[Freeipa-devel] [freeipa PR#5991][opened] extdom: return LDAP_NO_SUCH_OBJECT if domains differ

URL: https://github.com/freeipa/freeipa/pull/5991 Author: sumit-bose Title: #5991: extdom: return LDAP_NO_SUCH_OBJECT if domains differ Action: opened PR body: """ If a client sends a request to lookup an object from a given trusted domain by UID or GID and an object with matching ID is only

[Freeipa-devel] [freeipa PR#4015][opened] ipa-kdd: Remove keys password auth is disabled

URL: https://github.com/freeipa/freeipa/pull/4015 Author: sumit-bose Title: #4015: ipa-kdd: Remove keys password auth is disabled Action: opened PR body: """ With commit 15ff9c8 a check was removed and as a result Kerberos keys are unconditionally added to the user entry struct if they are

[Freeipa-devel] [freeipa PR#3542][opened] extdom: unify error code handling especially LDAP_NO_SUCH_OBJECT

URL: https://github.com/freeipa/freeipa/pull/3542 Author: sumit-bose Title: #3542: extdom: unify error code handling especially LDAP_NO_SUCH_OBJECT Action: opened PR body: """ A return code LDAP_NO_SUCH_OBJECT will tell SSSD on the IPA client to remove the searched object from the cache. As a

[Freeipa-devel] [freeipa PR#2891][opened] ipa-extdom-exop: add instance counter and limit

URL: https://github.com/freeipa/freeipa/pull/2891 Author: sumit-bose Title: #2891: ipa-extdom-exop: add instance counter and limit Action: opened PR body: """ The user and group lookups done by the extdom plugin might need some time depending on the state of the service (typically SSSD)

[Freeipa-devel] [freeipa PR#2846][opened] ipa_sam: remove dependency to talloc_strackframe.h

URL: https://github.com/freeipa/freeipa/pull/2846 Author: sumit-bose Title: #2846: ipa_sam: remove dependency to talloc_strackframe.h Action: opened PR body: """ Recent Samba versions removed some header files which did include non-public APIs. As a result talloc_strackframe.h and memory.h

[Freeipa-devel] [freeipa PR#1537][opened] ipa-kdb: use magic value to check if ipadb is used

URL: https://github.com/freeipa/freeipa/pull/1537 Author: sumit-bose Title: #1537: ipa-kdb: use magic value to check if ipadb is used Action: opened PR body: """ The certauth plugin is configured in /etc/krb5.conf independently form the database module. As a result the IPA certauth plugin can

[Freeipa-devel] [freeipa PR#1529][opened] ipa-kdb: update trust information in all workers

URL: https://github.com/freeipa/freeipa/pull/1529 Author: sumit-bose Title: #1529: ipa-kdb: update trust information in all workers Action: opened PR body: """ Currently there is already code to make sure that after trust is established an AS-REQ of the local HTTP principal causes a refresh

[Freeipa-devel] Testing extdom plugin directly

Hi, please find attached a small python class (generated with asn1ate) which might help to generate the needed data to send a request to the extdom plugin directly. This might be useful to write tests. To generate the base64 encoded data needed e.g. for the ldapexop command I used: from

[Freeipa-devel] [freeipa PR#1115][opened] ipa-kdb: reinit trusted domain data for enterprise principals

URL: https://github.com/freeipa/freeipa/pull/1115 Author: sumit-bose Title: #1115: ipa-kdb: reinit trusted domain data for enterprise principals Action: opened PR body: """ While processing enterprise principals the information about trusted domains might not be up-to-date. With this patch

[Freeipa-devel] [freeipa PR#879][comment] FIPS mode and NT hashes

URL: https://github.com/freeipa/freeipa/pull/879 Title: #879: FIPS mode and NT hashes sumit-bose commented: """ I just pushed a new version which include the upstream ticket reference in the commit message, there are no changes to the code. """ See the full comment at

[Freeipa-devel] [freeipa PR#879][synchronized] FIPS mode and NT hashes

URL: https://github.com/freeipa/freeipa/pull/879 Author: sumit-bose Title: #879: FIPS mode and NT hashes Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/879/head:pr879 git checkout pr879 From

[Freeipa-devel] [freeipa PR#879][opened] FIPS mode and NT hashes

URL: https://github.com/freeipa/freeipa/pull/879 Author: sumit-bose Title: #879: FIPS mode and NT hashes Action: opened PR body: """ In FIPS mode NT hashes (aka md4) are not allowed. If FIPS more is detected we disable NT hashes in the password plugin even is they are allowed by IPA

[Freeipa-devel] [freeipa PR#823][comment] ipa-kdb: reload certificate mapping rules periodically

URL: https://github.com/freeipa/freeipa/pull/823 Title: #823: ipa-kdb: reload certificate mapping rules periodically sumit-bose commented: """ > @sumit-bose I got confused by "periodically" in title and "every 5 minutes" > in description. It works as expected. ah, yes, I'm sorry the wording

[Freeipa-devel] [freeipa PR#823][comment] ipa-kdb: reload certificate mapping rules periodically

URL: https://github.com/freeipa/freeipa/pull/823 Title: #823: ipa-kdb: reload certificate mapping rules periodically sumit-bose commented: """ @dkupka, the reload only happens during processing the PKINIT request if the rules are older than 5 minutes. It is not a timed event which runs all the

[Freeipa-devel] [freeipa PR#823][comment] ipa-kdb: reload certificate mapping rules periodically

URL: https://github.com/freeipa/freeipa/pull/823 Title: #823: ipa-kdb: reload certificate mapping rules periodically sumit-bose commented: """ @dkupka, ah, this is a side effect of having multiple workers (3907-3912). The IPA context is not share between the workers so each will load the

[Freeipa-devel] [freeipa PR#823][opened] ipa-kdb: reload certificate mapping rules periodically

URL: https://github.com/freeipa/freeipa/pull/823 Author: sumit-bose Title: #823: ipa-kdb: reload certificate mapping rules periodically Action: opened PR body: """ With this patch the certificate mapping rules are reloaded every 5 minutes. Resolves https://pagure.io/freeipa/issue/6963 """