On Tue, Nov 13, 2012 at 09:40:54AM +0100, Jan Cholasta wrote:
Honza agreed to take over this patch.
Updated patch attached.
Also created a new patch with fixes for errors reported by rpmlint.
Honza
--
Jan Cholasta
Patch 1 is mostly good builds on all releases we care about, there
On 11/16/2012 06:51 AM, Jakub Hrozek wrote:
Hi,
as we need a documentation on the IPC between different SSSD processes
and also gathering debug data and submitting nice bug reports, I started
by a little SSSD wiki cleanup. In particular:
* Fixed up the repo at
On 11/15/2012 07:51 PM, Jakub Hrozek wrote:
In case a service is restarted while the DP is not ready yet, it gets
restarted again immediatelly, which means the DP might still not be
ready. The allowed number of restarts is then depleted quickly.
This patch changes the restart mechanism such
On Thu, Nov 15, 2012 at 12:55:37PM +0100, Jakub Hrozek wrote:
On Thu, Nov 15, 2012 at 10:57:37AM +0100, Jakub Hrozek wrote:
We broke saving nested LDAP groups with no members in 1.9 during the
conversion to ghost users. The attached patches fix that.
The first three patches would be nice
On 11/16/2012 12:06 PM, Jakub Hrozek wrote:
On Thu, Nov 15, 2012 at 12:55:37PM +0100, Jakub Hrozek wrote:
On Thu, Nov 15, 2012 at 10:57:37AM +0100, Jakub Hrozek wrote:
We broke saving nested LDAP groups with no members in 1.9 during the
conversion to ghost users. The attached patches fix that.
On Fri, 2012-11-16 at 12:22 +0100, Pavel Březina wrote:
On 11/16/2012 12:06 PM, Jakub Hrozek wrote:
On Thu, Nov 15, 2012 at 12:55:37PM +0100, Jakub Hrozek wrote:
On Thu, Nov 15, 2012 at 10:57:37AM +0100, Jakub Hrozek wrote:
We broke saving nested LDAP groups with no members in 1.9 during
On 11/16/2012 05:09 AM, Pavel Březina wrote:
On 11/16/2012 06:51 AM, Jakub Hrozek wrote:
Hi,
as we need a documentation on the IPC between different SSSD processes
and also gathering debug data and submitting nice bug reports, I started
by a little SSSD wiki cleanup. In particular:
*
Sorry for the OT ...
On Thu, 2012-11-15 at 20:01 +0100, Jakub Hrozek wrote:
They slipped through the review, most probably. There's no hard rule,
the 80-char limit just makes the code more readable for people like me
who like to split their terminals vertically.
Although I am not an emacs
On Thu, 2012-11-15 at 11:52 +0100, Sumit Bose wrote:
On Wed, Nov 14, 2012 at 12:30:24PM -0500, Simo Sorce wrote:
This patch changes the way subdomain users are stored in the database.
The reason for changing the way we do it is that the sysdb code, before the
subdomain patches were added
On 11/15/2012 03:03 PM, Jan Cholasta wrote:
On 14.11.2012 16:20, Ondrej Kos wrote:
On 11/14/2012 03:38 PM, Simo Sorce wrote:
On Wed, 2012-11-14 at 15:18 +0100, Jan Cholasta wrote:
Just one more nitpick: SSS_DB_CHECK_PTS and sss_db_version_check are
used only in sysdb.c, so there is no reason
I noticed that the proxy in auth_provider section of sssd.conf manpage
isn't quoted when all others are.
Patch is attached.
O.
--
Ondrej Kos
Associate Software Engineer
Identity Management
Red Hat Czech
phone: +420-532-294-558
cell: +420-736-417-909
ext: 82-62558
loc: 1013 Brno 1 office
On Fri, Nov 16, 2012 at 02:04:57PM +0100, Ondrej Kos wrote:
fixes https://fedorahosted.org/sssd/ticket/1628
When user's alias was the same as pw_name, the sysdb search was failing.
This resulted into not contacting the provider again.
Ack
The name is *usually* the same as alias, we just try
On 16.11.2012 09:48, Jakub Hrozek wrote:
On Tue, Nov 13, 2012 at 09:40:54AM +0100, Jan Cholasta wrote:
Honza agreed to take over this patch.
Updated patch attached.
Also created a new patch with fixes for errors reported by rpmlint.
Honza
--
Jan Cholasta
Patch 1 is mostly good builds on
On Fri, Nov 16, 2012 at 03:31:09PM +0100, Ondrej Kos wrote:
I noticed that the proxy in auth_provider section of sssd.conf manpage
isn't quoted when all others are.
Patch is attached.
O.
Ack
___
sssd-devel mailing list
On Fri, Nov 16, 2012 at 03:53:07PM +0100, Jakub Hrozek wrote:
On Fri, Nov 16, 2012 at 02:04:57PM +0100, Ondrej Kos wrote:
fixes https://fedorahosted.org/sssd/ticket/1628
When user's alias was the same as pw_name, the sysdb search was failing.
This resulted into not contacting the
On Fri, Nov 16, 2012 at 04:52:51PM +0100, Michal Židek wrote:
On 11/09/2012 03:15 PM, Pavel Březina wrote:
I think all of these are false positives so I just initialized the
variables to silent the compiler.
echo $CFLAGS
-m64 -mtune=generic -O3 -fstack-protector-all -Wall -Wextra
On 11/15/2012 08:55 PM, Jakub Hrozek wrote:
The attached patch fixes the build of git HEAD on RHEL5 for me.
AM_COND_IF is a very handy construct that is not present on old automake
systems such as the one in RHEL5.
The original author of the code is Ralf Corsepius rc040203 -at- freenet.de
Added wrappers as Sumit requested.
Simo Sorce (2):
Refactor the way subdomain accounts are saved
Handle conversion to fully qualified usernames
Sumit Bose (1):
Do not save HBAC rules in subdomain subtree
src/db/sysdb.c |7 +++
src/db/sysdb.h
From: Sumit Bose sb...@redhat.com
Currently the sysdb context is pointed to the subdomain subtree
containing user the user to be checked at the beginning of a HBAC
request. As a result all HBAC rules and related data is save in the
subdomain tree as well. But since the HBAC rules of the
In subdomains we have to use fully qualified usernames.
Unfortunately we have no other good option than simply removing
caches for users of subdomains.
This is because the memberof plugin does not support the rename operation.
---
src/db/sysdb.c |7
src/db/sysdb_private.h |4
The original sysdb code had a strong assumption that only users from one
domain are saved in the databse, with the subdomain feature, we have
changed reality, but have not adjusted all the code arund the sysdb calls
to not rely on the original assumption.
One of the side effects of this
On Fri, 2012-11-16 at 13:34 -0500, Simo Sorce wrote:
Added wrappers as Sumit requested.
Please ignore this set, I introduced a crash bug in refactoring the
getXXnam() calls as Sumit asked.
I'll send a new patchset soon.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
Resolved segfault, everything else as before.
Simo Sorce (2):
Refactor the way subdomain accounts are saved
Handle conversion to fully qualified usernames
Sumit Bose (1):
Do not save HBAC rules in subdomain subtree
src/db/sysdb.c |7 +++
src/db/sysdb.h
From: Sumit Bose sb...@redhat.com
Currently the sysdb context is pointed to the subdomain subtree
containing user the user to be checked at the beginning of a HBAC
request. As a result all HBAC rules and related data is save in the
subdomain tree as well. But since the HBAC rules of the
The original sysdb code had a strong assumption that only users from one
domain are saved in the databse, with the subdomain feature, we have
changed reality, but have not adjusted all the code arund the sysdb calls
to not rely on the original assumption.
One of the side effects of this
In subdomains we have to use fully qualified usernames.
Unfortunately we have no other good option than simply removing
caches for users of subdomains.
This is because the memberof plugin does not support the rename operation.
---
src/db/sysdb.c |7
src/db/sysdb_private.h |4
In our current RHEL5 deployment, we use pam_listfile to control access
to our servers. While I was putting together our sss config for RHEL6, I
initially thought I could use the simple access provider to replace it.
However, we have both central accounts as well as local service accounts
on
On 11/16/2012 02:58 PM, Paul B. Henson wrote:
In our current RHEL5 deployment, we use pam_listfile to control access
to our servers. While I was putting together our sss config for RHEL6,
I initially thought I could use the simple access provider to replace
it. However, we have both central
Sumit found 2 issues in the patch.
1. the 2 new wrapper proptotypes used _res as variable names but that symbol
is now used in glibc: /usr/include/resolv.h:#define _res (*__res_state())
Changed to 'res'
2. I was still using const char *src_name but it is unnecessary
Dropped the const
This
The original sysdb code had a strong assumption that only users from one
domain are saved in the databse, with the subdomain feature, we have
changed reality, but have not adjusted all the code arund the sysdb calls
to not rely on the original assumption.
One of the side effects of this
In subdomains we have to use fully qualified usernames.
Unfortunately we have no other good option than simply removing
caches for users of subdomains.
This is because the memberof plugin does not support the rename operation.
---
src/db/sysdb.c |7
src/db/sysdb_private.h |4
From: Sumit Bose sb...@redhat.com
Currently the sysdb context is pointed to the subdomain subtree
containing user the user to be checked at the beginning of a HBAC
request. As a result all HBAC rules and related data is save in the
subdomain tree as well. But since the HBAC rules of the
On 11/16/2012 12:55 PM, Dmitri Pal wrote:
Would moving such accounts into local sssd provider help?
Hmm, that would be similar in concept to proxying nss_files, although
certainly less kludgy on the sss side. However, we have existing
procedures and scripts which currently assume local
33 matches
Mail list logo