-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 06:58 PM, Stephen Gallagher wrote:
> This patch reverts the change we made to use enumerations by default.
>
> It should be pushed along with the patch "Do not schedule enumeration
> after a cleanup", now that we have identified and fixe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 04:08 PM, Jakub Hrozek wrote:
> On 02/23/2010 08:30 PM, Simo Sorce wrote:
>> Aside from the talloc_asprintf_append() point in the other mail,
>> patches looks good to me.
>
>> Simo.
>
> Thanks for the review, new patches are attached.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 08:30 PM, Simo Sorce wrote:
> Aside from the talloc_asprintf_append() point in the other mail,
> patches looks good to me.
>
> Simo.
Thanks for the review, new patches are attached.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (
On Tue, 23 Feb 2010 19:52:50 +0100
Jakub Hrozek wrote:
> On 02/23/2010 07:46 PM, Stephen Gallagher wrote:
> > "successful" wasn't the only part of the ConfigAPI description that
> > needed changing. It's still bad English.
> >
> > _('How long to keep cached entries with after last successful
> >
On Tue, 23 Feb 2010 19:52:50 +0100
Jakub Hrozek wrote:
> -subfilter = talloc_asprintf(state, "(&(!(%s=0))(%s<=%ld))",
> +account_cache_expiration =
> dp_opt_get_int(state->ctx->opts->basic,
> +
> SDAP_ACCOUNT_CACHE_EXPIRATION);
> +DEBUG(9, ("Cache expiration is set to %d days\n",
> +
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 07:46 PM, Stephen Gallagher wrote:
> "successful" wasn't the only part of the ConfigAPI description that
> needed changing. It's still bad English.
>
> _('How long to keep cached entries with after last successful login'),
> Should read
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 01:43 PM, Jakub Hrozek wrote:
> Attached is a revised patch.
>
> The changes:
>* reverted the error condition handling in cleanup_users_send()
>* handles ENOSYS returned from get_uid_table()
>* commented the checks on offline
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Attached is a revised patch.
The changes:
* reverted the error condition handling in cleanup_users_send()
* handles ENOSYS returned from get_uid_table()
* commented the checks on offline_credentials_expiration
* the new option was renamed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This patch reverts the change we made to use enumerations by default.
It should be pushed along with the patch "Do not schedule enumeration
after a cleanup", now that we have identified and fixed the bug that
caused the performance hit when enumeratio
On Tue, 23 Feb 2010 18:29:20 +0100
Jakub Hrozek wrote:
> On 02/23/2010 06:22 PM, Simo Sorce wrote:
> > On non-linux platforms this returns ENOSYS
> > You can't make it a hard error IMO.
>
> Correct..I presume that in this case we don't delete any users? As
> deleting a user who is logged in is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 06:05 PM, Simo Sorce wrote:
> I would rather call it something like account_cache_expiration,
Right, thanks for the suggestion. I like account_cache_expiration
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Usi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 06:22 PM, Simo Sorce wrote:
> On non-linux platforms this returns ENOSYS
> You can't make it a hard error IMO.
Correct..I presume that in this case we don't delete any users? As
deleting a user who is logged in is..bad.
-BEGIN PGP SI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 06:19 PM, Simo Sorce wrote:
> Why did you change these error conditions ?
One of the versions of the patch had these conditions in a callback
(there was an interim step), so I used tevent_req_error
I could swear I changed the error case
On Tue, 23 Feb 2010 13:50:42 +0100
Jakub Hrozek wrote:
> +ret = get_uid_table(state, &state->uid_table);
> +if (ret != EOK) {
> +tevent_req_error(req, ret);
> +return;
> +}
> +
On non-linux platforms this returns ENOSYS
You can't make it a hard error IMO.
Simo.
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 06:03 PM, Simo Sorce wrote:
> This snipped is very confusing.
> It looks like ldap_cred_expiration should really be called
> login_cache_timeout, or what I am not understanding here?
>
Yes, this is confusing. As you mentioned in the oth
On Tue, 23 Feb 2010 13:50:42 +0100
Jakub Hrozek wrote:
> if (!req) {
> @@ -281,19 +286,41 @@ static struct tevent_req
> *cleanup_users_send(TALLOC_CTX *memctx, }
>
> state->ev = ev;
> -state->sysdb = sysdb;
> -state->domain = domain;
> +state->sysdb = ctx->be->sysdb;
> +
On Tue, 23 Feb 2010 11:59:27 -0500
Stephen Gallagher wrote:
> >> [PATCH 1/2] Store lastLogin attribute when authenticating online
> >> This is needed for the second patch as we rely on lastLogin to
> >> decide whether to delete an entry or not.
> >
> > This one seem to save the last login _onl
On Tue, 23 Feb 2010 13:50:42 +0100
Jakub Hrozek wrote:
> +
> +login_cache_timeout (integer)
> +
> +
Just thinking out loud, but the name looks not very clear.
I would rather call it something like account_cache_expir
On Tue, 23 Feb 2010 13:50:42 +0100
Jakub Hrozek wrote:
> +
> + = dp_opt_get_int(opts->basic,
> + SDAP_LOGIN_CACHE_TIMEOUT);
> +
> +if (!offline_credentials_expiration && ldap_cred_expiration) {
> +DEBUG(1, ("Conflicting values for options
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 11:58 AM, Simo Sorce wrote:
> On Tue, 23 Feb 2010 13:50:42 +0100
> Jakub Hrozek wrote:
>
>> [PATCH 1/2] Store lastLogin attribute when authenticating online
>> This is needed for the second patch as we rely on lastLogin to decide
>> whe
On Tue, 23 Feb 2010 13:50:42 +0100
Jakub Hrozek wrote:
> [PATCH 1/2] Store lastLogin attribute when authenticating online
> This is needed for the second patch as we rely on lastLogin to decide
> whether to delete an entry or not.
This one seem to save the last login _only_ when the authenticati
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 07:50 AM, Jakub Hrozek wrote:
> These patches must be applied on top of the "Do not check entries..." one.
>
> [PATCH 1/2] Store lastLogin attribute when authenticating online
> This is needed for the second patch as we rely on lastLogin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 10:54 AM, Jakub Hrozek wrote:
> On 02/23/2010 03:56 PM, Stephen Gallagher wrote:
>> Sorry, I need to correct this to a Nack.
>
>> Please update manpage entries for ldap_purge_cache_timeout and
>> entry_cache_timeout.
>
> Sure, attached.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 05:20 PM, Stephen Gallagher wrote:
> This is a trivial patch. When I added the "make prerelease-[s]rpms"
> commands, I forgot to include the hour, which makes the resulting RPMs
> incompatible with our automated build system. This patch b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This is a trivial patch. When I added the "make prerelease-[s]rpms"
commands, I forgot to include the hour, which makes the resulting RPMs
incompatible with our automated build system. This patch brings them
back in line.
- --
Stephen Gallagher
RHCE 8
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 03:56 PM, Stephen Gallagher wrote:
> Sorry, I need to correct this to a Nack.
>
> Please update manpage entries for ldap_purge_cache_timeout and
> entry_cache_timeout.
Sure, attached.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 08:17 AM, Jakub Hrozek wrote:
> ssia
Ack.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 08:15 AM, Stephen Gallagher wrote:
> On 02/23/2010 07:50 AM, Jakub Hrozek wrote:
>> On 02/23/2010 01:29 PM, Stephen Gallagher wrote:
>>> Nack.
>
>>> ldap_id_cleanup_users_done():
>>> If the cleanup_groups_send subreq creation fails,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
We already had routines in place for answering Introspection requests
because the InfoPipe had previously used them. These two patches add a
few simple utility routines for reading in the Introspection XML files
and set up the monitor, services and dat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ssia
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkuD1X0ACgkQHsardTLnvCXeMwCeOcsuDT1zfnhRguXywuzjF4Hk
jZgAn0LyplwYuMoEPuDxxhtt74C3e1d+
=wSYP
-END PGP S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 07:50 AM, Jakub Hrozek wrote:
> On 02/23/2010 01:29 PM, Stephen Gallagher wrote:
>> Nack.
>
>> ldap_id_cleanup_users_done():
>> If the cleanup_groups_send subreq creation fails, you do not set
>> err. This means that the error you pr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
These patches must be applied on top of the "Do not check entries..." one.
[PATCH 1/2] Store lastLogin attribute when authenticating online
This is needed for the second patch as we rely on lastLogin to decide
whether to delete an entry or not.
[PATC
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 01:29 PM, Stephen Gallagher wrote:
> Nack.
>
> ldap_id_cleanup_users_done():
> If the cleanup_groups_send subreq creation fails, you do not set
> err. This means that the error you print will indicate EOK. That's
> confusing to someo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/23/2010 06:58 AM, Sumit Bose wrote:
> Hi,
>
> this patch changes the way we handle expired passwords to meet the PAM
> standards.
>
> bye,
> Sumit
>
Ack.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/22/2010 04:14 AM, Sumit Bose wrote:
> On Fri, Feb 19, 2010 at 03:46:43PM -0500, Stephen Gallagher wrote:
> On 02/19/2010 08:49 AM, Sumit Bose wrote:
Hi,
this patch should fix #403.
libdbus is so nice to call chmod(0777) e
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/16/2010 11:41 AM, Jakub Hrozek wrote:
> On 02/16/2010 01:23 PM, Jakub Hrozek wrote:
>> Do not attempt to validate expired entries in cache, just delete them.
>> Also increase the cache timeouts.
>
>> Fixes: #331
>
>
> Stephen spotted a typo (a
Hi,
this patch changes the way we handle expired passwords to meet the PAM
standards.
bye,
Sumit
From bb731b875dbb78980c7e2a9d0a97cac54fc5faa2 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Mon, 22 Feb 2010 09:10:32 +0100
Subject: [PATCH] Handle expired passwords like other PAM modules
So far
37 matches
Mail list logo