[SSSD] Re: KCM notifications

On Thu, Feb 20, 2020 at 11:18:59AM +0100, Pavel Březina wrote: > Hi devs, > > I'm thinking about ways to implement SSSD KCM notification that > something has changed (i.e. user called kinit/kdestroy) [1]. The main > use case is to notify Gnome Online Accounts (which is a daemon running > under

[SSSD] Re: sss_nfs_[ug]id_to_name not properly respecting the libnfsidmap interface

On Thu, Aug 22, 2019 at 01:25:14PM +0200, Sumit Bose wrote: > On Wed, Aug 21, 2019 at 02:00:40PM -0700, Richard Sharpe wrote: > > Hi folks, > > > > In the current code downloaded from github I see the following function: > > > > src/sss_client/nfs/sss_nfs_client.c:sss_nfs_uid_to_name: > > > >

[SSSD] Re: SSSD Internals Document published

This is quite embarassing, but we still haven't converted that document from the old wiki to pagure. I've been working on that on and off when I had some free time, the current state can be viewed at:

[SSSD] Re: Removing nscd from Fedora

On Thu, Aug 08, 2019 at 09:09:12PM +0200, Florian Weimer wrote: > We'd like to propose removing nscd from Fedora, for Fedora 32. > (The goal is to make this change downstream, too.) > > Carlos told me that in the past, sssd couldn't do full caching for > nss_files, and that was still a concern at

[SSSD] Re: How can I build only the libnss_sss.so library?

On Fri, Jul 19, 2019 at 06:04:13PM +, Jim Smith wrote: > I’d like to construct a Makefile to build only the libnss_sss.so library... > Is there an easy way to generate a minimal Makefile for different platforms > or will it require manual construction? Currently there is not. But it would be

[SSSD] Re: Announcing SSSD 2.2.0 (this time with the correct release notes)

ot rid of went_offline usage * providers/ipa: Fixed obvious copy-paste error * providers/ipa: Changed default service search base * TESTS: ability to run unit tests under valgrind * Monitor & utils: got rid of pid filename duplication * Monitor: fixed bug with s

[SSSD] Announcing SSSD 2.2.0

rom test_sysdb_certmap * tests: remove LOCAL_SYSDB_FILE reference from test_sysdb_domain_resolution_order_ * tests: remove LOCAL_SYSDB_FILE reference from test_sysdb_subdomains * tests: remove LOCAL_SYSDB_FILE reference from common_dom * local: build local provider conditionally * pysss

[SSSD] Announcing SSSD 1.16.4

ixed unaligned mem access * ci/sssd.supp: fixed c-ares-suppress-leak-from-init * negcache: avoid "is_*_local" calls in some cases * Monitor: changed provider startup timeout * Fabiano Fidêncio (1): * man/sss_ssh_knownhostsproxy: fix typo pubkeys -> pubkey *

[SSSD] RFC: 1.16.4 release notes

Hi, I would like to release 1.16.4 tomorrow. Below are the release notes that include what is now in the sssd-1-16 branch and somewhat optimistically also what is now acked on github. Comments are welcome: SSSD 1.16.4 === Highlights -- New Features * The list of

[SSSD] Re: please review https://github.com/SSSD/sssd/pull/781

On Tue, Mar 19, 2019 at 11:05:24AM +0100, Jakub Hrozek wrote: > Hi, > > there are several PRs I would like to push and also backport to > sssd-1-16, but currently our CI is failing due to: > https://github.com/SSSD/sssd/pull/781 > > Could someone review the PR so I can r

[SSSD] please review https://github.com/SSSD/sssd/pull/781

Hi, there are several PRs I would like to push and also backport to sssd-1-16, but currently our CI is failing due to: https://github.com/SSSD/sssd/pull/781 Could someone review the PR so I can resume pushing to sssd-1-16? ___ sssd-devel mailing

[SSSD] Re: PRs and tickets for backports

On Fri, Mar 15, 2019 at 02:25:24PM +0100, Alexey Tikhonov wrote: > > > +1 for separate PRs for backports (for CI checks) > > Do you think it would be acceptable for whoever pushes the patch to > > master to also create the backport PR? > > It depends on who decides if patch should be backported

[SSSD] Re: PRs and tickets for backports

On Fri, Mar 15, 2019 at 01:24:09PM +0100, Alexey Tikhonov wrote: > +1 for separate PRs for backports (for CI checks) Do you think it would be acceptable for whoever pushes the patch to master to also create the backport PR? Otherwise I'm worried that backports might always be delayed. I try to

[SSSD] PRs and tickets for backports

Hi, I was thinking about $SUBJECT and had a chat with Alexey about backports recently as well. Mostly I'm wondering whether it would be better to do either or both of: - create separate PRs for backports to sssd-1-16 - create separate tickets (clones) With PRs, it's mostly a matter of

[SSSD] Re: Design document: Multiple server addresses or names in kdcinfo files

On Fri, Feb 22, 2019 at 12:29:03PM +0100, Jakub Hrozek wrote: > Hi, > > I opened a pull request for the upcoming changes ot the locator plugin > which enables a sort of a failover for libkrb5 applications. > > The PR is here: > https://pagure.io/SSSD/docs/pull-reque

[SSSD] Re: Announcing SSSD 2.1

On Thu, Feb 28, 2019 at 09:56:46AM +0100, Jakub Hrozek wrote: > == SSSD 2.1 === > > The SSSD team is proud to announce the release of version 2.1 of > the System Security Services Daemon. > > As always, the source is available from https://fedorahosted.org

[SSSD] Announcing SSSD 2.1

ent/common.c: fix off-by-one error in sizes check * sss_client/common.c: comment amended * sss_client/nss_services.c: indentation fixed * sss_client/nss_services.c: fixed incorrect mutex usage * sss_client: global unexported symbols made static * providers/ld

[SSSD] Re: RFC: 2.1 release notes

On Fri, Feb 22, 2019 at 03:03:07PM +0100, Jakub Hrozek wrote: > Hi, > > let's release 2.1. I drafted the release notes. We should review these > PRs to make sure the release fixes all known regressions: > https://github.com/SSSD/sssd/pull/752 (Alexey assigned this PR) >

[SSSD] Re: Design document: Multiple server addresses or names in kdcinfo files

On Fri, Feb 22, 2019 at 02:46:20PM -0500, Robbie Harwood wrote: > Jakub Hrozek writes: > > > On a high level, implementing this RFE requires several changes: > >* change the Kerberos locator plugin so that it can also consume > > host names in addition to numeric

[SSSD] RFC: 2.1 release notes

Hi, let's release 2.1. I drafted the release notes. We should review these PRs to make sure the release fixes all known regressions: https://github.com/SSSD/sssd/pull/752 (Alexey assigned this PR) https://github.com/SSSD/sssd/pull/737 (Michal assigned this PR) In the meantime I'll move

[SSSD] Design document: Multiple server addresses or names in kdcinfo files

. Authors --- * Sumit Bose * Tomas Halman * Jakub Hrozek ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct

[SSSD] Re: Design Document: Change password without Password Modify Extended Operation

On Wed, Feb 20, 2019 at 11:54:31AM +0100, Pavel Březina wrote: > On 2/19/19 10:03 PM, Jakub Hrozek wrote: > > Thank you, I only have some minor requests for clarifications. > > I updated the text. Thank you, there are just some typos here and there, but in general I think the

[SSSD] Re: Design Document: Change password without Password Modify Extended Operation

Thank you, I only have some minor requests for clarifications. On Tue, Feb 19, 2019 at 11:33:47AM +0100, Pavel Březina wrote: > https://pagure.io/SSSD/docs/pull-request/77 > > .. highlight:: none > > Change password on LDAP server that does not support Password Mofify > Extended Operation >

[SSSD] Re: fleet commander integration

On Thu, Feb 07, 2019 at 05:51:06PM +0300, Levin Stanislav wrote: > Hello, > > I want to ask you about design of fleet commander integration, which I > found on > https://docs.pagure.org/SSSD.sssd/design_pages/fleet_commander_integration.html. > > > The JSON files will be stored in a new

[SSSD] Re: SSSD takeover org.freedesktop.Accounts

On Tue, Oct 23, 2018 at 10:59:51AM +0200, Franz Dietrich wrote: > Hello all, > > I recently discovered > https://docs.pagure.org/SSSD.sssd/design_pages/accounts_service.html and > I was like yeay that's exactly what I need. But then there is the "not > implemented thing..." Interesting, I wonder

[SSSD] RFC: Setting ignore_group_members=true by default

Hi, this proposal might be controversial, but I think a little discussion wouldn’t hurt :-) tl;dr: I propose we switch the default value of ignore_group_members from False to True by default For anyone not intimate with SSSD options, this would appear all groups to be effectivelly empty. The

[SSSD] Re: pagure upgraded and milestone cleanup

> On 26 Sep 2018, at 11:06, Jakub Hrozek wrote: > > There are some issues, like github mirroring broken at the moment > (https://pagure.io/pagure/issue/3700 btw I’m trying to set up mirroring directly from the pagure instance, which is the new approved way. Previously, the mirro

[SSSD] pagure upgraded and milestone cleanup

Hi, as you might have noticed from the new look, pagure had been upgraded to 5.x recently. There are some issues, like github mirroring broken at the moment (https://pagure.io/pagure/issue/3700) or the git remote giving some SQLAlchemy tracebacks (https://pagure.io/pagure/issue/3692) and maybe

[SSSD] Design document: hybrid magic private groups

Hi, I wrote a design document for the work tracked in https://pagure.io/SSSD/sssd/issue/3822 which is about a ‘hybrid’ MPG mode where the private group would be generated only for users who do not have a gidNumber set explicitly: https://pagure.io/SSSD/docs/pull-request/72 For your

[SSSD] Re: Add support for hosts and networks to NSS

> On 24 Aug 2018, at 14:39, Chris Kowalczyk wrote: > > On 08/21/2018 03:56 PM, Jakub Hrozek wrote: >>> On 21 Aug 2018, at 13:08, Chris Kowalczyk wrote: >>> >>> Hello All, >>> >>> I was wondering if there are any plans of adding more ma

[SSSD] Re: Add support for hosts and networks to NSS

> On 21 Aug 2018, at 13:08, Chris Kowalczyk wrote: > > Hello All, > > I was wondering if there are any plans of adding more maps -specifically > networks or hosts- to NSS in sssd? > > > As far as I know, it supports already the most important ones, like > users, groups etc: > >

[SSSD] Announcing SSSD 2.0

test_sysdb_domain_resolution_order_ * tests: remove LOCAL_SYSDB_FILE reference from test_sysdb_subdomains * tests: remove LOCAL_SYSDB_FILE reference from common_dom * local: build local provider conditionally * pysss: fix typo in comment * pysss: remove pysss.local *

[SSSD] RFC: 2.0 release notes

Hi, we’re about to release 2.0. Here are my draft release notes: SSSD 2.0.0 === Highlights -- This release removes or deprecates functionality from SSSD, therefore the SSSD team decided it was time to bump the major version number. The sssd-1-16 branch will be still supported

[SSSD] Announcing SSSD 1.16.3

e fail to save one profile * sdap: respect passwordGracelimit * deskprofile: fix a typo in _get_filename_path() * tests: add tests for ipa_deskprofile_get_filename_path() * util: introduce sss_ssh_print_pubkey() * ssh: make use of sss_ssh_print_pubkey() * sss

[SSSD] Re: Problems renewing machine account password in AD

(sssd-users is the proper list to ask user questions..) On Wed, Jul 11, 2018 at 01:24:20PM -0700, Gordon Messmer wrote: > > We're seeing problems with some hosts which appears to be caused by the new > ad_maximum_machine_account_password_age support in sssd (which notes that a > recent adcli

[SSSD] Design document: kdcinfo enhancement

to provide a way of failing over between multiple DCs from outside SSSD, for example from ``kinit.`` Authors --- * Sumit Bose * Jakub Hrozek ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le

[SSSD] CVE-2018-10852: information leak from the sssd-sudo responder

=== A security bug in SSSD 1.8 and later = Subject: information leak from the sssd-sudo responder CVE ID: CVE-2018-10852 Summary: The UNIX socket that is used for communication between the sudo utility and the sssd-sudo responder had its permissions set to

[SSSD] Announcing SSSD 1.16.2

old object instead of merging it * tlog: only log in tcurl_write_data when SSS_KCM_LOG_PRIVATE_DATA is set to YES

[SSSD] RFC: 1.16.2 release notes

Hi, below are the release notes for 1.16.2. Please comment :-) SSSD 1.16.2 === Highlights -- New Features * The smart card authentication, or in more general certificate authentication code now supports OpenSSL in addition to previously supported NSS (#3489).

[SSSD] Re: https://pagure.io/SSSD/sssd/issue/1555 [validate the shell coming from the directory or the cache] Close or not?

> On 5 Jun 2018, at 07:53, Amit wrote: > > Hello, > > Issue was opened 5 years back with following description: It is possible to > put junk into the shell attribute of an user entry. We should reuse the > existing code that is in use when allowed_shells/vetoed_shells are present, > check

[SSSD] Re: how to run intgcheck?

> On 22 May 2018, at 10:24, Chris Kowalczyk wrote: > > Hello All, > > I have been trying to run sssd intgcheck, but to not success. Could you help > me with it? > Generally, I've been performing the following steps: > > autoreconf -if > ./configure

[SSSD] Re: What's the best way to debug SELinux issues on SSSD?

> On 21 May 2018, at 23:58, Fabiano Fidêncio <fiden...@redhat.com> wrote: > > On Mon, May 21, 2018 at 10:32 PM, Jakub Hrozek <jhro...@redhat.com> wrote: >> >> >>> On 21 May 2018, at 21:39, Fabiano Fidêncio <fiden...@redhat.com> wrote: >

[SSSD] Re: What's the best way to debug SELinux issues on SSSD?

> On 21 May 2018, at 21:39, Fabiano Fidêncio wrote: > > People, > > I've been trying to debug a SELinux issue related to the domain > resolution order. > > Basically, if there's no domain_reoslution_order set: > [root@client1 vagrant]# ssh -l admin localhost > Password:

[SSSD] Re: [RFC] sbus2 integration

> On 18 May 2018, at 21:50, Simo Sorce wrote: > > Sorry Pavel, > but I need to ask, why a new bus instead of somthing like varlink ? Do you think there is an advantage with varlink over D-Bus as long as we use a private style of communication and use either varlink or D-Bus

[SSSD] Re: [RFC] sbus2 integration

> On 18 May 2018, at 14:33, Pavel Březina wrote: > > Also here is a bonus question - do any of you remember why we use private > server at all? Why don't we connect to system message bus? I do not see any > benefit in having a private server. To expand on what Sumit

[SSSD] Should we close several stalled PRs?

Hi, there are several PRs that were not touched for months. I would like to close them with a friendly message that the reporter can reopen them if they are inclined: https://github.com/SSSD/sssd/pull/175 - Add module for starting services - does not apply anymore. It’s a good effort in

[SSSD] Re: handling whitespaces in netgroup triples

On Sun, May 06, 2018 at 03:31:03PM +0200, Jakub Hrozek wrote: > On Thu, May 03, 2018 at 02:44:40PM +0200, Josef Cejka wrote: > > Hi, > > I have noticed that sssd does not trim whitespaces from strings while > > parsing netgroup triples. Comment inside code explains that it fo

[SSSD] Re: handling whitespaces in netgroup triples

On Thu, May 03, 2018 at 02:44:40PM +0200, Josef Cejka wrote: > Hi, > I have noticed that sssd does not trim whitespaces from strings while > parsing netgroup triples. Comment inside code explains that it follow > the nss_ldap implementation: > > src/db/sysdb_search.c: > 1687 /* This function

[SSSD] Re: Shall we revert test_resp_idle_timeout_shutdown_slow()?

On Fri, May 04, 2018 at 11:42:48AM +0200, Sumit Bose wrote: > On Fri, May 04, 2018 at 11:17:26AM +0200, Fabiano Fidêncio wrote: > > On Fri, May 4, 2018 at 10:20 AM, Sumit Bose wrote: > > > On Fri, May 04, 2018 at 09:57:51AM +0200, Fabiano Fidêncio wrote: > > >> This test was

[SSSD] Re: KCM talking to secrets over REST API (or not)

> On 20 Mar 2018, at 13:51, Simo Sorce <s...@redhat.com> wrote: > > On Tue, 2018-03-20 at 12:54 +0100, Jakub Hrozek wrote: >> Let me bump this thread..see some ideas inline. Thank you for the prompt response. >> >>> On 13 Mar 2018, at 14:07, Jak

[SSSD] Re: KCM talking to secrets over REST API (or not)

Let me bump this thread..see some ideas inline. > On 13 Mar 2018, at 14:07, Jakub Hrozek <jhro...@redhat.com> wrote: > > > >> On 13 Mar 2018, at 13:42, Simo Sorce <s...@redhat.com> wrote: >> >> On Tue, 2018-03-13 at 12:05 +0100, Jakub Hrozek wrote:

[SSSD] Re: Allowing local ssh login when using sssd

> On 20 Mar 2018, at 09:16, Sumit Bose wrote: > > On Mon, Mar 19, 2018 at 04:45:12PM -0700, Richard Sharpe wrote: >> Hi folks, >> >> It seems that once we are joined to a domain, ssh logins with local >> accounts no longer work. When we unjoin from the domain, they start >>

[SSSD] Re: New sbus implementation

> On 14 Feb 2018, at 20:55, Jakub Hrozek <jhro...@redhat.com> wrote: > > On Sat, Feb 03, 2018 at 12:58:26PM +0100, Pavel Březina wrote: >> Hi team, >> as you know, I have been working on this occasionally for a long time now. >> The code can be found at

[SSSD] Re: KCM talking to secrets over REST API (or not)

> On 13 Mar 2018, at 13:42, Simo Sorce <s...@redhat.com> wrote: > > On Tue, 2018-03-13 at 12:05 +0100, Jakub Hrozek wrote: >> Hi, >> >> last week, me, some other SSSD developers and Robbie looked at how the KCM >> server in its current state can

[SSSD] KCM talking to secrets over REST API (or not)

Hi, last week, me, some other SSSD developers and Robbie looked at how the KCM server in its current state can be debugged and what the current issues are. One thing that stood out was that because every Kerberos operation now requires a round-trip between libkrb5 to sssd-kcm and then to

[SSSD] Re: [SSSD-users] Announcing SSSD 1.16.1

> On 9 Mar 2018, at 14:45, Joakim Tjernlund <joakim.tjernl...@infinera.com> > wrote: > > On Fri, 2018-03-09 at 13:28 +0100, Jakub Hrozek wrote: >> CAUTION: This email originated from outside of the organization. Do not >> click links or open attachments u

[SSSD] Announcing SSSD 1.16.1

* DESKPROFILE: Use seteuid()/setegid() to delete the profile/user's dir * DESKPROFILE: Set the profile permissions to read-only * PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc * DESKPROFILE: Document it doesn't work when run as unprivileged user * Hristo Venev (1):

[SSSD] Re: Github labels: Suggestion

> On 8 Mar 2018, at 12:34, Pavel Březina <pbrez...@redhat.com> wrote: > > On 03/08/2018 12:22 PM, Jakub Hrozek wrote: >>> On 8 Mar 2018, at 12:13, Fabiano Fidêncio <fiden...@redhat.com> wrote: >>> >>> On Thu, Mar 8, 2018 at 1

[SSSD] Re: Github labels: Suggestion

> On 8 Mar 2018, at 12:30, Fabiano Fidêncio <fiden...@redhat.com> wrote: > > On Thu, Mar 8, 2018 at 12:22 PM, Jakub Hrozek <jhro...@redhat.com> wrote: >> >> >>> On 8 Mar 2018, at 12:13, Fabiano Fidêncio <fiden...@redhat.com> wrote: >>>

[SSSD] Re: Github labels: Suggestion

> On 8 Mar 2018, at 12:13, Fabiano Fidêncio <fiden...@redhat.com> wrote: > > On Thu, Mar 8, 2018 at 12:00 PM, Jakub Hrozek <jhro...@redhat.com> wrote: >> >> >>> On 8 Mar 2018, at 10:33, Fabiano Fidêncio <fiden...@redhat.com> wrote: >>

[SSSD] Re: Github labels: Suggestion

> On 8 Mar 2018, at 10:33, Fabiano Fidêncio wrote: > > People, > > I've noticed that I'm getting a little bit lost with github and the > way SSSD has its tags organized there. > > As it may actually affect other people (and in case it does not, let's > just skip the

[SSSD] RFC: 1.16.1 release notes

Hi, I would like to release 1.16.1 tomorrow. There is one open ticket still in the milestone, but there is just a minor question in the PR (https://github.com/SSSD/sssd/pull/528) and even if we can’t merge that PR by tomorrow, I think the ticket should not be blocking the release. Is everyone

[SSSD] Re: New sbus implementation

On Sat, Feb 03, 2018 at 12:58:26PM +0100, Pavel Březina wrote: > Hi team, > as you know, I have been working on this occasionally for a long time now. > The code can be found at [1]. > > It is completely new implementation of our internal D-Bus API called sbus. I > took all the good things

[SSSD] Re: Some performance ideas related to running sssd on cluster nodes

On Tue, Feb 06, 2018 at 09:55:00AM +0100, Pavel Březina wrote: > On 02/05/2018 03:38 PM, Jakub Hrozek wrote: > > Hi, > > > > I was helping analyze poor performance and server-side load spikes in an > > environment where cluster nodes running sssd were all boo

[SSSD] Some performance ideas related to running sssd on cluster nodes

Hi, I was helping analyze poor performance and server-side load spikes in an environment where cluster nodes running sssd were all booted up at the same time. It turned out that this meant cache entries were expiring at the same time and also the LDAP connection was expiring and reconnecting at

[SSSD] Re: Is there an alternative other than sss_nss_getsidbyid that can deal with UID == GID?

On Fri, Feb 02, 2018 at 10:07:08AM +0100, Sumit Bose wrote: > As an alternative, but even more complicated you can make the SID > available via D-Bus/InfoPipe and then lookup user and group by ID. > > So it looks like sss_nss_getsidbyuid() and sss_nss_getsidbygid() should > be added to the

[SSSD] Re: Design page: Automatic private group creation for the LDAP provider

On Sat, Oct 21, 2017 at 11:30:16PM +0200, Jakub Hrozek wrote: > On Tue, Oct 10, 2017 at 09:42:16PM +0200, Jakub Hrozek wrote: > > Hi, > > > > I wrote a design page about exposing the functionality that creates the > > user private groups based on the user ent

[SSSD] Re: Every PR should come with a test.

On Wed, Jan 10, 2018 at 02:51:26PM +0100, Fabiano Fidêncio wrote: > On Wed, Jan 10, 2018 at 2:28 PM, Jakub Hrozek <jhro...@redhat.com> wrote: > > > On Wed, Jan 10, 2018 at 10:52:56AM +0100, Sumit Bose wrote: > > > On Wed, Jan 10, 2018 at 10:04:49AM +0100, Fabiano Fid

[SSSD] Re: Every PR should come with a test.

On Wed, Jan 10, 2018 at 10:52:56AM +0100, Sumit Bose wrote: > On Wed, Jan 10, 2018 at 10:04:49AM +0100, Fabiano Fidêncio wrote: > > People, > > > > Ideally every PR should come with a test (unit, integration, ...), but > > unfortunately we're a little bit far from the ideal situation. Thus, I'd >

[SSSD] Re: Requesting help with files provider ticket 3402 implementation

On Wed, Dec 20, 2017 at 10:47:38AM -0500, Justin Stephenson wrote: > Hello, > > I have been working on this ticket[1] to allow selection of file paths for > alternate passwd and group files to be used with the files provider. > > First, just to make sure I am not completely on the wrong track I

[SSSD] Re: RFC: SSSD 1.16.1 release contents

On Fri, Dec 08, 2017 at 02:14:53PM +0200, Timo Aaltonen wrote: > On 07.12.2017 22:07, Jakub Hrozek wrote: > > Hi Timo, Howard and sssd-devel list, > > > > Per Timo’s request (which makes sense also in general as we didn’t release > > for some time), we’d like to

[SSSD] Re: Design document: A tool to print access control report for IPA clients

On Tue, Oct 31, 2017 at 12:48:42PM +0100, Jakub Hrozek wrote: > OK, this is another possibility. I guess this would amount to creating > a new DP method to fetch the rules and calling it from IFP? Anything else? > > I also wonder about IFP access control in this respect. By def

[SSSD] Re: [sssd PR#466][+Accepted] IPA: Include SYSDB_OBJECTCATEGORY, not OBJECTCLASS in cache search results

Maybe I forgot to say that the issue reproduced only on the server Sent from my iPhone > On 8 Dec 2017, at 09:29, fidencio > wrote: > > URL: https://github.com/SSSD/sssd/pull/466 > Title: #466: IPA: Include SYSDB_OBJECTCATEGORY, not OBJECTCLASS in

[SSSD] Re: RFC: SSSD 1.16.1 release contents

> On 7 Dec 2017, at 21:07, Jakub Hrozek <jhro...@redhat.com> wrote: > > btw the plan for us is to triage the (ridiculously long) 1.16.1 milestone by > the beginning “…by the beginning of next week”. ___ sssd-devel mailing

[SSSD] SSSD 2.0 and breaking compatibility

Hi Timo, Howard and sssd-devel list, Over time, there has been a lot of functionality, but also a bit of cruft accumulated in SSSD. We’ve been discussing removing some old code for some time with the other RH developers and we’d like to propose that the next .0 is the one that breaks the

[SSSD] Design document: Using the Global Catalog to speed up lookups by ID

ber that since Fedora-26, all SSSD installations automatically enable the ``files`` provider) must see no regressions. Authors --- * Jakub Hrozek ``<jhro...@redhat.com>`` ___ sssd-devel mailing list -- sssd-devel@lists.fedoraho

[SSSD] Re: Design document: Smartcard authentication - Multiple Certificates on a Smartcard

On Tue, Oct 31, 2017 at 08:24:48PM +0100, Sumit Bose wrote: > Hi, > > please find below the design page for the missing part of > https://pagure.io/SSSD/sssd/issue/3050, letting the user select a > certificate on the Smartcard at login time. Since the ticket is already > closed I opened

[SSSD] Re: Design document: A tool to print access control report for IPA clients

On Tue, Oct 31, 2017 at 10:35:44AM +0100, Pavel Březina wrote: > On 10/30/2017 02:37 PM, Jakub Hrozek wrote: > > On Mon, Oct 30, 2017 at 11:12:18AM +0100, Pavel Březina wrote: > > > On 10/24/2017 05:36 PM, Jakub Hrozek wrote: > > > > Hi, > > > > > &

[SSSD] Re: Design document: A tool to print access control report for IPA clients

On Mon, Oct 30, 2017 at 11:12:18AM +0100, Pavel Březina wrote: > On 10/24/2017 05:36 PM, Jakub Hrozek wrote: > > Hi, > > > > below is a short design page about a new sssctl command that prints the > > IPA HBAC rules cached on an IPA client. If there are no comments,

[SSSD] Re: Design document: Enhanced NSS API

On Wed, Oct 25, 2017 at 05:39:21PM +0200, Sumit Bose wrote: > Hi, > > please find below the design document for the enhanced NSS API which > makes e.g. the client side timeouts which where recently refactored > available to callers. > > A more visual friendly version can be found at: >

[SSSD] Re: [Freeipa-interest] Announcing SSSD 1.16.0

On Wed, Oct 25, 2017 at 02:06:08PM +0200, Michael Ströder wrote: > Lukas Slebodnik wrote: > > On (25/10/17 13:07), Michael Ströder wrote: > >> Which versions of XML/XSLT/docbook packages are you using? > > > > docbook-style-xsl-1.79.2-5 > > > > But it might work on fedora due to following patch

[SSSD] Re: [Freeipa-interest] Announcing SSSD 1.16.0

On Mon, Oct 23, 2017 at 09:33:11PM +0200, Michael Ströder wrote: > Jakub Hrozek wrote: > > On Mon, Oct 23, 2017 at 09:19:21PM +0200, Michael Ströder wrote: > >> Jakub Hrozek wrote: > >>> On Mon, Oct 23, 2017 at 08:46:08PM +0200, Michael Ströder wrote: > >&g

[SSSD] Design document: A tool to print access control report for IPA clients

the desired results. How To Debug Debug messages will be added to the tool itself. To compare the output with the cache contents, the ``ldbsearch`` tool can be used. The ``ipa`` administration tool can be used to display the server-side HBAC rules. Authors --- * Jakub Hrozek

[SSSD] Re: [Freeipa-interest] Announcing SSSD 1.16.0

On Mon, Oct 23, 2017 at 09:19:21PM +0200, Michael Ströder wrote: > Jakub Hrozek wrote: > > On Mon, Oct 23, 2017 at 08:46:08PM +0200, Michael Ströder wrote: > >> Has anything changed with building the man pages? > >> > >> I'm asking because I now get formatt

[SSSD] Re: [Freeipa-interest] Announcing SSSD 1.16.0

On Mon, Oct 23, 2017 at 08:46:08PM +0200, Michael Ströder wrote: > HI! > > Has anything changed with building the man pages? > > I'm asking because I now get formatting markup in the output of man (see > below). No, not that I'm aware of. You render the man pages locally, right, because the

[SSSD] Re: Design page: Automatic private group creation for the LDAP provider

On Tue, Oct 10, 2017 at 09:42:16PM +0200, Jakub Hrozek wrote: > Hi, > > I wrote a design page about exposing the functionality that creates the > user private groups based on the user entry only: > > https://pagure.io/fork/jhrozek/SSSD/docs/blob/mpg/f/design_pages/auto_

[SSSD] Re: RFC: 1.16.0 release notes

On Fri, Oct 20, 2017 at 04:51:54PM +0200, Lukas Slebodnik wrote: > >Performance enhancements > > > > * Several attributes in the SSSD cache that are quite often used during > > cache searches were not indexed. This release adds the missing indices, > > which improves

[SSSD] Re: RFC: 1.16.0 release notes

On Fri, Oct 20, 2017 at 04:56:51PM +0200, Lukas Slebodnik wrote: > On (19/10/17 23:00), Jakub Hrozek wrote: > >Hi, > > > >below are the 1.16.0 release notes in the RST format. Please feel free to > >provide feedback. > > > >SSSD 1.16.0 > >===

[SSSD] Announcing SSSD 1.16.0

ssctl_attr_fn functions * TESTS: Fix "-Wshadow" caught by GCC * RESPONDER: Fix "-Wold-style-definition" caught by GCC * PAM: Avoid overwriting pam_status in _lookup_by_cert_done() * DP: Fix the output type used in dp_req_recv_ptr() * DP: Log to syslo

[SSSD] RFC: 1.16.0 release notes

Hi, below are the 1.16.0 release notes in the RST format. Please feel free to provide feedback. SSSD 1.16.0 === Highlights -- Security fixes ^^ * This release fixes CVE-2017-12173: Unsanitized input when searching in local cache database. SSSD stores its cached

[SSSD] Re: Which tickets do we need to close before the release of the next upstream version?

On Mon, Oct 16, 2017 at 01:08:32PM +0200, Jakub Hrozek wrote: > > - https://pagure.io/SSSD/sssd/issue/2653 - Group renaming issue when > > "id_provider = ldap" is set. > > - there is a PR already and a test, let's review both > > Although there's a PR and a

[SSSD] Re: Which tickets do we need to close before the release of the next upstream version?

On Mon, Oct 16, 2017 at 01:08:32PM +0200, Jakub Hrozek wrote: > > There are a few other PRs that would be nice to have merged in the tarball: > > - https://pagure.io/SSSD/sssd/pull-request/3320 > >What's the status of this one? Is it planned to be part of 1.16? > >

[SSSD] Re: Which tickets do we need to close before the release of the next upstream version?

On Mon, Oct 16, 2017 at 08:49:14AM +, Fabiano Fidêncio wrote: > On Thu, Oct 12, 2017 at 4:01 PM, Fabiano Fidêncio <fiden...@redhat.com> wrote: > > On Wed, Oct 11, 2017 at 5:29 PM, Jakub Hrozek <jhro...@redhat.com> wrote: > >> Hi, > >> > >> Be

[SSSD] Which tickets do we need to close before the release of the next upstream version?

Hi, Because of downstream deadline, we need to release the next SSSD tarball by the end of next week, or on the beginning of the next one at latest. And the 1.16.0 milestone is still really big and there are still tickets in 1.15.4, so I'm trying to trim 1.16.0 and merge it with 1.15.4, because

[SSSD] Design page: Automatic private group creation for the LDAP provider

d as well as the ``SYSDB_PRIMARY_GROUP_GIDNUM`` attribute. Authors --- * Jakub Hrozek <jhro...@redhat.com> ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: PRs priorities for this release

> On 25 Sep 2017, at 22:40, Jakub Hrozek <jhro...@redhat.com> wrote: > >> - TEST: Adding krb5-libs to dependencies >> (https://github.com/SSSD/sssd/pull/218) >> This PR has been stalled since celestian left the project. It's >> something good to have bu

[SSSD] Re: PRs priorities for this release

> On 22 Sep 2017, at 11:10, Sumit Bose wrote: > >> - Add support for ActiveDirectory's logonHorous restrictions >> (https://github.com/SSSD/sssd/pull/269) >> This PR comes from an external contributor and as far as I >> understood there's still some work to be done. So,

[SSSD] Re: PRs priorities for this release

> On 21 Sep 2017, at 23:23, Fabiano Fidêncio wrote: > > People, > > We have 27 PRs opened by the moment I'm writing this email and I'd > like to have a clear idea which ones are the *must* have for our next > release. I think it should be notes that we’re trying to get

[SSSD] Re: kinit on IPA server does not exclusively talk to local KDC

On Thu, Sep 21, 2017 at 01:30:17PM +0200, Lukas Slebodnik wrote: > On (21/09/17 13:22), Jakub Hrozek wrote: > >clients. But I thought krb5.conf should also contain only the local > >master..does the config file in the issue you saw contain something > >else? > > > &

[SSSD] Re: 1.13.5 release?

On Thu, Sep 21, 2017 at 02:20:46PM +0300, Timo Aaltonen wrote: > On 21.09.2017 14:16, Jakub Hrozek wrote: > > On Thu, Sep 21, 2017 at 01:04:04PM +0200, Lukas Slebodnik wrote: > >> On (19/09/17 20:50), Jakub Hrozek wrote: > >>> Hi, > >>> > >

  1   2   3   4   5   6   7   8   9   10   >