[SSSD] Re: [SSSD-users] Re: Announcing SSSD 2.2.1

On 9/12/19 2:59 PM, Timo Aaltonen wrote: On 29.8.2019 15.38, Michal Židek wrote: I am sorry I did not include all translation files into the tarball for this release. I will do another minor release that will update the translation as well. Please disregard the 2.2.1 version. Sorry

[SSSD] Re: [SSSD-users] Announcing SSSD 2.2.1

I am sorry I did not include all translation files into the tarball for this release. I will do another minor release that will update the translation as well. Please disregard the 2.2.1 version. Sorry for the inconvenience. Michal On 8/28/19 10:07 AM, Michal Židek wrote:     == SSSD

[SSSD] Announcing SSSD 2.2.1

Don't limit the global number of ccaches KCM: Pass confdb context to the ccache db initialization KCM: Configurable quotas for the secdb ccache back end TESTS: Add tests for the configurable quotas Don't qualify users from files domain when default_domain_suffix is set Jakub Jelen (1):

[SSSD] Re: Question about memory mapped cache

On 11/08/2017 11:28 AM, Sumit Bose wrote: Hi, while trying to prepare some diagrams to illustrate how the memory mapped cache works I realized that we might not use the payload factor as expected. In sss_mmap_cache_init() we set a payload depending of the type of cached data, e.g. for passwd

[SSSD] Announcing ding-libs 0.6.1

_empty_dir DHASH: Suppress gcc7 warning INI: Fix warning Walloc-size-larger-than Do not define _GNU_SOURCE COLLECTION: Remove unused macros INI: Fix doxygen comment for ini_errobj_create COLLECTION: Fix misused comma DHASH: Do not use c99 structure initialisati

[SSSD] Re: about access control reporting with id_provider=ad

On 08/23/2017 03:26 PM, Jakub Hrozek wrote: On Tue, Aug 22, 2017 at 03:21:14PM +0200, Michal Židek wrote: On 08/22/2017 12:31 PM, Jakub Hrozek wrote: On Tue, Aug 22, 2017 at 11:40:39AM +0200, Michal Židek wrote: On 08/22/2017 11:21 AM, Michal Židek wrote: On 08/21/2017 02:27 PM, Jakub Hrozek

[SSSD] Re: about access control reporting with id_provider=ad

On 08/22/2017 12:31 PM, Jakub Hrozek wrote: On Tue, Aug 22, 2017 at 11:40:39AM +0200, Michal Židek wrote: On 08/22/2017 11:21 AM, Michal Židek wrote: On 08/21/2017 02:27 PM, Jakub Hrozek wrote: Hi Michal and sssd-devel, one of the RFEs that keeps coming up for SSSD is to provide a sort

[SSSD] Re: about access control reporting with id_provider=ad

On 08/22/2017 12:43 PM, Michal Židek wrote: On 08/22/2017 11:38 AM, Jakub Hrozek wrote: On Tue, Aug 22, 2017 at 11:21:43AM +0200, Michal Židek wrote: On 08/21/2017 02:27 PM, Jakub Hrozek wrote: Hi Michal and sssd-devel, one of the RFEs that keeps coming up for SSSD is to provide a sort

[SSSD] Re: about access control reporting with id_provider=ad

On 08/22/2017 11:38 AM, Jakub Hrozek wrote: On Tue, Aug 22, 2017 at 11:21:43AM +0200, Michal Židek wrote: On 08/21/2017 02:27 PM, Jakub Hrozek wrote: Hi Michal and sssd-devel, one of the RFEs that keeps coming up for SSSD is to provide a sort of an 'attestation report' for SSSD. Mostly

[SSSD] Re: about access control reporting with id_provider=ad

On 08/22/2017 11:21 AM, Michal Židek wrote: On 08/21/2017 02:27 PM, Jakub Hrozek wrote: Hi Michal and sssd-devel, one of the RFEs that keeps coming up for SSSD is to provide a sort of an 'attestation report' for SSSD. Mostly the request is about printing who can access this client machine. I

[SSSD] Re: about access control reporting with id_provider=ad

On 08/21/2017 02:27 PM, Jakub Hrozek wrote: Hi Michal and sssd-devel, one of the RFEs that keeps coming up for SSSD is to provide a sort of an 'attestation report' for SSSD. Mostly the request is about printing who can access this client machine. I know that we fetch all the HBAC rules for a

[SSSD] Re: Shall we freeze the development till #3463 is solved?

On 08/08/2017 04:51 PM, Fabiano Fidêncio wrote: People, There's a test, part of our internal CI, recurrently failing in the past few weeks: === FAILURES === _ test_add_remove_user

[SSSD] Re: WIP design page: Subdomain configuration

On 04/07/2017 08:51 AM, Jakub Hrozek wrote: On Mon, Jan 16, 2017 at 03:35:11PM +0100, Michal Židek wrote: Hi, I started working on the design page for subdomain configuration in server mode. It is located here: https://fedorahosted.org/sssd/wiki/DesignDocs/SubdomConf The implementation

[SSSD] Re: Question about ipa_domain option

My bad. It works as expected. I forgot to rename the domain domains option. Sorry for spam :) On 04/05/2017 02:46 PM, Michal Židek wrote: On 04/05/2017 02:32 PM, Jakub Hrozek wrote: On Wed, Apr 05, 2017 at 02:19:20PM +0200, Michal Židek wrote: Hello! When I create a [domain/IPADOMAIN

[SSSD] Question about ipa_domain option

Hello! When I create a [domain/IPADOMAIN] section and then use the ipa_domain option to use ipadomain.test as a domain name (instead of IPADOMAIN) then SSSD is not able to connect to the ipadomain.test properly. I wonder if someone uses the ipa_domain option and if it makes sense to fix or

[SSSD] Re: https://pagure.io/SSSD/sssd/issue/3158 {where to find source code ini_rules_check(), may be sss_util.c}

On 03/18/2017 02:39 PM, amit kumar wrote: Hello, sssctl config-check does not show what file contains the problem ./src/util/sss_ini.c:578:ret = ini_rules_check(rules_cfgobj, data->sssd_config, NULL, *errobj*); *errobj=*> This contains errorObjects which are thrown on screen. #

[SSSD] Re: sssd-1.14.3 milestone cleanup

On 02/02/2017 11:36 AM, Jakub Hrozek wrote: On Wed, Jan 11, 2017 at 06:52:32PM +0100, Lukas Slebodnik wrote: On (11/01/17 16:31), Jakub Hrozek wrote: Hi, despite new development happening in the sssd-1-15 branch (aka master), there are still too many tickets in the 1.14.3 milestone. The

[SSSD] Re: WIP design page: Subdomain configuration

On 01/17/2017 11:15 AM, Jakub Hrozek wrote: On Mon, Jan 16, 2017 at 03:35:11PM +0100, Michal Židek wrote: Hi, I started working on the design page for subdomain configuration in server mode. It is located here: https://fedorahosted.org/sssd/wiki/DesignDocs/SubdomConf The implementation

[SSSD] WIP design page: Subdomain configuration

Hi, I started working on the design page for subdomain configuration in server mode. It is located here: https://fedorahosted.org/sssd/wiki/DesignDocs/SubdomConf The implementation details and how to debug sections will be added later. For now, the design page is short but should at least set

[SSSD] Re: RFC: Configuration of trusted domain (a.k.a. subdomain) in sssd.conf

On 01/03/2017 04:51 PM, Jakub Hrozek wrote: On Tue, Jan 03, 2017 at 04:46:25PM +0100, Michal Židek wrote: Hi, for IPA provider, we plan to add the ability to configure trusted domains (currently AD domains) in a similar way the main domain is configured in sssd.conf. If ipadomain.test

[SSSD] RFC: Configuration of trusted domain (a.k.a. subdomain) in sssd.conf

Hi, for IPA provider, we plan to add the ability to configure trusted domains (currently AD domains) in a similar way the main domain is configured in sssd.conf. If ipadomain.test is the main IPA domain and addomain.test is the AD domain and there is IPA-AD trust extablished between the two, I

[SSSD] Re: trac cleanup of the 1.14 backlog milestone

On 12/06/2016 11:56 AM, Jakub Hrozek wrote: Hi, I checked the 1.14 backlog milestone. I think most of the tickets can be just moved to "Future releases" except for a couple where I was quite confident the ticket can be just closed (and I just closed them), except for these:

[SSSD] Re: Nested netgroups with IPA provider

On 11/10/2016 03:18 PM, Michal Židek wrote: On 11/10/2016 02:13 PM, Lukas Slebodnik wrote: On (10/11/16 13:57), Michal Židek wrote: On 11/10/2016 12:29 PM, Jakub Hrozek wrote: On Thu, Nov 10, 2016 at 10:49:55AM +0100, Michal Židek wrote: Hi, this is continuation of discussion about pull

[SSSD] Re: Nested netgroups with IPA provider

On 11/10/2016 02:13 PM, Lukas Slebodnik wrote: On (10/11/16 13:57), Michal Židek wrote: On 11/10/2016 12:29 PM, Jakub Hrozek wrote: On Thu, Nov 10, 2016 at 10:49:55AM +0100, Michal Židek wrote: Hi, this is continuation of discussion about pull request 51 and associated tickets. For context

[SSSD] Re: Nested netgroups with IPA provider

On 11/10/2016 12:29 PM, Jakub Hrozek wrote: On Thu, Nov 10, 2016 at 10:49:55AM +0100, Michal Židek wrote: Hi, this is continuation of discussion about pull request 51 and associated tickets. For context, see: https://github.com/SSSD/sssd/pull/59 https://fedorahosted.org/sssd/ticket/3159

[SSSD] Nested netgroups with IPA provider

Hi, this is continuation of discussion about pull request 51 and associated tickets. For context, see: https://github.com/SSSD/sssd/pull/59 https://fedorahosted.org/sssd/ticket/3159 https://fedorahosted.org/sssd/ticket/3116 The FreeIPA UQE guys added upstream test for this issue because we do

[SSSD] Re: Should we use VMs or containers for (some) tests?

On 11/01/2016 02:06 PM, Nikolai Kondrashov wrote: On 11/01/2016 01:29 PM, Michal Židek wrote: Btw, I wanted to ask if the code for the new infrastructure is going to reside in the contrib directory in SSSD repo or somewhere else. Does someone have any preferences? I have a preference

[SSSD] Re: Should we use VMs or containers for (some) tests?

On 11/01/2016 11:57 AM, Nikolai Kondrashov wrote: On 11/01/2016 11:36 AM, Jakub Hrozek wrote: On Tue, Nov 01, 2016 at 10:31:20AM +0200, Nikolai Kondrashov wrote: Hi Jakub, On 10/27/2016 05:20 PM, Jakub Hrozek wrote: I'm currently working on integration tests for the 'files' provider and

[SSSD] Re: Should we use VMs or containers for (some) tests?

Hi, On 10/27/2016 04:20 PM, Jakub Hrozek wrote: Hi, I'm currently working on integration tests for the 'files' provider and during this work I started to feel we are pushing the boundaries around our test infrastructure already quite a bit. When SSSD talks over network to a server, then we're

[SSSD] Re: Milestone names

On 10/07/2016 12:20 PM, Jakub Hrozek wrote: Hi, for better or worse, our milestone and release planning is not great. We normally decide on what we want to work on for the next release and release new versions based on Fedora or RHEL releases (mostly because there is normally no other

[SSSD] Re: [PATCH ding-libs] Extend API to const key for clients that don't need to modify their keys

On 10/05/2016 04:48 PM, Petr Cech wrote: On 10/05/2016 04:39 PM, Michal Židek wrote: On 10/05/2016 04:30 PM, Petr Cech wrote: On 10/05/2016 04:18 PM, Michal Židek wrote: On 10/05/2016 03:47 PM, Philip Prindeville wrote: On Oct 5, 2016, at 7:18 AM, Michal Židek <mzi...@redhat.com>

[SSSD] Re: [PATCH ding-libs] Extend API to const key for clients that don't need to modify their keys

On 10/05/2016 05:43 PM, Jakub Hrozek wrote: On Wed, Oct 05, 2016 at 07:42:23AM -0600, Philip Prindeville wrote: On Oct 5, 2016, at 5:45 AM, Michal Židek <mzi...@redhat.com> wrote: ACK to the code from Philip. I amended the commit message to meet our style. I would like to push this to

[SSSD] Re: [PATCH ding-libs] Extend API to const key for clients that don't need to modify their keys

On 10/05/2016 04:30 PM, Petr Cech wrote: On 10/05/2016 04:18 PM, Michal Židek wrote: On 10/05/2016 03:47 PM, Philip Prindeville wrote: On Oct 5, 2016, at 7:18 AM, Michal Židek <mzi...@redhat.com> wrote: I forgot to attach the patches. Again the first one is acked by me, the second

[SSSD] Re: [PATCH ding-libs] Extend API to const key for clients that don't need to modify their keys

On 10/05/2016 03:47 PM, Philip Prindeville wrote: On Oct 5, 2016, at 7:18 AM, Michal Židek <mzi...@redhat.com> wrote: I forgot to attach the patches. Again the first one is acked by me, the second needs a review. Michal Thanks for writing those tests. Minor comment, dhash_ut_c

[SSSD] Re: [PATCH ding-libs] Extend API to const key for clients that don't need to modify their keys

I forgot to attach the patches. Again the first one is acked by me, the second needs a review. Michal On 10/05/2016 01:45 PM, Michal Židek wrote: ACK to the code from Philip. I amended the commit message to meet our style. I would like to push this together with at least some sanity tests

[SSSD] Re: [PATCH ding-libs] Extend API to const key for clients that don't need to modify their keys

ACK to the code from Philip. I amended the commit message to meet our style. I would like to push this together with at least some sanity tests. See the second patch. I am looking for someone from SSSD developers to review the tests. Michal PS: Btw. Philip, I am interested for what project are

[SSSD] Re: [PATCH ding-libs] Extend API to const key for clients that don't need to modify their keys

Hello Philip, please read the comments inline. I also attached git diff to demonstrate what I mean to this email. From: Philip Prindeville Add c_str as a "const char *" to the hash_key_t. --- dhash/dhash.c | 35

[SSSD] Re: [PATCH ding-libs] Extend API to const key for clients that don't need to modify their keys

Prindeville wrote: Is there a ding-libs website? I wanted to subscribe to the mailing list and read the archives but fedorahosted.org only seems to point to the git repo… nothing about a ding-libs general website, etc. On Sep 29, 2016, at 4:50 AM, Michal Židek <mzi...@redhat.com> wrote:

[SSSD] Re: [PATCH ding-libs] Extend API to const key for clients that don't need to modify their keys

Moving this to sssd-devel list. So that other developers can see the patch and review process. I will start the review after today's meeting. Michal (Lukas, Stephen, I put you two to CC only because you were also original recipients of the mail, I will not CC you further) On 09/28/2016 03:00

[SSSD] Re: [PATCH] SSSDConfig: Do not fail with nonexisting domains/services

On 09/22/2016 05:36 PM, Lukas Slebodnik wrote: On (22/09/16 17:30), Michal Židek wrote: On 09/22/2016 10:07 AM, Lukas Slebodnik wrote: On (21/09/16 14:20), Lukas Slebodnik wrote: ehlo, Almost oneliner i there would not be a unit test :-) LS Bump LS The python tests fails in distcheck

[SSSD] Re: [PATCH] SSSDConfig: Do not fail with nonexisting domains/services

On 09/22/2016 10:07 AM, Lukas Slebodnik wrote: On (21/09/16 14:20), Lukas Slebodnik wrote: ehlo, Almost oneliner i there would not be a unit test :-) LS Bump LS The python tests fails in distcheck: http://sssd-ci.duckdns.org/logs/job/53/88/summary.html Michal

[SSSD] Re: [PATCH] SPEC: Rename python packages using macro %python_provide

On 09/22/2016 10:23 AM, Michal Židek wrote: On 09/22/2016 10:08 AM, Lukas Slebodnik wrote: On (15/09/16 20:44), Lukas Slebodnik wrote: On (15/09/16 14:08), Lukas Slebodnik wrote: On (05/07/16 13:39), Lukas Slebodnik wrote: ehlo, SSSD python packages were renamed in fedora few months ago

[SSSD] Re: [PATCH] SPEC: Rename python packages using macro %python_provide

On 09/22/2016 10:08 AM, Lukas Slebodnik wrote: On (15/09/16 20:44), Lukas Slebodnik wrote: On (15/09/16 14:08), Lukas Slebodnik wrote: On (05/07/16 13:39), Lukas Slebodnik wrote: ehlo, SSSD python packages were renamed in fedora few months ago. python-* -> python2-* But we didn't rename

[SSSD] Re: fedorahosted.org sunset

On 09/16/2016 01:19 PM, Jakub Hrozek wrote: On Fri, Sep 16, 2016 at 12:50:54PM +0200, Jakub Hrozek wrote: The first step imo is -- define what exactly we miss from pagure's tracker. For me it's: - milestones Apparently, pagure has a creative way to deal with milestones:

[SSSD] Re: fedorahosted.org sunset

On 09/16/2016 11:09 AM, Jakub Hrozek wrote: Hi, fedorahosted.org is being decomissioned: https://lists.fedoraproject.org/archives/list/annou...@lists.fedoraproject.org/thread/RLL3LFUPLYMAUKGZ5B3O64XKJXBT24KZ/ so we need to find a new home for SSSD.. I wanted to ask: 1) anyone from

[SSSD] Re: [PATCH] ini_augment: Use full path when reporting pattern mismatch

On 09/13/2016 04:53 PM, Lukas Slebodnik wrote: On (01/09/16 17:35), Michal Židek wrote: On 09/01/2016 05:26 PM, Dmitri Pal wrote: Hello, I do not like either of the versions of the patch. It is OK to use path_concat instead of snprintf. The whole point of not using it was to simplify the code

[SSSD] Re: [PATCH] ini_augment: Use full path when reporting pattern mismatch

On 09/01/2016 05:26 PM, Dmitri Pal wrote: Hello, I do not like either of the versions of the patch. It is OK to use path_concat instead of snprintf. The whole point of not using it was to simplify the code and not have to check yet another error clause. But using path_concat is fine. The thing

[SSSD] [PATCH] ini_augment: Use full path when reporting pattern mismatch

Hi, see the attached ding-libs patch for ticket #3166. This is how sssctl config-check prints the merging issues without this patch: Messages generated during configuration merging: 2 File blaa did not match provided patterns. Skipping. File /etc/sssd/conf.d/blaa.conf did not pass access

[SSSD] Re: [PATCH] GPO: Cat vals with same key from different GPOs

On 09/01/2016 10:31 AM, Jakub Hrozek wrote: On Thu, Sep 01, 2016 at 09:56:33AM +0200, Michal Židek wrote: On 08/31/2016 07:49 PM, Stephen Gallagher wrote: On 08/31/2016 01:24 PM, Simo Sorce wrote: On Wed, 2016-08-31 at 17:41 +0200, Michal Židek wrote: Hi, here is patch for ticket #3161

[SSSD] Re: [PATCH] GPO: Cat vals with same key from different GPOs

On 08/31/2016 07:49 PM, Stephen Gallagher wrote: On 08/31/2016 01:24 PM, Simo Sorce wrote: On Wed, 2016-08-31 at 17:41 +0200, Michal Židek wrote: Hi, here is patch for ticket #3161. See more in the ticket description. I was thinking why we originally replaced the lists and I think it comes

[SSSD] [PATCH] GPO: Cat vals with same key from different GPOs

Hi, here is patch for ticket #3161. See more in the ticket description. I was thinking why we originally replaced the lists and I think it comes from confusion on how we handle the same keys in single GPO ini file, however that is handled by libini not by SSSD. Michal >From

[SSSD] Re: [PATCH 2/2] sdap: Skip exact duplicates when extending maps

On 08/10/2016 08:36 PM, Lukas Slebodnik wrote: On (10/08/16 17:41), Michal Židek wrote: Hi, see the attached patch. I modified the detection of duplicates when extending the maps (sysdb_attr:ldap_attr). When we try to add entry to the map that already exists in the map, then without

[SSSD] [PATCH 2/2] sdap: Skip exact duplicates when extending maps

Hi, see the attached patch. I modified the detection of duplicates when extending the maps (sysdb_attr:ldap_attr). When we try to add entry to the map that already exists in the map, then without this patch we will fail. With this patch, we only fail if the newly added extension would

[SSSD] Re: [PATCH] gpo: gPCMachineExtensionNames with just whitespaces

On 08/10/2016 11:35 AM, Jakub Hrozek wrote: On Wed, Aug 10, 2016 at 12:02:18PM +0300, Alexander Bokovoy wrote: On Tue, 09 Aug 2016, Michal Židek wrote: Summary for Alexander (in CC): - Regarding processing GPOs on the client. - If groupPolicyContainer in AD has attribute

[SSSD] Re: [PATCH] gpo: gPCMachineExtensionNames with just whitespaces

/08/16 11:48), Jakub Hrozek wrote: On Fri, Jul 29, 2016 at 05:40:44PM +0200, Michal Židek wrote: Hi, the attached patch fixes: https://fedorahosted.org/sssd/ticket/3114 We have a user that can not login with enforced GPO because of this. I do not think it is a common issue, I could not create

[SSSD] [PATCH] tools: Add missing gettext macro

Hi, see the attached simple patch. I sent it as part of the commands renaming patchset, but forgot to include it in the last iteration. Michal >From 3dbbe08b50ca1ffeae4945cb3ea4b263d1d91305 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= Date: Fri, 5 Aug 2016

[SSSD] Re: [PATCH] sssctl: Generic help for cache-upgrade and config-check

On 08/05/2016 12:01 PM, Pavel Březina wrote: On 07/26/2016 04:43 PM, Michal Židek wrote: Hi! Attached is patch for ticket: https://fedorahosted.org/sssd/ticket/3086 This patch applies on top of the patches from thread: [SSSD] [PATCH] sssctl: Consistent commands naming Michal Hi, I believe

[SSSD] Re: [PATCH] sssctl: Consistent commands naming

On 08/05/2016 12:30 PM, Lukas Slebodnik wrote: On (04/08/16 16:21), Michal Židek wrote: Hi, As was requested on devel meeting, I removed the compatibility with old commands. New patch attached. Michal From 0c18c75e2b6a2e29f95b0e477369b5db766afbdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q

[SSSD] Re: [PATCH] sssctl: Consistent commands naming

Hi, As was requested on devel meeting, I removed the compatibility with old commands. New patch attached. Michal >From 0c18c75e2b6a2e29f95b0e477369b5db766afbdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= Date: Mon, 25 Jul 2016 13:50:13 +0200 Subject:

[SSSD] Re: [PATCH] Change debug level of config error msgs

On 08/04/2016 12:53 PM, Lukas Slebodnik wrote: On (04/08/16 12:13), Michal Židek wrote: On 07/27/2016 03:13 PM, Petr Cech wrote: On 07/27/2016 03:05 PM, Petr Cech wrote: On 07/27/2016 02:32 PM, Michal Židek wrote: Hi, I believe that this patch makes pinpointing of config errors a little

[SSSD] Re: [PATCH] Change debug level of config error msgs

On 07/27/2016 03:13 PM, Petr Cech wrote: On 07/27/2016 03:05 PM, Petr Cech wrote: On 07/27/2016 02:32 PM, Michal Židek wrote: Hi, I believe that this patch makes pinpointing of config errors a little easier. Especially when using sssctl tool that currently refuses to start a command when

[SSSD] Re: [PATCH] sssctl: Consistent commands naming

On 08/02/2016 06:04 PM, Michal Židek wrote: On 07/29/2016 09:38 PM, Lukas Slebodnik wrote: On (29/07/16 15:54), Michal Židek wrote: On 07/29/2016 03:23 PM, Jakub Hrozek wrote: On Fri, Jul 29, 2016 at 03:06:47PM +0200, Lukas Slebodnik wrote: On (29/07/16 14:27), Jakub Hrozek wrote: On Fri

[SSSD] Re: [PATCH] config: Some fixes to schema

On 08/04/2016 11:40 AM, Jakub Hrozek wrote: On Thu, Aug 04, 2016 at 11:35:30AM +0200, Michal Židek wrote: On 07/12/2016 06:38 PM, Lukas Slebodnik wrote: On (12/07/16 15:59), Michal Židek wrote: On 07/12/2016 03:36 PM, Lukas Slebodnik wrote: On (12/07/16 15:16), Michal Židek wrote

[SSSD] Re: [PATCH] config: Some fixes to schema

On 07/12/2016 06:38 PM, Lukas Slebodnik wrote: On (12/07/16 15:59), Michal Židek wrote: On 07/12/2016 03:36 PM, Lukas Slebodnik wrote: On (12/07/16 15:16), Michal Židek wrote: +# secrets responder +option = provider + I think you need to also update "rule/allowed_sections" maybe

[SSSD] Re: [PATCH] LDAP: Fixing of removing netgroup from cache

Two nitpicks, see inline. On 07/22/2016 02:34 PM, Petr Cech wrote: +static errno_t add_to_missing_attrs (TALLOC_CTX * mem_ctx, + struct sysdb_attrs *attrs, + const char *ext_key, + char

[SSSD] Re: [PATCH] sssctl: Consistent commands naming

On 07/29/2016 09:38 PM, Lukas Slebodnik wrote: On (29/07/16 15:54), Michal Židek wrote: On 07/29/2016 03:23 PM, Jakub Hrozek wrote: On Fri, Jul 29, 2016 at 03:06:47PM +0200, Lukas Slebodnik wrote: On (29/07/16 14:27), Jakub Hrozek wrote: On Fri, Jul 29, 2016 at 02:09:02PM +0200, Lukas

[SSSD] Re: [PATCH] ipa_netgroups: Lowercase key to htable

On 08/02/2016 03:46 PM, Lukas Slebodnik wrote: On (02/08/16 13:50), Petr Cech wrote: On 08/02/2016 12:41 PM, Petr Cech wrote: On 08/02/2016 11:09 AM, Michal Židek wrote: Hi! When reviewing Petr's netgroup patch I found some issues with netgroups when using IPA provider. Attached patch fixes

[SSSD] [PATCH] ipa_netgroups: Lowercase key to htable

Hi! When reviewing Petr's netgroup patch I found some issues with netgroups when using IPA provider. Attached patch fixes one of them. I filed ticket for the other issue here: https://fedorahosted.org/sssd/ticket/3117 Reviewing this is not priority for this week, but I already had the patch

[SSSD] [PATCH] gpo: gPCMachineExtensionNames with just whitespaces

Hi, the attached patch fixes: https://fedorahosted.org/sssd/ticket/3114 We have a user that can not login with enforced GPO because of this. I do not think it is a common issue, I could not create groupPolicyContainer with gPCMachineExtensionNames containing only whitespaces, but you can create

[SSSD] Re: [PATCH] sssctl: Consistent commands naming

On 07/29/2016 03:23 PM, Jakub Hrozek wrote: On Fri, Jul 29, 2016 at 03:06:47PM +0200, Lukas Slebodnik wrote: On (29/07/16 14:27), Jakub Hrozek wrote: On Fri, Jul 29, 2016 at 02:09:02PM +0200, Lukas Slebodnik wrote: On (29/07/16 13:59), Jakub Hrozek wrote: On Fri, Jul 29, 2016 at 01:49:41PM

[SSSD] Re: [PATCH] sssctl: Consistent commands naming

On 07/28/2016 02:11 PM, Michal Židek wrote: On 07/28/2016 01:57 PM, Jakub Hrozek wrote: On Thu, Jul 28, 2016 at 01:51:40PM +0200, Pavel Březina wrote: On 07/28/2016 01:38 PM, Jakub Hrozek wrote: On Thu, Jul 28, 2016 at 12:23:24PM +0200, Michal Židek wrote: On 07/28/2016 10:00 AM, Pavel

[SSSD] Re: [PATCH] sssctl: Consistent commands naming

On 07/28/2016 01:57 PM, Jakub Hrozek wrote: On Thu, Jul 28, 2016 at 01:51:40PM +0200, Pavel Březina wrote: On 07/28/2016 01:38 PM, Jakub Hrozek wrote: On Thu, Jul 28, 2016 at 12:23:24PM +0200, Michal Židek wrote: On 07/28/2016 10:00 AM, Pavel Březina wrote: On 07/27/2016 03:28 PM, Michal

[SSSD] Re: [PATCH] sssctl: Consistent commands naming

On 07/28/2016 10:00 AM, Pavel Březina wrote: On 07/27/2016 03:28 PM, Michal Židek wrote: On 07/27/2016 11:09 AM, Jakub Hrozek wrote: On Wed, Jul 27, 2016 at 11:03:34AM +0200, Pavel Březina wrote: On 07/26/2016 04:19 PM, Michal Židek wrote: On 07/26/2016 01:19 PM, Pavel Březina wrote: On 07

[SSSD] Re: [PATCH] sssctl: Consistent commands naming

On 07/27/2016 11:09 AM, Jakub Hrozek wrote: On Wed, Jul 27, 2016 at 11:03:34AM +0200, Pavel Březina wrote: On 07/26/2016 04:19 PM, Michal Židek wrote: On 07/26/2016 01:19 PM, Pavel Březina wrote: On 07/25/2016 02:12 PM, Michal Židek wrote: Hi, this patches makes the sssctl commands more

[SSSD] [PATCH] Change debug level of config error msgs

Hi, I believe that this patch makes pinpointing of config errors a little easier. Especially when using sssctl tool that currently refuses to start a command when there are syntax errors in sssd.conf, but by default it does not print problematic line number. Compare: ldb: unable to dlopen

[SSSD] [PATCH] sssctl: Generic help for cache-upgrade and config-check

Hi! Attached is patch for ticket: https://fedorahosted.org/sssd/ticket/3086 This patch applies on top of the patches from thread: [SSSD] [PATCH] sssctl: Consistent commands naming Michal >From c7d59835f5d05d6972e29f0d0bc974bd00155189 Mon Sep 17 00:00:00 2001 From:

[SSSD] Re: [PATCH] sssctl: Consistent commands naming

On 07/26/2016 01:19 PM, Pavel Březina wrote: On 07/25/2016 02:12 PM, Michal Židek wrote: Hi, this patches makes the sssctl commands more similar to ipa tool commands. I also think this pattern makes it easier to remember the commands. Note that in the future, there will be more user-* group

[SSSD] [PATCH] sssctl: Consistent commands naming

Hi, this patches makes the sssctl commands more similar to ipa tool commands. I also think this pattern makes it easier to remember the commands. Note that in the future, there will be more user-* group-* and netgroup-* commands (like seed for user, list of all etc.) Comments are welcome.

[SSSD] Re: [PATCH] rename be_acct_req to dp_id_data

On 07/14/2016 12:19 PM, Pavel Březina wrote: To follow other names... ACK. CI passed. http://sssd-ci.duckdns.org/logs/job/49/80/summary.html Michal ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org

[SSSD] Re: Rethinking debug levels

On 07/14/2016 10:12 AM, Pavel Březina wrote: We recently focus on providing lots of tracing messages in new code that helps us follow the code, however this makes the debug logs quite big and we usually focus only on a specific area or task while debugging. A year ago we discussed what we can do

[SSSD] [PATCH] sdap: Fix ldap_rfc_2307_fallback_to_local_users

Hi, see the attached simple patch for ticket: https://fedorahosted.org/sssd/ticket/3045 The patch is missing a CI test. I will add one (hopefully later tomorrow) after I take a look at one bugzilla which has currently higher priority. If someone writes a test for this until then, I will gladly

[SSSD] Re: [PATCH] config: Some fixes to schema

On 07/12/2016 03:36 PM, Lukas Slebodnik wrote: On (12/07/16 15:16), Michal Židek wrote: On 07/12/2016 01:28 PM, Lukas Slebodnik wrote: On (11/07/16 07:44), Michal Zidek wrote: Ok, I split the patches (one per option). Michal From 4c11e6cfcfee3cad801d513d75e136e4bd3bd598 Mon Sep 17 00:00

[SSSD] Re: [PATCH] dyndns: Add checks for NULL

On 07/12/2016 01:36 PM, Michal Židek wrote: On 07/12/2016 01:15 PM, Pavel Březina wrote: On 07/12/2016 12:34 PM, Michal Židek wrote: state->ipa_ctx->dyndns_ctx->last_refresh = time(NULL); LGTM but maybe we should place the check before this line? Not sure... I only add

[SSSD] Re: [PATCH] config: Some fixes to schema

On 07/12/2016 01:28 PM, Lukas Slebodnik wrote: On (11/07/16 07:44), Michal Zidek wrote: Ok, I split the patches (one per option). Michal From 4c11e6cfcfee3cad801d513d75e136e4bd3bd598 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= Date: Mon, 11 Jul 2016

[SSSD] Re: [PATCH] dyndns: Add checks for NULL

On 07/12/2016 01:15 PM, Pavel Březina wrote: On 07/12/2016 12:34 PM, Michal Židek wrote: state->ipa_ctx->dyndns_ctx->last_refresh = time(NULL); LGTM but maybe we should place the check before this line? Not sure... I only added checks for the line with strcmp (which

[SSSD] [PATCH] dyndns: Add checks for NULL

Hi! The attached simple patch just makes the code more defensive. We do not know the real cause for the segfault and we do not have a reproducer. Michal >From fffc09ee7de730df5700cac61fbf71d43de473a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= Date: Tue,

[SSSD] Re: [PATCH] config: Some fixes to schema

On 07/08/2016 12:56 PM, Lukas Slebodnik wrote: On (08/07/16 12:17), Michal Židek wrote: From 66419775a94768efe8c98ce6e8bbfa4743107eae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzi...@redhat.com> Date: Fri, 8 Jul 2016 11:32:50 +0200 Subject: [PATCH] config: Some

[SSSD] Re: [PATCH] config: Some fixes to schema

On 07/08/2016 12:07 PM, Lukas Slebodnik wrote: On (08/07/16 12:03), Michal Židek wrote: Hi, attached is patch for ticket https://fedorahosted.org/sssd/ticket/3068 The ticket also talks about allowing options for negative cache timeouts in all responders, but I did not do that. We do indeed

[SSSD] [PATCH] config: Some fixes to schema

Hi, attached is patch for ticket https://fedorahosted.org/sssd/ticket/3068 The ticket also talks about allowing options for negative cache timeouts in all responders, but I did not do that. We do indeed initialize negative cache in all responders, but we always read the timeouts from NSS

[SSSD] Re: [PATCH] sssctl: config-check access check report

On 07/07/2016 04:03 PM, Michal Židek wrote: Hi, Pavel requested this small change to sssctl config-check command. Michal This email got lost yesterday. Sending again. Michal >From 07bb03731ef425fecf01cbaefc533c28d4875151 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= &

[SSSD] Re: [PATCH] sssctl: manual page

On 07/07/2016 07:12 PM, Michal Židek wrote: On 07/07/2016 06:45 PM, Michal Židek wrote: The man page looks good to me with exception for one detail (see inline) On 07/04/2016 12:45 PM, Pavel Březina wrote: + +COMMON OPTIONS + +Those options are available

[SSSD] Re: [PATCH] sssctl: Add config-check command

On 07/07/2016 02:15 PM, Pavel Březina wrote: On 07/07/2016 01:54 PM, Michal Židek wrote: On 07/07/2016 01:20 PM, Lukas Slebodnik wrote: On (07/07/16 12:37), Michal Židek wrote: On 07/04/2016 05:27 PM, Michal Židek wrote: On 07/01/2016 05:35 PM, Lukas Slebodnik wrote: On (01/07/16 17:26

[SSSD] Re: [PATCH] sssctl: Add config-check command

On 07/07/2016 01:54 PM, Michal Židek wrote: On 07/07/2016 01:20 PM, Lukas Slebodnik wrote: On (07/07/16 12:37), Michal Židek wrote: On 07/04/2016 05:27 PM, Michal Židek wrote: On 07/01/2016 05:35 PM, Lukas Slebodnik wrote: On (01/07/16 17:26), Michal Židek wrote: Hello! This patch adds new

[SSSD] Re: [PATCH] sssctl: Add config-check command

On 07/07/2016 01:20 PM, Lukas Slebodnik wrote: On (07/07/16 12:37), Michal Židek wrote: On 07/04/2016 05:27 PM, Michal Židek wrote: On 07/01/2016 05:35 PM, Lukas Slebodnik wrote: On (01/07/16 17:26), Michal Židek wrote: Hello! This patch adds new command config-check for sssctl tool

[SSSD] Re: [PATCH] sssctl: Add config-check command

On 07/04/2016 05:27 PM, Michal Židek wrote: On 07/01/2016 05:35 PM, Lukas Slebodnik wrote: On (01/07/16 17:26), Michal Židek wrote: Hello! This patch adds new command config-check for sssctl tool. The output looks like this: Issues identified by validators: 3 [rule/allowed_sections

[SSSD] Re: [PATCH] MAN: Config file merging

On 07/01/2016 10:34 PM, Dan Lavu wrote: I couldn't apply your patch to my repo, so I just modified the text in your patch. I have a question though, will this be the new default behavior for sssd 1.4.x onwards in Fedora and RHEL? Also I think the feature, being called "merging" is not very

[SSSD] Re: [PATCH] sssctl: Add config-check command

On 07/01/2016 05:35 PM, Lukas Slebodnik wrote: On (01/07/16 17:26), Michal Židek wrote: Hello! This patch adds new command config-check for sssctl tool. The output looks like this: Issues identified by validators: 3 [rule/allowed_sections]: Section [SectionFOO] is not allowed. Check

[SSSD] Re: [PATCH] sssctl: manual page

On 07/04/2016 12:26 PM, Lukas Slebodnik wrote: On (04/07/16 12:21), Pavel Březina wrote: I don't think it is necessary to duplicate information from the tool itself into a manual page so a tried to keep the man page simple. This way we will not have to maintain it with any change in sssctl.

[SSSD] Re: [PATCH] MAN: Update documentation of sss_cache

On 07/04/2016 11:54 AM, Lukas Slebodnik wrote: ehlo, sss_cache -E can invalidate sudo rules since sssd 1.14 alpha. We just forgot to update man page for option --everything LS Ack. I do not think this needs CI run. Michal ___ sssd-devel mailing

[SSSD] Re: [PATCH] MAN: Config file merging

On 07/01/2016 03:58 PM, Lukas Slebodnik wrote: On (01/07/16 12:14), Michal Židek wrote: On 07/01/2016 11:55 AM, Michal Židek wrote: Hi! This patch adds man page for config file merging. Michal I had extra newline in the previous patch. Fixed in the attached patch. Michal From

  1   2   3   4   5   6   7   8   9   >