Re: [SSSD] [PATCH] confdb: Remove unused function confdb_get_long

On 09/30/2015 07:42 AM, Lukas Slebodnik wrote: On (29/09/15 17:45), Jakub Hrozek wrote: On Tue, Sep 29, 2015 at 11:38:58AM +0200, Sumit Bose wrote: On Tue, Sep 29, 2015 at 10:50:06AM +0200, Pavel Reichl wrote: On 09/29/2015 10:44 AM, Lukas Slebodnik wrote: On (29/09/15 10:42), Pavel

Re: [SSSD] [PATCHES] fix minor memory leaks

On 09/29/2015 05:49 PM, Jakub Hrozek wrote: On Tue, Sep 29, 2015 at 02:20:39PM +0200, Pavel Reichl wrote: In my opinion we can drop the change. This is not an imminent bug it's rather code style dispute and I don't think that we have to bother Sumit for that. Unless of course pbrezina feels

Re: [SSSD] Please review: https://fedorahosted.org/sssd/wiki/SecuritySensitiveOptions

On 09/30/2015 09:38 AM, Jakub Hrozek wrote: Hi, to help the OpenSCAP integration, I prepared a wiki page that contains options which have a security impact -- either positive (drop root) or negative (ignore certificate validation issues). I also tried to explain the effect of the options

Re: [SSSD] [PATCH] confdb: Remove unused function confdb_get_long

On Wed, Sep 30, 2015 at 08:31:57AM +0200, Pavel Reichl wrote: > > > On 09/30/2015 07:42 AM, Lukas Slebodnik wrote: > >On (29/09/15 17:45), Jakub Hrozek wrote: > >>On Tue, Sep 29, 2015 at 11:38:58AM +0200, Sumit Bose wrote: > >>>On Tue, Sep 29, 2015 at 10:50:06AM +0200, Pavel Reichl wrote: >

Re: [SSSD] Please review: https://fedorahosted.org/sssd/wiki/SecuritySensitiveOptions

On (30/09/15 09:38), Jakub Hrozek wrote: >Hi, > >to help the OpenSCAP integration, I prepared a wiki page that contains >options which have a security impact -- either positive (drop root) or >negative (ignore certificate validation issues). > >I also tried to explain the effect of the options

Re: [SSSD] [PATCH] CI: Run integration tests on debian testing

On (29/09/15 16:47), Nikolai Kondrashov wrote: >On 09/29/2015 03:41 PM, Lukas Slebodnik wrote: >>ehlo, >> >>Integration tests are enabled on debian with the last patch. > >So we've got more cwrap packages into Debian? Awesome :)! Or were they there >all the time and I simply failed to notice them?

Re: [SSSD] [PATCH] Add a client-side hook to prevent pushes without Reviewed-By

On Tue, Sep 29, 2015 at 08:28:30AM +0200, Lukas Slebodnik wrote: > On (28/09/15 14:19), Jakub Hrozek wrote: > >Hi, > > > >to activate this hook, copy it from contrib to .git/hooks and make sure > >the executable flag is on. Attempting to push a commit without > >Reviewed-By will then trigger an

[SSSD] Please review: https://fedorahosted.org/sssd/wiki/SecuritySensitiveOptions

Hi, to help the OpenSCAP integration, I prepared a wiki page that contains options which have a security impact -- either positive (drop root) or negative (ignore certificate validation issues). I also tried to explain the effect of the options along with the description. There are some more

Re: [SSSD] Please review: https://fedorahosted.org/sssd/wiki/SecuritySensitiveOptions

On 09/30/2015 09:38 AM, Jakub Hrozek wrote: Hi, to help the OpenSCAP integration, I prepared a wiki page that contains options which have a security impact -- either positive (drop root) or negative (ignore certificate validation issues). I also tried to explain the effect of the options along

Re: [SSSD] [PATCH] confdb: Remove unused function confdb_get_long

On (30/09/15 10:06), Sumit Bose wrote: >On Wed, Sep 30, 2015 at 08:31:57AM +0200, Pavel Reichl wrote: >> >> >> On 09/30/2015 07:42 AM, Lukas Slebodnik wrote: >> >On (29/09/15 17:45), Jakub Hrozek wrote: >> >>On Tue, Sep 29, 2015 at 11:38:58AM +0200, Sumit Bose wrote: >> >>>On Tue, Sep 29, 2015

Re: [SSSD] RFC: Improving the debug messages

On Tue, Sep 29, 2015 at 07:53:41PM +0200, Jakub Hrozek wrote: > On Tue, Sep 29, 2015 at 06:15:35PM +0200, Sumit Bose wrote: > > On Tue, Sep 29, 2015 at 05:57:32PM +0200, Jakub Hrozek wrote: > > > On Mon, Sep 28, 2015 at 10:18:07AM +0200, Sumit Bose wrote: > > > > On Mon, Jun 29, 2015 at 11:07:30PM

Re: [SSSD] [PATCH] AD: inicialize root_domain_attrs field

On Tue, Sep 29, 2015 at 09:25:13AM +0200, Jakub Hrozek wrote: > On Fri, Sep 25, 2015 at 11:00:07AM +0200, Jakub Hrozek wrote: > > On Fri, Sep 25, 2015 at 10:31:02AM +0200, Lukas Slebodnik wrote: > > > >The test_ipa_subdom_server test took me some time, that's why I don't > > > >think we need to

Re: [SSSD] [PATCH] CI: Fix configure script arguments for CentOS

On 09/30/2015 08:31 AM, Lukas Slebodnik wrote: On (29/09/15 17:02), Nikolai Kondrashov wrote: Er, no, I don't mind which way we go, but we'd better be consistent, so please either change Lukas's patch, or all the other places :) Or, Lukas, did you mean that "||" outside []/[[]] tests is

[SSSD] [PATCH] MAN: Clarify pam_trusted_users option description

Hi, while working on the hardening wiki page, I realized the pam_trusted_users option can be improved. Please see the attached patch. >From ac09c8dabb706ad1a870354a2879eb899d17c5fc Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 30 Sep 2015 09:33:17 +0200 Subject:

[SSSD] [PATCH] MAN: proxy and krb5 are valid access control modules

Hi, while documenting the security options I realized man sssd.conf doesn't include the krb5 and proxy access control modules. I hope I worded the sentence about krb5 correctly. >From 9c8ce997e738c537061d53c5499ad0d0417c012e Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date:

Re: [SSSD] Please review: https://fedorahosted.org/sssd/wiki/SecuritySensitiveOptions

On Wed, Sep 30, 2015 at 10:37:30AM +0200, Lukas Slebodnik wrote: > On (30/09/15 09:38), Jakub Hrozek wrote: > >Hi, > > > >to help the OpenSCAP integration, I prepared a wiki page that contains > >options which have a security impact -- either positive (drop root) or > >negative (ignore certificate

Re: [SSSD] RFC: Improving the debug messages

On Wed, Sep 30, 2015 at 01:10:20PM +0200, Petr Cech wrote: > On 09/30/2015 11:15 AM, Jakub Hrozek wrote: > >On Wed, Sep 30, 2015 at 09:53:24AM +0200, Sumit Bose wrote: > >>It's https://fedorahosted.org/sssd/ticket/2808 . Please add ideas and > >>suggestions how those tags shall look like. > > >

[SSSD] Announcing SSSD 1.13.1

== SSSD 1.13.1 === The SSSD team is proud to announce the release of version 1.13.1 of the System Security Services Daemon. As always, the source is available from https://fedorahosted.org/sssd RPM packages will be made available for Fedora shortly. == Feedback ==

Re: [SSSD] RFC: Improving the debug messages

On Wed, Sep 30, 2015 at 09:53:24AM +0200, Sumit Bose wrote: > It's https://fedorahosted.org/sssd/ticket/2808 . Please add ideas and > suggestions how those tags shall look like. Thanks, I ressurected https://fedorahosted.org/sssd/ticket/1372 from Deferred as well.

Re: [SSSD] Please review: https://fedorahosted.org/sssd/wiki/SecuritySensitiveOptions

On Wed, Sep 30, 2015 at 10:07:48AM +0200, Pavel Reichl wrote: > Should not we also mention dreadful option > ldap_auth_disable_tls_never_use_in_production ? That's what I was trying to ask :) > > * should the page warn against the > > auth-option-that-shall-not-be-mentioned or politely

Re: [SSSD] RFC: Improving the debug messages

On 09/30/2015 11:15 AM, Jakub Hrozek wrote: On Wed, Sep 30, 2015 at 09:53:24AM +0200, Sumit Bose wrote: It's https://fedorahosted.org/sssd/ticket/2808 . Please add ideas and suggestions how those tags shall look like. Thanks, I ressurected https://fedorahosted.org/sssd/ticket/1372 from

Re: [SSSD] [PATCHES] DYDNDS: update quality of input for nsupdate

On Tue, Sep 29, 2015 at 11:40:34AM +0200, Pavel Reichl wrote: > > > On 09/21/2015 05:47 PM, Jakub Hrozek wrote: > >On Mon, Sep 21, 2015 at 01:03:13PM +0200, Pavel Reichl wrote: > >> > >> > >>On 09/21/2015 10:52 AM, Pavel Březina wrote: > >>>On 08/28/2015 11:05 AM, Pavel Reichl wrote: > On

Re: [SSSD] [PATCH] CI: Run integration tests on debian testing

On 09/30/2015 09:59 AM, Lukas Slebodnik wrote: On (29/09/15 16:47), Nikolai Kondrashov wrote: >On 09/29/2015 03:41 PM, Lukas Slebodnik wrote: >>ehlo, >> >>Integration tests are enabled on debian with the last patch. > >So we've got more cwrap packages into Debian? Awesome:)! Or were they

Re: [SSSD] [PATCH] [sssd-1.11] pysss_nss_idmap: Use wrapper for older python

On (19/06/15 14:25), Jakub Hrozek wrote: >On Tue, Jun 16, 2015 at 11:40:21PM +0200, Lukas Slebodnik wrote: >> ehlo, >> >> we dropped support for old version of python (<2.6) >> in recent version of sssd. It should work in 1.11 branch >> but there was a small issue in pysss_nss_idmap bindings. >>

Re: [SSSD] [PATCH] CI: Fix configure script arguments for CentOS

On (30/09/15 11:02), Nikolai Kondrashov wrote: >On 09/30/2015 08:31 AM, Lukas Slebodnik wrote: >>On (29/09/15 17:02), Nikolai Kondrashov wrote: >>>Er, no, I don't mind which way we go, but we'd better be consistent, so >>>please >>>either change Lukas's patch, or all the other places :) >>>

Re: [SSSD] [PATCH] MAN: proxy and krb5 are valid access control modules

On Wed, 30 Sep 2015, Jakub Hrozek wrote: Hi, while documenting the security options I realized man sssd.conf doesn't include the krb5 and proxy access control modules. I hope I worded the sentence about krb5 correctly. ACK -- / Alexander Bokovoy ___

Re: [SSSD] [PATCH] MAN: Clarify pam_trusted_users option description

On Wed, 30 Sep 2015, Jakub Hrozek wrote: Hi, while working on the hardening wiki page, I realized the pam_trusted_users option can be improved. Please see the attached patch. ACK, this is much better explanation than it was before. -- / Alexander Bokovoy

Re: [SSSD] [PATCH] CI: Run integration tests on debian testing

On 09/30/2015 04:08 PM, Nikolai Kondrashov wrote: Looks fine now, tested on my Debian laptop - worked fine. Additionally, it worked on a fresh Debian Testing Docker image - niiice :) Nick ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org

Re: [SSSD] [PATCH] confdb: warn if memcache_timeout > than entry_cache

On Wed, Sep 23, 2015 at 08:55:11PM +0200, Pavel Březina wrote: > Ack. Thank you! CI: http://sssd-ci.duckdns.org/logs/job/28/14/summary.html * master: 3fb1ee96f508784d7e06f079111d4d32d401a99b btw the ticket was in Backlog, not in the currently-in-progress 1.13.2, so I just moved it.

Re: [SSSD] CI: Already fixed bug for TODO

On 09/30/2015 08:20 AM, Lukas Slebodnik wrote: On (29/09/15 17:35), Nikolai Kondrashov wrote: On 09/29/2015 05:13 PM, Nikolai Kondrashov wrote: On 09/29/2015 03:54 PM, Lukas Slebodnik wrote: ehlo, I touched the CI script and I found an interesting todo distro.sh-52-{ distro.sh-53-

Re: [SSSD] [PATCH] AD: add debug messages for netlogon get info

On Wed, Sep 23, 2015 at 07:11:32AM +0200, Petr Cech wrote: > On 09/22/2015 05:25 PM, Pavel Reichl wrote: > >Hello, please see trivial patch attached. > Hello, > it works. > CI tests: http://sssd-ci.duckdns.org/logs/job/27/54/summary.html > > ACK > > Petr * master:

Re: [SSSD] [PATCH] intg: Add more LDAP tests

On 09/30/2015 06:15 PM, Nikolai Kondrashov wrote: NOTE: These still break test_memory_cache.py as seen in the attached log file. Here's a fresher log, with the correct line numbers: http://sssd-ci.duckdns.org/logs/job/28/19/rhel7/ci-build-debug/ci-make-intgcheck.log Nick

Re: [SSSD] [PATCH] CI: Run integration tests on debian testing

On Wed, Sep 30, 2015 at 04:08:09PM +0300, Nikolai Kondrashov wrote: > Thank you, Lukas! > > ACK. CI: http://sssd-ci.duckdns.org/logs/job/28/16/summary.html * master: * cf37196dca93a8785c5a4e0af6e9a5053bff4e3a * 90063840941efb2015d4375333677e3c26b1f4e6 *

Re: [SSSD] [PATCH] intg: Add more LDAP tests

On 09/30/2015 06:15 PM, Nikolai Kondrashov wrote: -create_conf_fixture(request, conf) +create_conf_fixture(request, format_basic_conf(ldap_conn, False, True)) Actually, I wanted to do one more thing with this and forgot: name the "bis" and "enum" parameters explicitly on each

[SSSD] [PATCH] man: Minor fixes to filter_groups description

Hi everyone, I noticed one little thing was wrong with the combined filter_users/filter_groups description on the sssd.conf(5) manpage and also wanted to add a note WRT nested groups behavior with filter_groups which was a bit surprising to me. The trivial patches are attached. Nick >From

[SSSD] [PATCH] intg: Add more LDAP tests

Hi everyone, Here is a patch set fixing some things in integration tests and adding more LDAP tests: * Adding/removing a user/group/membership with rfc2307(bis) schema. * Filtering users/groups with rfc2307(bis) schema. * The effect of override_homedir option. * The effect of