the whole team.
 
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/139#issuecomment-344867446
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#443][comment] NSS: Use enum_ctx as memory_context in _setnetgrent_set_timeout()

[fidencio]

  URL: https://github.com/SSSD/sssd/pull/443
Title: #443: NSS: Use enum_ctx as memory_context in _setnetgrent_set_timeout()

fidencio commented:
"""
@lslebodn: feel free to add more info there in case you think there's something 
missing in the description.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/443#issuecomment-344864552
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#443][comment] NSS: Use enum_ctx as memory_context in _setnetgrent_set_timeout()

[fidencio]

  URL: https://github.com/SSSD/sssd/pull/443
Title: #443: NSS: Use enum_ctx as memory_context in _setnetgrent_set_timeout()

fidencio commented:
"""
@lslebodn: https://pagure.io/SSSD/sssd/issue/3575 has been created.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/443#issuecomment-344864365
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#443][comment] NSS: Use enum_ctx as memory_context in _setnetgrent_set_timeout()

[lslebodn]

  URL: https://github.com/SSSD/sssd/pull/443
Title: #443: NSS: Use enum_ctx as memory_context in _setnetgrent_set_timeout()

lslebodn commented:
"""
> I didn't. As I said in the first comment, I was not able to reproduce the 
> issue at all, even with the steps you mentioned in the bugzilla.

I tried with default version of sssd on el6 and it crashed; the same for 
sssd-1.14.2-2.el6.x86_64 from copr. But the same steps did not work with 1.16.x 
Anyway I still think there is a bug in backend.
Would you mind to file a ticket? Because https://pagure.io/SSSD/sssd/issue/3523 
is already closed
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/443#issuecomment-344859900
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#405][comment] WATCHDOG: Restart providers with SIGUSR2 after time drift

[fidencio]

  URL: https://github.com/SSSD/sssd/pull/405
Title: #405:  WATCHDOG: Restart providers with SIGUSR2 after time drift

fidencio commented:
"""
OTOH, if you have spare cycles, please, feel free to run the tests and give the 
ACK to this patch.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/405#issuecomment-344844385
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#405][comment] WATCHDOG: Restart providers with SIGUSR2 after time drift

[fidencio]

  URL: https://github.com/SSSD/sssd/pull/405
Title: #405:  WATCHDOG: Restart providers with SIGUSR2 after time drift

fidencio commented:
"""
@lslebodn, not yet. When I make some time I'll run all the downstream tests (as 
per your recommendation) and I'll finish the review of this patch.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/405#issuecomment-344844260
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org