Re: [SSSD] [PATCH] cache_req: support UPN

2015-09-14 Thread Pavel Březina
On 09/14/2015 01:32 PM, Pavel Březina wrote: 0001: Use extra flag also in OOB request. 0002: Provide support for UPN. This add an improvement from NSS code, but I'm not sure if it is desired or not. If you have [domain/AD.PB] in sssd.conf and UPN "u...@ad.pb" then NSS responder will not find

Re: [SSSD] [PATCH] [HBAC]: Better libhbac debuging

2015-09-14 Thread Petr Cech
On 09/11/2015 05:24 PM, Lukas Slebodnik wrote: --- a/src/providers/ipa/ipa_hbac.exports >+++ b/src/providers/ipa/ipa_hbac.exports >@@ -1,4 +1,4 @@ >-IPA_HBAC_0.0.1 { >+IPA_HBAC_0.0.2 { > > # public functions > global: >@@ -8,6 +8,7 @@ IPA_HBAC_0.0.1 { > hbac_error_string; >

Re: [SSSD] Fix #2275 nested netgroups do not work in IPA provider

2015-09-14 Thread Sumit Bose
On Fri, Sep 04, 2015 at 03:28:09PM +0200, Petr Cech wrote: > On 09/04/2015 03:24 PM, Petr Cech wrote: > >On 09/03/2015 03:45 PM, Sumit Bose wrote: > >>>I tried both case. I used only originalMemberOf and I had right > >>>hostgroups, > no user groups. Then I used only memberOf and I had no

Re: [SSSD] [PATCH] tests: Use unique name for TEST_PATH

2015-09-14 Thread Jakub Hrozek
On Thu, Sep 10, 2015 at 03:28:50PM +0200, Lukas Slebodnik wrote: > ehlo, > > attached patch should prevent copy@paste errors in unit tests. > > e.g. > e0f2a783439fb7d3b85469f34ad6d672abf7e1fa > 0d0e787555efc1e6e4eb39a924bb9861bf2921d5 > > LS I like the patches and they improve the tests a lot,

Re: [SSSD] [PATCH] GPO: use SDAP_SASL_AUTHID as samAccountName

2015-09-14 Thread Jakub Hrozek
On Mon, Sep 14, 2015 at 03:40:05PM +0200, Jakub Hrozek wrote: > On Tue, Sep 01, 2015 at 06:01:59PM +0200, Sumit Bose wrote: > > On Tue, Sep 01, 2015 at 03:14:59PM +0200, Jakub Hrozek wrote: > > > On Tue, Sep 01, 2015 at 02:57:36PM +0200, Sumit Bose wrote: > > > > With this patch the only remaining

Re: [SSSD] [PATCH] Workaround for dyndns_test_ok failiure on mips(el). Child part has finished before the child handler was created.

2015-09-14 Thread Jakub Hrozek
On Thu, Sep 10, 2015 at 10:49:17AM +0200, Lukas Slebodnik wrote: > On (10/09/15 10:43), Lukas Slebodnik wrote: > >On (28/07/14 10:18), Simo Sorce wrote: > >>On Wed, 2014-07-23 at 09:01 +0200, Lukas Slebodnik wrote: > >>> On (09/07/14 18:21), Jurica Stanojkovic wrote: > >>> > > >>> >Hello, > >>> >

Re: [SSSD] [PATCH] [HBAC]: Better libhbac debuging

2015-09-14 Thread Jakub Hrozek
On Mon, Sep 14, 2015 at 02:15:39PM +0200, Petr Cech wrote: > > From 4246d5cd91c4c34b8524be5bfce38c57163a6e2b Mon Sep 17 00:00:00 2001 > >From: Lukas Slebodnik > >Date: Fri, 11 Sep 2015 17:04:58 +0200 > >Subject: [PATCH] squash_me > > > >--- > > Makefile.am

Re: [SSSD] [PATCH] GPO: use SDAP_SASL_AUTHID as samAccountName

2015-09-14 Thread Jakub Hrozek
On Tue, Sep 01, 2015 at 06:01:59PM +0200, Sumit Bose wrote: > On Tue, Sep 01, 2015 at 03:14:59PM +0200, Jakub Hrozek wrote: > > On Tue, Sep 01, 2015 at 02:57:36PM +0200, Sumit Bose wrote: > > > With this patch the only remaining caller for sss_krb5_get_primary() is > > > in the same source file.

Re: [SSSD] [PATCH] CI: Set env variable for all tabs in screen

2015-09-14 Thread Jakub Hrozek
On Thu, Jul 23, 2015 at 12:47:13PM +0200, Lukas Slebodnik wrote: > ehlo, > > It's a side effect of my effort to write integration tests for memory cache. > Attached patch simplify troubleshooting of sssd in cwrap environment. > > LS I like this, can you add a tip to some of our develTips pages?

Re: [SSSD] [PATCHES] test*: Create keytabs in unique directory

2015-09-14 Thread Jakub Hrozek
On Fri, Sep 11, 2015 at 02:56:14PM +0200, Lukas Slebodnik wrote: > ehlo, > > attached patches should intermittent failures reported in ticket #2694. > Few files could touch the same keytab which could cause issues. > But I cannot guarantee it will completely fix problem. > > LS ACK to all.

Re: [SSSD] [PATCH] CI: Set env variable for all tabs in screen

2015-09-14 Thread Jakub Hrozek
On Mon, Sep 14, 2015 at 03:47:44PM +0200, Jakub Hrozek wrote: > On Thu, Jul 23, 2015 at 12:47:13PM +0200, Lukas Slebodnik wrote: > > ehlo, > > > > It's a side effect of my effort to write integration tests for memory cache. > > Attached patch simplify troubleshooting of sssd in cwrap environment.

Re: [SSSD] [PATCH] Workaround for dyndns_test_ok failiure on mips(el). Child part has finished before the child handler was created.

2015-09-14 Thread Jakub Hrozek
On Mon, Sep 14, 2015 at 03:45:12PM +0200, Jakub Hrozek wrote: > > From 7e4ec4a744c5714cb7d6c9a22646d5635e8da0c8 Mon Sep 17 00:00:00 2001 > > From: Lukas Slebodnik > > Date: Thu, 10 Sep 2015 10:42:02 +0200 > > Subject: [PATCH] dyndns-tests: Simulate job in wrapped execv > > >

Re: [SSSD] [PATCH] DEBUG: Preventing chown_debug_file if journald on

2015-09-14 Thread Petr Cech
On 09/11/2015 11:02 AM, Lukas Slebodnik wrote: I do not understand how is the function chown_debug_file related to journald. sssd can be compiled with journald support and in the same time can log to the files. This is a default for fedora and rehl7. If someone want to enable logging all

Re: [SSSD] [PATCH] util: Include disabled domains in link_forest_roots

2015-09-14 Thread Jakub Hrozek
On Wed, Sep 09, 2015 at 02:43:59PM +0200, Michal Židek wrote: > Hi, > > patch for ticket > https://fedorahosted.org/sssd/ticket/2673 > is in the attachment. > > Thanks. > Michal > From 7c454bc2a737be05068418a5eef7fe9446bb5fa8 Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Michal=20=C5=BDidek?=

Re: [SSSD] [PATCH] DDNS: execute nsupdate for single update of PTR rec

2015-09-14 Thread Jakub Hrozek
On Sun, Sep 13, 2015 at 01:43:03PM +0200, Pavel Reichl wrote: > Hello, > > this patch works around the bug in nsupdate > (https://bugzilla.redhat.com/show_bug.cgi?id=1262430) > > thanks! > From 4ce49023285b9435abcd3b86d88b40151b76b24c Mon Sep 17 00:00:00 2001 > From: Pavel Reichl

Re: [SSSD] [PATCH] PAM: Make p11_child timeout configurable

2015-09-14 Thread Jakub Hrozek
On Mon, Sep 07, 2015 at 03:38:32PM +0200, Michal Židek wrote: > Hi, > > patch for ticket https://fedorahosted.org/sssd/ticket/2773 > is attached. > > Michal > From 96215f618f61b8b2b303f0398a41af94292ccf57 Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Michal=20=C5=BDidek?= >

Re: [SSSD] sssd + pkcs11

2015-09-14 Thread Sumit Bose
On Mon, Sep 14, 2015 at 12:10:31PM +0200, Nikos Mavrogiannopoulos wrote: > On Mon, 2015-09-14 at 11:46 +0200, Sumit Bose wrote: > > On Mon, Sep 14, 2015 at 11:25:39AM +0200, Nikos Mavrogiannopoulos > > wrote: > > > Hello, > > > I've been writing some text to integrate freeipa/sssd with > > >

Re: [SSSD] sssd + pkcs11

2015-09-14 Thread Jan Pazdziora
On Mon, Sep 14, 2015 at 06:40:14PM +0200, Sumit Bose wrote: > > This sounds similar to the Apache use-case Jan is working on where > Apache verifies that the certificate is valid and the client knows the > private key. Right, we don't really investigate how the client managed to get the

Re: [SSSD] [PATCH] DDNS: execute nsupdate for single update of PTR rec

2015-09-14 Thread Pavel Reichl
On 09/14/2015 05:29 PM, Jakub Hrozek wrote: On Sun, Sep 13, 2015 at 01:43:03PM +0200, Pavel Reichl wrote: struct sss_iface_addr **_iface_addrs); + +struct sss_iface_addr * +sss_iface_addr_get_next(struct sss_iface_addr *address); + +struct sockaddr_storage*

Re: [SSSD] [PATCH] CONFDB: Assume config file version 2 if missing

2015-09-14 Thread Jakub Hrozek
On Thu, Sep 03, 2015 at 02:29:16PM +0200, Michal Židek wrote: > On 09/03/2015 09:58 AM, Lukas Slebodnik wrote: > >On (03/09/15 09:35), Jakub Hrozek wrote: > >>On Wed, Sep 02, 2015 at 02:52:42PM +0200, Lukas Slebodnik wrote: > >>>On (01/09/15 12:55), Michal Židek wrote: > On 09/01/2015 11:11

[SSSD] sssd + pkcs11

2015-09-14 Thread Nikos Mavrogiannopoulos
Hello, I've been writing some text to integrate freeipa/sssd with openconnect server [0], and for single password or OTP that seems to integrate seamlessly. However, when PAM-SSSD is configured to use smart cards, that only works with locally inserted cards. That is even if one uses the smart

Re: [SSSD] sssd + pkcs11

2015-09-14 Thread Sumit Bose
On Mon, Sep 14, 2015 at 11:25:39AM +0200, Nikos Mavrogiannopoulos wrote: > Hello, > I've been writing some text to integrate freeipa/sssd with openconnect > server [0], and for single password or OTP that seems to integrate > seamlessly. However, when PAM-SSSD is configured to use smart cards, >

Re: [SSSD] [PATCH] CONFDB: Assume config file version 2 if missing

2015-09-14 Thread Jakub Hrozek
On Mon, Sep 14, 2015 at 11:10:53AM +0200, Jakub Hrozek wrote: > CI had some issues, but I don't think those are related to your patch: > http://sssd-ci.duckdns.org/logs/job/26/52/summary.html > > ACK for sssd-1-12 * sssd-1-12: c35eb4aa64a67d34d343d608be40d60b61fb7d11

Re: [SSSD] [PATCH] IPA: Remove MPG groups if getgrgid was called before getpw()

2015-09-14 Thread Jakub Hrozek
On Fri, Jul 31, 2015 at 10:26:58AM +0200, Jakub Hrozek wrote: > On Thu, Jul 30, 2015 at 06:20:31PM +0200, Sumit Bose wrote: > > On Wed, Jul 22, 2015 at 12:18:07PM +0200, Jakub Hrozek wrote: > > > On Wed, Jul 22, 2015 at 10:01:31AM +0200, Sumit Bose wrote: > > > > On Tue, Jul 21, 2015 at 09:41:46PM

Re: [SSSD] [PATCH] SYSDB: Index the objectSIDString attribute

2015-09-14 Thread Jakub Hrozek
On Thu, Sep 03, 2015 at 08:19:58AM +0200, Jakub Hrozek wrote: > On Thu, Sep 03, 2015 at 06:24:35AM +0200, Lukas Slebodnik wrote: > > On (19/08/15 18:15), Jakub Hrozek wrote: > > >On Tue, Aug 18, 2015 at 05:31:43PM +0200, Michal Židek wrote: > > >> On 08/17/2015 10:35 PM, Jakub Hrozek wrote: > > >>

Re: [SSSD] sssd + pkcs11

2015-09-14 Thread Nikos Mavrogiannopoulos
On Mon, 2015-09-14 at 11:46 +0200, Sumit Bose wrote: > On Mon, Sep 14, 2015 at 11:25:39AM +0200, Nikos Mavrogiannopoulos > wrote: > > Hello, > > I've been writing some text to integrate freeipa/sssd with > > openconnect > > server [0], and for single password or OTP that seems to integrate > >