[SSSD] Re: [PATCH] cache_req: do not lookup views if possible

2016-01-28 Thread Jakub Hrozek
On Wed, Jan 20, 2016 at 12:25:58PM +0100, Pavel Březina wrote: > Ok, patches are attached. Sorry for the delay in reviewing. ACK to both. CI: http://sssd-ci.duckdns.org/logs/job/36/73/summary.html ___ sssd-devel mailing list sssd-devel@lists.fedorahost

[SSSD] Re: [PATCH] NSS: Fix memory leak netgroup

2016-01-28 Thread Jakub Hrozek
On Mon, Jan 25, 2016 at 08:54:53PM +0100, Jakub Hrozek wrote: > On Mon, Jan 25, 2016 at 05:16:37PM +0100, Pavel Reichl wrote: > > Hello, > > > > attached patch does not seem to suffer from these errors any more. > > > > Shall I ask user who reported the bug

[SSSD] Re: SPEC: Use systemd macros

2016-01-28 Thread Jakub Hrozek
On Thu, Jan 28, 2016 at 09:44:47AM +0100, Lukas Slebodnik wrote: > ehlo, > > Similar patch is already in fedora > and was provided by systemd experts :-) > > LS CI: http://sssd-ci.duckdns.org/logs/job/36/72/summary.html ACK ___ sssd-devel mailing list

[SSSD] Re: Configuring tlog from SSSD

2016-01-27 Thread Jakub Hrozek
On Wed, Jan 27, 2016 at 05:28:25PM +0200, Nikolai Kondrashov wrote: > On 01/27/2016 04:44 PM, Jakub Hrozek wrote: > >On Wed, Jan 27, 2016 at 03:59:10PM +0200, Nikolai Kondrashov wrote: > >>I guess some options would need to be configurable only globally, e.g. the > >>

[SSSD] Re: Configuring tlog from SSSD

2016-01-27 Thread Jakub Hrozek
On Wed, Jan 27, 2016 at 03:59:10PM +0200, Nikolai Kondrashov wrote: > On 01/27/2016 03:29 PM, Jakub Hrozek wrote: > >On Wed, Jan 27, 2016 at 01:18:16PM +0200, Nikolai Kondrashov wrote: > >>Hi everyone, > >> > >>I'm starting implementing tlog [1] configurat

[SSSD] Re: Configuring tlog from SSSD

2016-01-27 Thread Jakub Hrozek
On Wed, Jan 27, 2016 at 01:18:16PM +0200, Nikolai Kondrashov wrote: > Hi everyone, > > I'm starting implementing tlog [1] configuration interfaces and would like > to know what you'd like to use best in SSSD. > > Among tlog parameters are: > > Path to the shell to start > The text for th

[SSSD] Re: [PATCH] NSS: Fix memory leak netgroup

2016-01-25 Thread Jakub Hrozek
On Mon, Jan 25, 2016 at 05:16:37PM +0100, Pavel Reichl wrote: > Hello, > > attached patch does not seem to suffer from these errors any more. > > Shall I ask user who reported the bug If he is willing to test this new > version of the patch? IIRC he needs more then a week for a testing to be >

[SSSD] Re: [PATCH] NSS: disable midpoint refresh for netgroups if ptask refresh, is enabled

2016-01-21 Thread Jakub Hrozek
On Thu, Jan 21, 2016 at 02:55:51PM +0100, Lukas Slebodnik wrote: > On (20/01/16 11:09), Pavel Březina wrote: > >On 01/19/2016 02:20 PM, Michal Židek wrote: > >>On 01/19/2016 02:07 PM, Pavel Březina wrote: > >>>On 01/19/2016 01:13 PM, Michal Židek wrote: > On 01/19/2016 12:28 PM, Pavel Březina w

[SSSD] Re: [PATCH] cache_req: do not lookup views if possible

2016-01-20 Thread Jakub Hrozek
On Wed, Jan 20, 2016 at 11:47:53AM +0100, Pavel Březina wrote: > On 01/20/2016 11:31 AM, Jakub Hrozek wrote: > >On Thu, Jan 07, 2016 at 04:08:48PM +0100, Pavel Březina wrote: > >>https://fedorahosted.org/sssd/ticket/2849 > >> > >>You can use Pavel's CI &qu

[SSSD] Re: [PATCH] cache_req: do not lookup views if possible

2016-01-20 Thread Jakub Hrozek
On Thu, Jan 07, 2016 at 04:08:48PM +0100, Pavel Březina wrote: > https://fedorahosted.org/sssd/ticket/2849 > > You can use Pavel's CI "intg - test regr 2849" test which he posted to the > list today. > From c78ae1b550794548518a083870443b29fa5d12bf Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Pavel=

[SSSD] Re: [PATCH] p11: add gnome-screensaver to list of allowed services

2016-01-20 Thread Jakub Hrozek
On Wed, Jan 20, 2016 at 09:18:32AM +0100, Jakub Hrozek wrote: > On Wed, Jan 20, 2016 at 09:01:35AM +0100, Lukas Slebodnik wrote: > > On (19/01/16 21:28), Jakub Hrozek wrote: > > >On Thu, Jan 14, 2016 at 01:32:02PM +0100, Sumit Bose wrote: > > >> On Thu, Jan 14, 2

[SSSD] Re: [PATCH] p11: add gnome-screensaver to list of allowed services

2016-01-20 Thread Jakub Hrozek
On Wed, Jan 20, 2016 at 09:01:35AM +0100, Lukas Slebodnik wrote: > On (19/01/16 21:28), Jakub Hrozek wrote: > >On Thu, Jan 14, 2016 at 01:32:02PM +0100, Sumit Bose wrote: > >> On Thu, Jan 14, 2016 at 01:09:39PM +0100, Lukas Slebodnik wrote: > >> > On (14/01/16 11:53)

[SSSD] Re: [PATCH] p11: add gnome-screensaver to list of allowed services

2016-01-19 Thread Jakub Hrozek
On Thu, Jan 14, 2016 at 01:32:02PM +0100, Sumit Bose wrote: > On Thu, Jan 14, 2016 at 01:09:39PM +0100, Lukas Slebodnik wrote: > > On (14/01/16 11:53), Sumit Bose wrote: > > >Hi, > > > > > >this simple patch aims to fix https://fedorahosted.org/sssd/ticket/2925 > > >which is needed for older platfo

[SSSD] Re: [PATCH] SDAP_ASYNC: Avoid useless debug message

2016-01-19 Thread Jakub Hrozek
On Tue, Jan 19, 2016 at 04:29:05PM +0100, Michal Židek wrote: > The patch silences the syslog message (thx Jakub for giving access > testing machine). > Code looks good to me. > > CI passed: > http://sssd-ci.duckdns.org/logs/job/35/75/summary.html > > ACK. * master: 95c132e1a8c6bbab4be8b3a340333

[SSSD] Re: [PATCH] sdap_connect_send: fail if uri or sockaddr is NULL

2016-01-19 Thread Jakub Hrozek
On Tue, Jan 19, 2016 at 03:02:10PM +0100, Michal Židek wrote: > On 01/19/2016 01:38 PM, Pavel Březina wrote: > >https://fedorahosted.org/sssd/ticket/2904 > > > >Unfortunately, I wasn't able to reproduce the issue and neither the > >reporter can reproduce it anymore and we can't known exactly why we

[SSSD] Re: [PATCHES] AD: add task to renew the machine account password if needed

2016-01-19 Thread Jakub Hrozek
On Tue, Jan 19, 2016 at 04:55:54PM +0100, Jakub Hrozek wrote: > On Tue, Jan 19, 2016 at 03:15:01PM +0100, Sumit Bose wrote: > > On Mon, Jan 18, 2016 at 04:48:40PM +0100, Jakub Hrozek wrote: > > > On Mon, Jan 18, 2016 at 01:53:27PM +0100, Sumit Bose wrote: > > > >

[SSSD] Re: [PATCHES] Support IPA sudo schema

2016-01-19 Thread Jakub Hrozek
On Tue, Jan 19, 2016 at 02:13:14PM +0100, Lukas Slebodnik wrote: > I would like to appologize for confusion the latest patches > works fine for local{user,group} > > There is only issue with hostmask but we do not pland to add support now. > > +1 > tested by: LS (I didn't read patches) Thank you

[SSSD] Re: [PATCHES] AD: add task to renew the machine account password if needed

2016-01-19 Thread Jakub Hrozek
On Tue, Jan 19, 2016 at 03:15:01PM +0100, Sumit Bose wrote: > On Mon, Jan 18, 2016 at 04:48:40PM +0100, Jakub Hrozek wrote: > > On Mon, Jan 18, 2016 at 01:53:27PM +0100, Sumit Bose wrote: > > > Thank you for the review. New version attached. > > > > > > bye,

[SSSD] Re: [PATCH] SDAP_ASYNC: Avoid useless debug message

2016-01-19 Thread Jakub Hrozek
On Mon, Jan 18, 2016 at 06:38:33PM +0100, Jakub Hrozek wrote: > On Tue, Jan 12, 2016 at 10:30:29AM +0100, Petr Cech wrote: > > On 01/06/2016 02:19 PM, Jakub Hrozek wrote: > > >On Wed, Jan 06, 2016 at 11:03:45AM +0100, Sumit Bose wrote: > > >>On Wed, Jan 06, 2016 at 1

[SSSD] Re: [PATCH] SDAP_ASYNC: Avoid useless debug message

2016-01-18 Thread Jakub Hrozek
On Tue, Jan 12, 2016 at 10:30:29AM +0100, Petr Cech wrote: > On 01/06/2016 02:19 PM, Jakub Hrozek wrote: > >On Wed, Jan 06, 2016 at 11:03:45AM +0100, Sumit Bose wrote: > >>On Wed, Jan 06, 2016 at 10:47:13AM +0100, Pavel Březina wrote: > >>>On 01/05/2016 05:33 PM, Ja

[SSSD] Re: [PATCHES] AD: add task to renew the machine account password if needed

2016-01-18 Thread Jakub Hrozek
On Mon, Jan 18, 2016 at 01:53:27PM +0100, Sumit Bose wrote: > Thank you for the review. New version attached. > > bye, > Sumit Thank you, the patch now look good to me and seem to work well. I see this message in adcli output: ! Couldn't set userAccountControl on computer account: CN=ADCLIEN

[SSSD] Re: [PATCHES] Support IPA sudo schema

2016-01-18 Thread Jakub Hrozek
On Mon, Jan 18, 2016 at 10:03:30AM +0100, Pavel Březina wrote: > On 01/15/2016 04:31 PM, Lukas Slebodnik wrote: > >On (15/01/16 15:06), Sumit Bose wrote: > >>On Fri, Jan 15, 2016 at 02:26:48PM +0100, Lukas Slebodnik wrote: > >>>On (15/01/16 10:21), Pavel Březina wrote: > On 01/14/2016 06:37 PM,

[SSSD] Re: [PATCHES] AD: add task to renew the machine account password if needed

2016-01-15 Thread Jakub Hrozek
> On Fri, Jan 15, 2016 at 10:44:44AM +0100, Sumit Bose wrote: > > +renewal_data->ad_keytab = talloc_strdup(renewal_data, > > +dp_opt_get_string(opts, > > AD_KEYTAB)); Looks like the default ad provider configuration doesn't set the AD_KEYTAB option

[SSSD] Re: [PATCH] SPEC: Fix unowned directories

2016-01-15 Thread Jakub Hrozek
On Thu, Jan 14, 2016 at 11:33:41AM +0100, Lukas Slebodnik wrote: > On (14/01/16 11:22), Lukas Slebodnik wrote: > >On (14/01/16 11:16), Jakub Hrozek wrote: > >>On Tue, Jan 12, 2016 at 04:27:16PM +0100, Lukas Slebodnik wrote: > >>> On (12/01/16 10:38), Jakub Hrozek wrot

[SSSD] Re: [PATCHES] AD: add task to renew the machine account password if needed

2016-01-15 Thread Jakub Hrozek
On Fri, Jan 15, 2016 at 10:44:44AM +0100, Sumit Bose wrote: > On Thu, Jan 14, 2016 at 05:54:06PM +0100, Sumit Bose wrote: > > Hi, > > > > this patch adds a task to the AD provider which calls adcli on a regular > > basis to update the machine account password if needed. adcli supports > > this fun

[SSSD] Re: [PATCHES] AD: add task to renew the machine account password if needed

2016-01-15 Thread Jakub Hrozek
On Fri, Jan 15, 2016 at 12:35:50PM +0100, Sumit Bose wrote: > On Fri, Jan 15, 2016 at 11:45:59AM +0100, Jakub Hrozek wrote: > > On Fri, Jan 15, 2016 at 10:44:44AM +0100, Sumit Bose wrote: > > > On Thu, Jan 14, 2016 at 05:54:06PM +0100, Sumit Bose wrote: > > > > Hi, &g

[SSSD] Re: [PATCHES] AD: add task to renew the machine account password if needed

2016-01-15 Thread Jakub Hrozek
On Fri, Jan 15, 2016 at 10:44:44AM +0100, Sumit Bose wrote: > On Thu, Jan 14, 2016 at 05:54:06PM +0100, Sumit Bose wrote: > > Hi, > > > > this patch adds a task to the AD provider which calls adcli on a regular > > basis to update the machine account password if needed. adcli supports > > this fun

[SSSD] Re: [PATCH] KRB5: Adding DNS SRV lookup for krb5 provider

2016-01-14 Thread Jakub Hrozek
On Thu, Jan 14, 2016 at 10:47:32AM +0100, Jakub Hrozek wrote: > On Mon, Jan 11, 2016 at 02:55:57PM +0100, Petr Cech wrote: > > On 01/11/2016 02:03 PM, Pavel Březina wrote: > > >On 01/11/2016 12:43 PM, Petr Cech wrote: > > >Hi, > > >I believe the code belongs to

[SSSD] Re: [PATCH] SDAP: handle ret properly in ldap_get_options()

2016-01-14 Thread Jakub Hrozek
On Thu, Jan 14, 2016 at 11:34:06AM +0100, Jakub Hrozek wrote: > On Wed, Jan 13, 2016 at 11:59:45AM +0100, Pavel Březina wrote: > > Just found this when working on other stuff... > > ACK (Waiting for CI before pushing..) CI: http://sssd-ci.duckdns.org/logs/job/35/55/summar

[SSSD] Re: [PATCH] fix account lockout reporting with the krb5 provider

2016-01-14 Thread Jakub Hrozek
On Thu, Jan 14, 2016 at 12:09:12PM -0500, Simo Sorce wrote: > > OK to push now? > > Yes please :-) > > Simo * master: 19e44537c28f6d5f011cd7ac885c74c1e892605f ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/

[SSSD] Re: [PATCH] fix account lockout reporting with the krb5 provider

2016-01-14 Thread Jakub Hrozek
On Thu, Jan 14, 2016 at 11:03:51AM -0500, Simo Sorce wrote: > On Thu, 2016-01-14 at 12:41 +0100, Jakub Hrozek wrote: > > On Wed, Jan 13, 2016 at 02:56:25PM -0500, Simo Sorce wrote: > > > subj says it all, > > > bug: https://fedorahosted.org/sssd/ticket/2924 > >

[SSSD] Re: [PATCH] fix account lockout reporting with the krb5 provider

2016-01-14 Thread Jakub Hrozek
On Wed, Jan 13, 2016 at 02:56:25PM -0500, Simo Sorce wrote: > subj says it all, > bug: https://fedorahosted.org/sssd/ticket/2924 > > I have compiled and run make check|intgcheck but "not" actively tested > this patch. I did test the patch by crating an account in AD and then ticking the "Account

[SSSD] Re: [PATCH] SDAP: handle ret properly in ldap_get_options()

2016-01-14 Thread Jakub Hrozek
On Wed, Jan 13, 2016 at 11:59:45AM +0100, Pavel Březina wrote: > Just found this when working on other stuff... ACK (Waiting for CI before pushing..) ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists

[SSSD] Re: [PATCH] SPEC: Move libsss_sudo.so outside sssd-common

2016-01-14 Thread Jakub Hrozek
On Mon, Jan 11, 2016 at 12:22:19PM +0100, Lukas Slebodnik wrote: > On (11/01/16 10:26), Jakub Hrozek wrote: > >On Wed, Jan 06, 2016 at 04:48:00PM +0100, Lukas Slebodnik wrote: > >> ehlo, > >> > >> This change is required to reduce dependency tree in clie

[SSSD] Re: [PATCH] SPEC: Fix unowned directories

2016-01-14 Thread Jakub Hrozek
On Tue, Jan 12, 2016 at 04:27:16PM +0100, Lukas Slebodnik wrote: > On (12/01/16 10:38), Jakub Hrozek wrote: > >On Mon, Jan 11, 2016 at 11:49:45AM +0100, Lukas Slebodnik wrote: > >> On (11/01/16 10:29), Jakub Hrozek wrote: > >> >On Fri, Jan 08, 2016 at 09:29:57A

[SSSD] Re: [PATCH] KRB5: Adding DNS SRV lookup for krb5 provider

2016-01-14 Thread Jakub Hrozek
On Mon, Jan 11, 2016 at 02:55:57PM +0100, Petr Cech wrote: > On 01/11/2016 02:03 PM, Pavel Březina wrote: > >On 01/11/2016 12:43 PM, Petr Cech wrote: > >Hi, > >I believe the code belongs to sssm_krb5_auth_init. > > Right, it is working the same way. I moved DNS SRV Lookup adding into > sssm_krb5_a

[SSSD] Re: [PATCH] DP: Print warning when the handler is not configured

2016-01-12 Thread Jakub Hrozek
On Tue, Jan 12, 2016 at 10:14:42AM +0100, Jakub Hrozek wrote: > Hi, > > the attached patch fixes a bug spotted by Lukas. * master: c42bd764452ecda95b7d8d3ce027c70b4ad5982c ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.

[SSSD] Re: [PATCH] Make responder connectin code more generic

2016-01-12 Thread Jakub Hrozek
On Mon, Jan 11, 2016 at 01:39:33PM -0500, Simo Sorce wrote: > The following 2 patches change the connection setup code to be more > flexible. > > They are the groundwork to add a new secrets[1] responder that uses a > REST API over a unix socket and therefore requires a different protocol > handle

[SSSD] Re: [PATCH] SPEC: Change package ownership of %{pubconfpath}/krb5.include.d

2016-01-12 Thread Jakub Hrozek
On Tue, Jan 12, 2016 at 01:44:24PM +0100, Lukas Slebodnik wrote: > On (12/01/16 13:36), Jakub Hrozek wrote: > >On Thu, Jan 07, 2016 at 11:17:54AM +0100, Jakub Hrozek wrote: > >> This looks like a bug, when I install from source, the directory is > >> owned by sssd.

[SSSD] Re: [PATCH] SPEC: Change package ownership of %{pubconfpath}/krb5.include.d

2016-01-12 Thread Jakub Hrozek
On Thu, Jan 07, 2016 at 11:17:54AM +0100, Jakub Hrozek wrote: > This looks like a bug, when I install from source, the directory is > owned by sssd.sssd. > > btw when I tested this, I think I found another issue -- we try to bump > the mtime of /etc/krb5.conf, but since the file i

[SSSD] Re: [PATCH] SPEC: Fix unowned directories

2016-01-12 Thread Jakub Hrozek
On Mon, Jan 11, 2016 at 11:49:45AM +0100, Lukas Slebodnik wrote: > On (11/01/16 10:29), Jakub Hrozek wrote: > >On Fri, Jan 08, 2016 at 09:29:57AM +0100, Lukas Slebodnik wrote: > >> ehlo, > >> > >> patch should fix fedora bug 1266940 > >> > &

[SSSD] Re: [PATCH] tests: use unittest.TestCase.assertCountEqual if possible

2016-01-12 Thread Jakub Hrozek
p 17 00:00:00 2001 > >From: Sumit Bose > >Date: Mon, 21 Dec 2015 15:51:09 +0100 > >Subject: [PATCH] ldap: remove originalMeberOf if there is no memberOf > > > Have you sent the correct patch ? > > LS No :-) See the ones in attachment.. >From 7bdeb696c6e3f42624a3b

[SSSD] [PATCH] DP: Print warning when the handler is not configured

2016-01-12 Thread Jakub Hrozek
Hi, the attached patch fixes a bug spotted by Lukas. >From 0e2e48102aec5d7ffb15aeec23830e595bc91961 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 11 Jan 2016 14:56:41 +0100 Subject: [PATCH] DP: Print warning when the handler is not configured We would previously only print the gene

[SSSD] Re: [PATCH] tests: use unittest.TestCase.assertCountEqual if possible

2016-01-12 Thread Jakub Hrozek
On Thu, Dec 10, 2015 at 01:44:26PM +0100, Lukas Slebodnik wrote: > On (10/12/15 13:36), Petr Cech wrote: > >On 12/10/2015 01:27 PM, Lukas Slebodnik wrote: > >>On (10/12/15 12:54), Petr Cech wrote: > >>>On 11/23/2015 03:09 PM, Jakub Hrozek wrote: > >>>

[SSSD] Re: [PATCH] ldap: remove originalMeberOf if there is no memberOf

2016-01-12 Thread Jakub Hrozek
On Mon, Jan 11, 2016 at 11:39:06AM +0100, Jakub Hrozek wrote: > On Thu, Jan 07, 2016 at 06:54:32PM +0100, Sumit Bose wrote: > > Hi, > > > > this patch should solve https://fedorahosted.org/sssd/ticket/2917 by > > properly removing originalMemberOf if there is no m

[SSSD] Re: [PATCH] Reduce the code duplication in Data Provider

2016-01-11 Thread Jakub Hrozek
On Mon, Jan 11, 2016 at 02:58:59PM +0100, Lukas Slebodnik wrote: > On (11/01/16 14:19), Jakub Hrozek wrote: > >On Mon, Jan 11, 2016 at 02:07:22PM +0100, Pavel Březina wrote: > >> On 01/08/2016 06:16 PM, Lukas Slebodnik wrote: > >> >On (10/12/15 10:59), Jakub Hroze

[SSSD] Re: [PATCH] SPEC: Move libsss_sudo.so outside sssd-common

2016-01-11 Thread Jakub Hrozek
On Mon, Jan 11, 2016 at 02:51:24PM +0100, Lukas Slebodnik wrote: > On (11/01/16 12:53), Jakub Hrozek wrote: > >On Mon, Jan 11, 2016 at 12:22:19PM +0100, Lukas Slebodnik wrote: > >> On (11/01/16 10:26), Jakub Hrozek wrote: > >> >On Wed, Jan 06, 2016 at 04:48:00P

[SSSD] Re: [DESIGN] ID mapping - Automatically assign new slices for any AD domain

2016-01-11 Thread Jakub Hrozek
On Mon, Jan 11, 2016 at 02:09:48PM +0100, Sumit Bose wrote: > On Mon, Jan 11, 2016 at 01:03:33PM +0100, Pavel Reichl wrote: > > Hello Sumit, thanks for comments and sorry for my delayed response, I'm > > addressing the issues right now, in this mail I just want quickly discuss > > the concern you

[SSSD] Re: [PATCH] Reduce the code duplication in Data Provider

2016-01-11 Thread Jakub Hrozek
On Mon, Jan 11, 2016 at 02:07:22PM +0100, Pavel Březina wrote: > On 01/08/2016 06:16 PM, Lukas Slebodnik wrote: > >On (10/12/15 10:59), Jakub Hrozek wrote: > >>On Wed, Dec 09, 2015 at 01:10:58PM +0100, Lukas Slebodnik wrote: > >>>On (04/12/15 16:42), Jakub Hrozek wro

[SSSD] Re: [PATCH] SPEC: Move libsss_sudo.so outside sssd-common

2016-01-11 Thread Jakub Hrozek
On Mon, Jan 11, 2016 at 12:22:19PM +0100, Lukas Slebodnik wrote: > On (11/01/16 10:26), Jakub Hrozek wrote: > >On Wed, Jan 06, 2016 at 04:48:00PM +0100, Lukas Slebodnik wrote: > >> ehlo, > >> > >> This change is required to reduce dependency tree in clie

[SSSD] Re: [PATCH] ldap: remove originalMeberOf if there is no memberOf

2016-01-11 Thread Jakub Hrozek
On Thu, Jan 07, 2016 at 06:54:32PM +0100, Sumit Bose wrote: > Hi, > > this patch should solve https://fedorahosted.org/sssd/ticket/2917 by > properly removing originalMemberOf if there is no memberOf in the > original object anymore. > > bye, > Sumit ACK good catch with the "+2" when allocating

[SSSD] Re: [PATCH] SPEC: Change package ownership of %{pubconfpath}/krb5.include.d

2016-01-11 Thread Jakub Hrozek
On Mon, Jan 11, 2016 at 11:13:22AM +0100, Jakub Hrozek wrote: > On Mon, Jan 11, 2016 at 10:36:33AM +0100, Jakub Hrozek wrote: > > On Fri, Jan 08, 2016 at 05:07:28PM +0100, Lukas Slebodnik wrote: > > > On (08/01/16 16:53), Jakub Hrozek wrote: > > > >On Fri, Jan 08, 2

[SSSD] Re: [PATCH] AD SRV: prefer site-local DCs in LDAP ping

2016-01-11 Thread Jakub Hrozek
On Mon, Jan 11, 2016 at 10:38:20AM +0100, Jakub Hrozek wrote: > On Wed, Jan 06, 2016 at 10:39:32AM +0100, Pavel Březina wrote: > > On 01/06/2016 05:41 AM, Jakub Hrozek wrote: > > >On Tue, Jan 05, 2016 at 01:46:52PM +0100, Pavel Březina wrote: > > >>https://fed

[SSSD] The mirror at https://github.com/SSSD/sssd is now automatically updated

2016-01-11 Thread Jakub Hrozek
Hi, with the help of Patrick from the Fedora Infra team, our github repo: https://github.com/SSSD/sssd is now receiving automatic updates after patches are pushed to the fedorahosted.org repo. Since the push is implemented as a git hook which pushes with "--force --mirror", you'll see a messa

[SSSD] Re: [PATCH] SPEC: Change package ownership of %{pubconfpath}/krb5.include.d

2016-01-11 Thread Jakub Hrozek
On Mon, Jan 11, 2016 at 10:36:33AM +0100, Jakub Hrozek wrote: > On Fri, Jan 08, 2016 at 05:07:28PM +0100, Lukas Slebodnik wrote: > > On (08/01/16 16:53), Jakub Hrozek wrote: > > >On Fri, Jan 08, 2016 at 12:16:51PM +0100, Lukas Slebodnik wrote: > > >> I thought a lit

[SSSD] Re: [PATCH] AD SRV: prefer site-local DCs in LDAP ping

2016-01-11 Thread Jakub Hrozek
On Wed, Jan 06, 2016 at 10:39:32AM +0100, Pavel Březina wrote: > On 01/06/2016 05:41 AM, Jakub Hrozek wrote: > >On Tue, Jan 05, 2016 at 01:46:52PM +0100, Pavel Březina wrote: > >>https://fedorahosted.org/sssd/ticket/2765 > > > >Hi, > > > >this patch is m

[SSSD] Re: [PATCH] SPEC: Change package ownership of %{pubconfpath}/krb5.include.d

2016-01-11 Thread Jakub Hrozek
On Fri, Jan 08, 2016 at 05:07:28PM +0100, Lukas Slebodnik wrote: > On (08/01/16 16:53), Jakub Hrozek wrote: > >On Fri, Jan 08, 2016 at 12:16:51PM +0100, Lukas Slebodnik wrote: > >> I thought a little bit and it might be better to move this > >> directory into sssd-

[SSSD] Re: [PATCH] SPEC: Fix unowned directories

2016-01-11 Thread Jakub Hrozek
On Fri, Jan 08, 2016 at 09:29:57AM +0100, Lukas Slebodnik wrote: > ehlo, > > patch should fix fedora bug 1266940 > > LS Thanks for the patch, but what other patches should I have in order to apply? Right now I have: a055c02 SPEC: Move libsss_sudo.so outside sssd-common 18d722c SPEC: Change pack

[SSSD] Re: [PATCH] SPEC: Move libsss_sudo.so outside sssd-common

2016-01-11 Thread Jakub Hrozek
On Wed, Jan 06, 2016 at 04:48:00PM +0100, Lukas Slebodnik wrote: > ehlo, > > This change is required to reduce dependency tree in client > container (or on atomic host, ...) > > Patch is attached. > > LS I have some questions.. 1) Why not just move the file ownership to sssd-common? Are you co

[SSSD] Re: [PATCH] SPEC: Change package ownership of %{pubconfpath}/krb5.include.d

2016-01-08 Thread Jakub Hrozek
On Fri, Jan 08, 2016 at 12:16:51PM +0100, Lukas Slebodnik wrote: > On (07/01/16 12:00), Lukas Slebodnik wrote: > >On (07/01/16 11:17), Jakub Hrozek wrote: > >>On Thu, Jan 07, 2016 at 10:27:29AM +0100, Lukas Slebodnik wrote: > >>> On (06/01/16 18:21), Luka

[SSSD] Re: [PATCH] SPEC: Change package ownership of %{pubconfpath}/krb5.include.d

2016-01-07 Thread Jakub Hrozek
On Thu, Jan 07, 2016 at 10:27:29AM +0100, Lukas Slebodnik wrote: > On (06/01/16 18:21), Lukas Slebodnik wrote: > >ehlo, > > > >attached patch should fix warnings with ad provider > >and without installed package sssd-ipa > > > >[sssd[be[domain.com]]] [sss_write_domain_mappings] (0x0200): Mapping fi

[SSSD] Re: [PATCH] SDAP_ASYNC: Avoid useless debug message

2016-01-06 Thread Jakub Hrozek
On Wed, Jan 06, 2016 at 11:03:45AM +0100, Sumit Bose wrote: > On Wed, Jan 06, 2016 at 10:47:13AM +0100, Pavel Březina wrote: > > On 01/05/2016 05:33 PM, Jakub Hrozek wrote: > > >On Tue, Jan 05, 2016 at 02:12:51PM +0100, Pavel Březina wrote: > > >>On 12/14/2015 03:36

[SSSD] Re: [PATCH] AD SRV: prefer site-local DCs in LDAP ping

2016-01-05 Thread Jakub Hrozek
On Tue, Jan 05, 2016 at 01:46:52PM +0100, Pavel Březina wrote: > https://fedorahosted.org/sssd/ticket/2765 Hi, this patch is mostly for cases where the non-site DCs are not reachanle or too far, right? The code looks OK to me, I'm running CI and Coverity now.. ___

[SSSD] Re: [PATCH] sdap_save_grpmem: determine domain by SID if possible

2016-01-05 Thread Jakub Hrozek
On Tue, Jan 05, 2016 at 01:58:42PM +0100, Pavel Březina wrote: > On 01/04/2016 03:36 PM, Sumit Bose wrote: > >Hi, > > > >when processing nested group memberships from multiple domains SSSD > >might try to add a group to a wrong domain which will cause lookup > >errors later because the group cannot

[SSSD] Re: [PATCH] ipa_s2n_save_objects(): use configured user and group timeout

2016-01-05 Thread Jakub Hrozek
On Tue, Jan 05, 2016 at 03:09:02PM +0100, Lukas Slebodnik wrote: > On (05/01/16 14:00), Sumit Bose wrote: > >Hi, > > > >I guess because I was lazy when writing the original patch the cached > >entries for users and groups from trusted domains on IPA clients had a > >hardcoded lifetime of 10h. With

[SSSD] Re: [PATCH] SDAP_ASYNC: Avoid useless debug message

2016-01-05 Thread Jakub Hrozek
On Tue, Jan 05, 2016 at 02:12:51PM +0100, Pavel Březina wrote: > On 12/14/2015 03:36 PM, Petr Cech wrote: > >Hi all, > > > >there is patch for https://fedorahosted.org/sssd/ticket/2791 attached. > > > >Result of patch: > > > >The message: > >Dec 14 14:16:11 vm-058-166 sssd[be[uma.dev]]: dereference

[SSSD] Announcing SSSD 1.13.3

2015-12-15 Thread Jakub Hrozek
an Lavu (1): * Clarify that subdomains always use service discovery Jakub Hrozek (7): * Upgrading the version for the 1.13.3 release * DP: Do not confuse static analysers with dead code * BUILD: Only install polkit rules if the directory is available * IPA: Use search timeout, not enum t

[SSSD] Re: [PATCH] KRB5_CHILD: Debug logs for PAC timeout

2015-12-14 Thread Jakub Hrozek
On Mon, Dec 14, 2015 at 10:36:05AM +0100, Jakub Hrozek wrote: > On Fri, Dec 11, 2015 at 05:02:01PM +0100, Lukas Slebodnik wrote: > > On (11/12/15 15:42), Petr Cech wrote: > > >Hi Lukas, > > > > > >I addressed your comments, see attachment. > > > >

[SSSD] Re: [PATCH] make globals in *_opts.h extern

2015-12-14 Thread Jakub Hrozek
On Mon, Dec 14, 2015 at 12:17:54PM +0100, Jakub Hrozek wrote: > On Mon, Dec 14, 2015 at 12:08:27PM +0100, Jakub Hrozek wrote: > > > I accidentally did not include the first patch, I'm sending it again, five > > > patches now. > > > > > > > Cod

[SSSD] Re: [PATCHES] cleanup task: Expire all memberof targets when removing user

2015-12-14 Thread Jakub Hrozek
On Mon, Dec 14, 2015 at 12:50:14PM +0100, Lukas Slebodnik wrote: > On (03/09/15 10:00), Jakub Hrozek wrote: > >On Tue, Sep 01, 2015 at 03:21:28PM -0400, Pavel Reichl wrote: > >> CI passed: http://sssd-ci.duckdns.org/logs/job/24/24/summary.html > >> > >>

[SSSD] Re: [PATCH] make globals in *_opts.h extern

2015-12-14 Thread Jakub Hrozek
On Mon, Dec 14, 2015 at 12:08:27PM +0100, Jakub Hrozek wrote: > > I accidentally did not include the first patch, I'm sending it again, five > > patches now. > > > > Code-wise ACK, CI is still running.. CI: http://sssd-ci.duckdns.org/logs/job/34/59/summary.html (th

[SSSD] Re: [PATCH] make globals in *_opts.h extern

2015-12-14 Thread Jakub Hrozek
On Mon, Dec 14, 2015 at 11:46:11AM +0100, Pavel Březina wrote: > On 12/14/2015 11:39 AM, Pavel Březina wrote: > >On 12/14/2015 10:43 AM, Jakub Hrozek wrote: > >>On Mon, Dec 07, 2015 at 11:46:38AM +0100, Pavel Březina wrote: > >>>On 12/04/2015 03:51 PM, Jakub Hroz

[SSSD] RFC: sssd 1.13.3 release notes

2015-12-14 Thread Jakub Hrozek
Hi, the release notes for 1.13.3 are ready at: https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3 Please propose edits or just fix the page if something is incorrect or missing.. ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org ht

[SSSD] Re: [PATCH] make globals in *_opts.h extern

2015-12-14 Thread Jakub Hrozek
On Mon, Dec 07, 2015 at 11:46:38AM +0100, Pavel Březina wrote: > On 12/04/2015 03:51 PM, Jakub Hrozek wrote: > >On Thu, Dec 03, 2015 at 12:45:55PM +0100, Pavel Březina wrote: > >>On 12/03/2015 11:48 AM, Jakub Hrozek wrote: > >>>On Wed, Dec 02, 2015 at 11:58:5

[SSSD] Re: [PATCH] KRB5_CHILD: Debug logs for PAC timeout

2015-12-14 Thread Jakub Hrozek
On Fri, Dec 11, 2015 at 05:02:01PM +0100, Lukas Slebodnik wrote: > On (11/12/15 15:42), Petr Cech wrote: > >Hi Lukas, > > > >I addressed your comments, see attachment. > > > >And I did a little investigation---if we use clang-format the ' \' on the end > >of lines are really vanished. It is good ne

[SSSD] Re: [PATCH] DEBUG: Add missing new lines

2015-12-14 Thread Jakub Hrozek
On Fri, Dec 11, 2015 at 05:31:52PM +0100, Petr Cech wrote: > On 12/11/2015 12:47 PM, Lukas Slebodnik wrote: > >ehlo, > > > >I generated patch for master and 1.13 branch > > > >LS > > Hi Lukas, > > thank you for patches, both look good (to me). > There are CI tests: > http://sssd-ci.duckdns.org/lo

[SSSD] Re: [PATCHES] sudo provider improvements

2015-12-11 Thread Jakub Hrozek
On Fri, Dec 11, 2015 at 11:55:04AM +0100, Pavel Březina wrote: > On 12/04/2015 03:51 PM, Lukas Slebodnik wrote: > >>From 38c5524b82d94db68450636020472869dc362070 Mon Sep 17 00:00:00 2001 > >>+if (ret != EOK) { > >>+DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup full refresh ptask " > >>+

[SSSD] Re: [PATCH] KRB5_CHILD: Debug logs for PAC timeout

2015-12-11 Thread Jakub Hrozek
On Fri, Dec 11, 2015 at 12:19:27PM +0100, Petr Cech wrote: > From 45754d761d6b549e4055f8af38a1229ad2689527 Mon Sep 17 00:00:00 2001 > From: Petr Cech > Date: Wed, 9 Dec 2015 08:13:59 -0500 > Subject: [PATCH] KRB5_CHILD: Debug logs for PAC timeout > > This patch adds debug message that inform user

[SSSD] Re: [PATCH] IPA_PROVIDER: Explicit no handle of services

2015-12-11 Thread Jakub Hrozek
On Thu, Dec 10, 2015 at 01:52:48PM +0100, Petr Cech wrote: > Thank you for review. > I prefer one return point per function. > > Petr > > PS: New patch is attached. ACK ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorah

[SSSD] Re: [PATCH] KRB5_CHILD: Debug logs for PAC timeout

2015-12-11 Thread Jakub Hrozek
On Thu, Dec 10, 2015 at 01:39:42PM +0100, Petr Cech wrote: > On 12/10/2015 11:31 AM, Jakub Hrozek wrote: > >On Wed, Dec 09, 2015 at 02:25:06PM +0100, Petr Cech wrote: > >>Hi, > >> > >>simple patch is attached. > >> > >>Regards > >&g

[SSSD] Re: [PATCH] MAN: sssd.conf should mention SSS_NSS_USE_MEMCACHE

2015-12-10 Thread Jakub Hrozek
On Thu, Dec 10, 2015 at 02:06:04PM +0100, Jakub Hrozek wrote: > On Wed, Dec 09, 2015 at 03:07:06PM +0100, Michal Židek wrote: > > Hi, > > > > attached is a man page patch requested in > > ticket https://fedorahosted.org/sssd/ticket/2787

[SSSD] Re: [PATCH] LDAP: check early for missing SID in mapping check

2015-12-10 Thread Jakub Hrozek
On Thu, Dec 10, 2015 at 02:05:11PM +0100, Jakub Hrozek wrote: > On Mon, Dec 07, 2015 at 06:30:34PM +0100, Sumit Bose wrote: > > Hi, > > > > this patch should suppress the > > "sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse > > domai

[SSSD] Re: [PATCH] MAN: sssd.conf should mention SSS_NSS_USE_MEMCACHE

2015-12-10 Thread Jakub Hrozek
On Wed, Dec 09, 2015 at 03:07:06PM +0100, Michal Židek wrote: > Hi, > > attached is a man page patch requested in > ticket https://fedorahosted.org/sssd/ticket/2787 > > Michal > From 2098c7578e8a6834afed6c4e8086ccf6f5336c6d Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Michal=20=C5=BDidek?= > Date

[SSSD] Re: [PATCH] LDAP: check early for missing SID in mapping check

2015-12-10 Thread Jakub Hrozek
On Mon, Dec 07, 2015 at 06:30:34PM +0100, Sumit Bose wrote: > Hi, > > this patch should suppress the > "sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse > domain SID from [(null)] ]]]" which e.g. is regularly seen with the IPA > provider when there is no trust support enabled o

[SSSD] Re: [PATCH] AD: Add autofs provider

2015-12-10 Thread Jakub Hrozek
On Wed, Dec 09, 2015 at 02:38:32PM +0100, Lukas Slebodnik wrote: > On (09/12/15 14:30), Jakub Hrozek wrote: > >On Fri, Nov 27, 2015 at 12:32:08PM +0100, Jakub Hrozek wrote: > >> On Fri, Nov 27, 2015 at 11:41:16AM +0100, Jakub Hrozek wrote: > >> > On Fri, Nov 27, 2

[SSSD] Re: [PATCH] KRB5_CHILD: Debug logs for PAC timeout

2015-12-10 Thread Jakub Hrozek
On Wed, Dec 09, 2015 at 02:25:06PM +0100, Petr Cech wrote: > Hi, > > simple patch is attached. > > Regards > > Petr I think we should put the debug message into sss_send_pac() after we actually succeeded in writing to the socket to avoid printing the message for cases where the PAC responder is

[SSSD] Re: [PATCH] IPA_PROVIDER: Explicit no handle of services

2015-12-10 Thread Jakub Hrozek
On Tue, Dec 08, 2015 at 04:57:02PM +0100, Petr Cech wrote: > On 12/07/2015 03:43 PM, Jakub Hrozek wrote: > >On Fri, Dec 04, 2015 at 04:33:51PM +0100, Petr Cech wrote: > >>So, I have choose the 2) option and the patch is attached. > > > >I think this patch goes in

[SSSD] Re: [PATCH] Reduce the code duplication in Data Provider

2015-12-10 Thread Jakub Hrozek
On Wed, Dec 09, 2015 at 01:10:58PM +0100, Lukas Slebodnik wrote: > On (04/12/15 16:42), Jakub Hrozek wrote: > >On Thu, Dec 03, 2015 at 01:24:54PM +0100, Pavel Březina wrote: > >> On 11/20/2015 12:04 PM, Jakub Hrozek wrote: > >> >On Thu, Nov 19, 2015 at 01:51:5

[SSSD]sssd 1.13.3 tickets

2015-12-10 Thread Jakub Hrozek
Hi, I would like to release 1.13.3 tarball no later than Tuesday Dec-15. There is a number of tickets that were not closed and I'm wondering whether to move them to 1.13.4 or 1.14 Alpha. So far I'm thinking that: - anything our downstream requires should stay in 1.13.4 - the rest, that's m

[SSSD]Re: [PATCH] MAN: Clarify that subdomains always use service discovery

2015-12-10 Thread Jakub Hrozek
On Wed, Dec 09, 2015 at 03:23:38PM +0100, Lukas Slebodnik wrote: > On (09/12/15 13:11), Jakub Hrozek wrote: > >On Fri, Dec 04, 2015 at 09:51:50AM -0500, Dan Lavu wrote: > >> Go for it, wasn't aware that non R2 is supported upstream. > > > >Unless anyone oppo

[SSSD]Re: [PATCH] IPA: Use search timeout, not enum timeout for searching

2015-12-09 Thread Jakub Hrozek
On Wed, Dec 09, 2015 at 03:19:54PM +0100, Lukas Slebodnik wrote: > On (09/12/15 14:29), Jakub Hrozek wrote: > >On Wed, Dec 09, 2015 at 02:15:32PM +0100, Lukas Slebodnik wrote: > >> On (09/12/15 14:11), Lukas Slebodnik wrote: > >> >On (09/12/15 13:21), Sumit Bose wrot

[SSSD]Re: [PATCH] AD: Add autofs provider

2015-12-09 Thread Jakub Hrozek
On Fri, Nov 27, 2015 at 12:32:08PM +0100, Jakub Hrozek wrote: > On Fri, Nov 27, 2015 at 11:41:16AM +0100, Jakub Hrozek wrote: > > On Fri, Nov 27, 2015 at 10:48:29AM +0100, Pavel Březina wrote: > > > Attached. > > > > > > > > From 845fa8d3cf904f4d237527f

[SSSD]Re: [PATCH] IPA: Use search timeout, not enum timeout for searching

2015-12-09 Thread Jakub Hrozek
On Wed, Dec 09, 2015 at 02:15:32PM +0100, Lukas Slebodnik wrote: > On (09/12/15 14:11), Lukas Slebodnik wrote: > >On (09/12/15 13:21), Sumit Bose wrote: > >>On Wed, Dec 09, 2015 at 12:24:38PM +0100, Jakub Hrozek wrote: > >>> Hi, > >>> > >>>

[SSSD]Re: [PATCH] sss_override: improve --debug description

2015-12-09 Thread Jakub Hrozek
On Wed, Dec 09, 2015 at 01:07:10PM +0100, Pavel Březina wrote: > https://fedorahosted.org/sssd/ticket/2813 > > I wanted to split include/debug_levels.xml into more files so we don't > duplicate information, but I didn't figure out how to use xi:include in > files that are already beeing included.

[SSSD]Re: [PATCH] MAN: Clarify that subdomains always use service discovery

2015-12-09 Thread Jakub Hrozek
On Fri, Dec 04, 2015 at 09:51:50AM -0500, Dan Lavu wrote: > Go for it, wasn't aware that non R2 is supported upstream. Unless anyone opposes, I will push the attached patch with Dan's authorship and my RB later today. >From 39fd2dbcc82701d56d6ee9aebf032199a525880a Mon Sep 17 00:00:00 2001 From: D

[SSSD][PATCH] MAN: Clarify when should TGs be disabled for group nesting restriction

2015-12-09 Thread Jakub Hrozek
Cleanup of 1.13.3 easy tickets before upstream release.. >From 19e0bdabb9699130cf99d9192f6ab06fa0f6f923 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 9 Dec 2015 13:03:51 +0100 Subject: [PATCH] MAN: Clarify when should TGs be disabled for group nesting restriction Resolves: ht

[SSSD][PATCH] IPA: Use search timeout, not enum timeout for searching

2015-12-09 Thread Jakub Hrozek
Hi, see the attached trivial patch. It was verified by a user on IRC that decreasing the timeout helped quite a bit when a laptop with AD user went offline and the AD user tried to unlock the screen. >From 1e85e3bff55f9dc686a74ffd99ff44cf063fcf29 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek D

[SSSD]Re: [PATCH SET] TEST_TOOLS_COLONDB: Add tests for sss_colondb_* public API

2015-12-08 Thread Jakub Hrozek
On Tue, Dec 08, 2015 at 09:20:52AM +0100, Lukas Slebodnik wrote: > On (07/12/15 15:51), Petr Cech wrote: > >Hi Lukas, > > > >thank you for review. I will send new version of tests, in one patch. And I > >will address your comments. > > > >However I would like to shed light on why I made the changes

[SSSD]Re: about fedorahosted-to-github mirror

2015-12-07 Thread Jakub Hrozek
On Mon, Dec 07, 2015 at 10:36:19AM -0500, Simo Sorce wrote: > On Thu, 2015-12-03 at 21:00 +0100, Jakub Hrozek wrote: > > Hi, > > > > I was looking at options we have for setting up an automated way to > > mirror our fedorahosted.org repo to github.com. Unfortuna

[SSSD]Re: [PATCH] NSS: Fix memory leak netgroup

2015-12-07 Thread Jakub Hrozek
On Mon, Dec 07, 2015 at 04:11:33PM +0100, Pavel Reichl wrote: > Nice :-(. > > Thanks for noticing. Shall we return to the first iteration of the patch? Do you know why this happens and why would the first iteration be better? I don't see from the code what's wrong.. __

<    5   6   7   8   9   10   11   12   13   14   >