date:20160916

   URL: https://github.com/SSSD/sssd/pull/25
Author: jhrozek
 Title: #25: TESTS: Add integration tests for the proxy provider of sssd-secrets
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/25/head:pr25
git checkout pr25
From 7623a3a5f7c1ec95f801fad69e88e4df397b1142 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Mon, 8 Aug 2016 17:49:05 +0200
Subject: [PATCH] TESTS: Add integration tests for the sssd-secrets local
 provider

Resolves:
https://fedorahosted.org/sssd/ticket/3054

Implements a simple HTTP client and uses it to talk to the sssd-secrets
responder. Only the local provider is tested at the moment.
---
 contrib/ci/deps.sh |   2 +
 src/tests/intg/Makefile.am |   5 ++
 src/tests/intg/config.py.m4|   3 +
 src/tests/intg/secrets.py  | 138 +
 src/tests/intg/test_secrets.py | 152 +
 5 files changed, 300 insertions(+)
 create mode 100644 src/tests/intg/secrets.py
 create mode 100644 src/tests/intg/test_secrets.py

diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh
index 1a94e3d..9a7098c 100644
--- a/contrib/ci/deps.sh
+++ b/contrib/ci/deps.sh
@@ -45,6 +45,7 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then
 pyldb
 rpm-build
 uid_wrapper
+python-requests
 )
 _DEPS_LIST_SPEC=`
 sed -e 's/@PACKAGE_VERSION@/0/g' \
@@ -114,6 +115,7 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then
 python-pytest
 python-ldap
 python-ldb
+python-requests
 ldap-utils
 slapd
 systemtap-sdt-dev
diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am
index 75422a4..1e08ead 100644
--- a/src/tests/intg/Makefile.am
+++ b/src/tests/intg/Makefile.am
@@ -16,6 +16,8 @@ dist_noinst_DATA = \
 test_memory_cache.py \
 test_ts_cache.py \
 test_netgroup.py \
+secrets.py \
+test_secrets.py \
 $(NULL)
 
 config.py: config.py.m4
@@ -25,6 +27,9 @@ config.py: config.py.m4
 	   -D "pidpath=\`$(pidpath)'" \
 	   -D "logpath=\`$(logpath)'" \
 	   -D "mcpath=\`$(mcpath)'" \
+	   -D "secdbpath=\`$(secdbpath)'" \
+	   -D "libexecpath=\`$(libexecdir)'" \
+	   -D "runstatedir=\`$(runstatedir)'" \
 	   $< > $@
 
 root:
diff --git a/src/tests/intg/config.py.m4 b/src/tests/intg/config.py.m4
index 77aa47b..65e17e5 100644
--- a/src/tests/intg/config.py.m4
+++ b/src/tests/intg/config.py.m4
@@ -12,3 +12,6 @@ PID_PATH= "pidpath"
 PIDFILE_PATH= PID_PATH + "/sssd.pid"
 LOG_PATH= "logpath"
 MCACHE_PATH = "mcpath"
+SECDB_PATH  = "secdbpath"
+LIBEXEC_PATH= "libexecpath"
+RUNSTATEDIR = "runstatedir"
diff --git a/src/tests/intg/secrets.py b/src/tests/intg/secrets.py
new file mode 100644
index 000..b488225
--- /dev/null
+++ b/src/tests/intg/secrets.py
@@ -0,0 +1,138 @@
+#
+# Secrets responder test client
+#
+# Copyright (c) 2016 Red Hat, Inc.
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+import socket
+import requests
+
+from requests.adapters import HTTPAdapter
+from requests.packages.urllib3.connection import HTTPConnection
+from requests.packages.urllib3.connectionpool import HTTPConnectionPool
+from requests.compat import quote, unquote, urlparse
+
+
+class HTTPUnixConnection(HTTPConnection):
+def __init__(self, host, timeout=60, **kwargs):
+# pylint: disable=bad-super-call
+super(HTTPUnixConnection, self).__init__('localhost')
+self.unix_socket = host
+self.timeout = timeout
+
+def connect(self):
+sock = socket.socket(family=socket.AF_UNIX)
+sock.settimeout(self.timeout)
+sock.connect(self.unix_socket)
+self.sock = sock
+
+
+class HTTPUnixConnectionPool(HTTPConnectionPool):
+scheme = 'http+unix'
+ConnectionCls = HTTPUnixConnection
+
+
+class HTTPUnixAdapter(HTTPAdapter):
+def get_connection(self, url, proxies=None):
+# proxies, silently ignored
+path = unquote(urlparse(url).netloc)
+return HTTPUnixConnectionPool(path)
+
+
+class SecretsHttpClient(object):
+secrets_sock_path = '/var/run/secrets.socket'
+secrets_container = 'secrets'
+
+def __init__(self, content_type='application/json', sock_path=None):
+if sock_path is None:
+sock_path = self.secrets_sock_path
+
+self.content_type =

[SSSD] [sssd PR#25][comment] TESTS: Add integration tests for the proxy provider of sssd-secrets

  URL: https://github.com/SSSD/sssd/pull/25
Title: #25: TESTS: Add integration tests for the proxy provider of sssd-secrets

jhrozek commented:
"""
I also added a test for one of Fabiano's patches in the last patch iteration
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/25#issuecomment-247614911
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#25][synchronized] TESTS: Add integration tests for the proxy provider of sssd-secrets

   URL: https://github.com/SSSD/sssd/pull/25
Author: jhrozek
 Title: #25: TESTS: Add integration tests for the proxy provider of sssd-secrets
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/25/head:pr25
git checkout pr25
From 8f3f02729e73a9a916028ccfec20a9c54d635473 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Mon, 8 Aug 2016 17:49:05 +0200
Subject: [PATCH] TESTS: Add integration tests for the sssd-secrets local
 provider

Resolves:
https://fedorahosted.org/sssd/ticket/3054

Implements a simple HTTP client and uses it to talk to the sssd-secrets
responder. Only the local provider is tested at the moment.
---
 contrib/ci/deps.sh |   2 +
 src/tests/intg/Makefile.am |   5 ++
 src/tests/intg/config.py.m4|   3 +
 src/tests/intg/secrets.py  | 138 +
 src/tests/intg/test_secrets.py | 152 +
 src/util/util.c|   2 +-
 6 files changed, 301 insertions(+), 1 deletion(-)
 create mode 100644 src/tests/intg/secrets.py
 create mode 100644 src/tests/intg/test_secrets.py

diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh
index 1a94e3d..9a7098c 100644
--- a/contrib/ci/deps.sh
+++ b/contrib/ci/deps.sh
@@ -45,6 +45,7 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then
 pyldb
 rpm-build
 uid_wrapper
+python-requests
 )
 _DEPS_LIST_SPEC=`
 sed -e 's/@PACKAGE_VERSION@/0/g' \
@@ -114,6 +115,7 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then
 python-pytest
 python-ldap
 python-ldb
+python-requests
 ldap-utils
 slapd
 systemtap-sdt-dev
diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am
index 75422a4..1e08ead 100644
--- a/src/tests/intg/Makefile.am
+++ b/src/tests/intg/Makefile.am
@@ -16,6 +16,8 @@ dist_noinst_DATA = \
 test_memory_cache.py \
 test_ts_cache.py \
 test_netgroup.py \
+secrets.py \
+test_secrets.py \
 $(NULL)
 
 config.py: config.py.m4
@@ -25,6 +27,9 @@ config.py: config.py.m4
 	   -D "pidpath=\`$(pidpath)'" \
 	   -D "logpath=\`$(logpath)'" \
 	   -D "mcpath=\`$(mcpath)'" \
+	   -D "secdbpath=\`$(secdbpath)'" \
+	   -D "libexecpath=\`$(libexecdir)'" \
+	   -D "runstatedir=\`$(runstatedir)'" \
 	   $< > $@
 
 root:
diff --git a/src/tests/intg/config.py.m4 b/src/tests/intg/config.py.m4
index 77aa47b..65e17e5 100644
--- a/src/tests/intg/config.py.m4
+++ b/src/tests/intg/config.py.m4
@@ -12,3 +12,6 @@ PID_PATH= "pidpath"
 PIDFILE_PATH= PID_PATH + "/sssd.pid"
 LOG_PATH= "logpath"
 MCACHE_PATH = "mcpath"
+SECDB_PATH  = "secdbpath"
+LIBEXEC_PATH= "libexecpath"
+RUNSTATEDIR = "runstatedir"
diff --git a/src/tests/intg/secrets.py b/src/tests/intg/secrets.py
new file mode 100644
index 000..b488225
--- /dev/null
+++ b/src/tests/intg/secrets.py
@@ -0,0 +1,138 @@
+#
+# Secrets responder test client
+#
+# Copyright (c) 2016 Red Hat, Inc.
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+import socket
+import requests
+
+from requests.adapters import HTTPAdapter
+from requests.packages.urllib3.connection import HTTPConnection
+from requests.packages.urllib3.connectionpool import HTTPConnectionPool
+from requests.compat import quote, unquote, urlparse
+
+
+class HTTPUnixConnection(HTTPConnection):
+def __init__(self, host, timeout=60, **kwargs):
+# pylint: disable=bad-super-call
+super(HTTPUnixConnection, self).__init__('localhost')
+self.unix_socket = host
+self.timeout = timeout
+
+def connect(self):
+sock = socket.socket(family=socket.AF_UNIX)
+sock.settimeout(self.timeout)
+sock.connect(self.unix_socket)
+self.sock = sock
+
+
+class HTTPUnixConnectionPool(HTTPConnectionPool):
+scheme = 'http+unix'
+ConnectionCls = HTTPUnixConnection
+
+
+class HTTPUnixAdapter(HTTPAdapter):
+def get_connection(self, url, proxies=None):
+# proxies, silently ignored
+path = unquote(urlparse(url).netloc)
+return HTTPUnixConnectionPool(path)
+
+
+class SecretsHttpClient(object):
+secrets_sock_path = '/var/run/secrets.socket'
+secrets_container = 'secrets'
+
+def __init__(self, content_type='application/json', sock_path=None):
+if sock_path is None:
+sock_path =

[SSSD] [sssd PR#27][+Changes requested] Minor code changes

  URL: https://github.com/SSSD/sssd/pull/27
Title: #27: Minor code changes

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: [PATCH SET] SYSDB: Adding message to inform about cache

2016-09-16 Thread Petr Cech


On 09/14/2016 04:00 PM, Lukas Slebodnik wrote:

On (06/09/16 13:15), Petr Cech wrote:

On 09/05/2016 02:31 PM, Fabiano Fidêncio wrote:

On Mon, Sep 5, 2016 at 11:59 AM, Fabiano Fidêncio  wrote:

Petr,

I went through your patches and in general they look good to me.
However, I haven't done any tests yet with your patches (and I'll do
it after lunch).


I've done some tests and I've been able to see the ldif changes in the
domain log. So, I assume it's working.
For sure it's a good improvement! Would be worth to link some
documentation about ldiff as it may be confusing for someone who is
not used to it.

I'll wait for a new version of the patches and go through them again.

I really would like to have someone's else opinion on this series.



Please, below you can see a few comments. Feel completely free to
ignore the first one if you feel like doing it, it's just a minor :-)
For the other comments, I'd like to understand a few changes you have done.


Patch 0001: SYSDB: Adding message to inform which cache is used

About the following part of the patch:
+static const char *get_attr_storage(int state_mask)
+{
+const char *storage = "";
+
+if (state_mask == SSS_SYSDB_BOTH_CACHE ) {
+storage = "cache, ts_cache";
+} else if (state_mask == SSS_SYSDB_TS_CACHE) {
+storage = "ts_cache";
+} else if (state_mask == SSS_SYSDB_CACHE) {
+storage = "cache";
+}
+
+return storage;
+}

I personally don't like this kind of comparison done with flags. I'd
go for something like: if ((state_mask & SSS_SYSDB_BOTH_CACHE) != 0)
...
But this is a really minor and feel free to ignore it.


Patch 0002: SYSDB: Adding message about reason why cache changed

LGTM


Patch 0003: SYSDB: Adding wrappers for ldb_* operations

About the following parts of the patch:

On src/db/sysdb_ldb_wrapper.c

+#define ERR_FN_ENOMEM (-1 * ENOMEM)
+#define ERR_FN_ENOENT (-1 * ENOENT)

Why? I failed to understand why you're doing this here.

+if (print_ctx == NULL) {
+return -1;
+return ERR_FN_ENOMEM;
+}

I guess the return -1 is a leftover :-)

+if (print_ctx->ldif == NULL) {
+return -2;
+return ERR_FN_ENOENT;
+}

I guess the return -2 is also a leftover :-)

+if (ret < 0) {
+DEBUG(SSSDBG_MINOR_FAILURE, "ldb_ldif_write() failed with [%d][%s].\n",
+-1 * ret, sss_strerror(-1 * ret));
+goto done;
+}

And here again this dance multiplying by -1 that I don't understand
the reason :-\

+done:
+if (ldb_print_ctx != NULL && ldb_print_ctx->ldif != NULL) {
+talloc_free(ldb_print_ctx->ldif);
+}
+talloc_free(ldb_print_ctx);

AFAIU talloc_free can gracefully handle NULL. Considering that's the
case I'd just check for (if ldb_print_ctx != NULL)
talloc_free(ldb_print_ctx->ldif);
Considering it doesn't, we may have some issues on trying to free
(ldb_print_ctx)

On src/db/sysdb_ldb_wrapper.h:

+int sss_ldb_rename(struct ldb_context *ldb,
+   struct ldb_dn * olddn,
+   struct ldb_dn *newdn);

Just a really minor codying style change here, remove the extra space
between * and olddn: struct ldb_dn * olddn,  ->  struct ldb_dn *olddn,


Patch0004: SYSDB: ldb_add --> sss_ldb_add in sysdb
Patch0005: SYSDB: ldb_delete --> sss_ldb_delete in sysdb
Patch0006: SYSDB: ldb_modify --> sss_ldb_modify in sysdb
Patch0007: SYSDB: ldb_rename --> sss_ldb_rename in sysdb

LGTM


Best Regards,
--
Fabiano Fidêncio


Hello,


there is new patch set attached.
I replaced all ldb_* to new wrapper in whole code.

Regards

--
Petr^4 Čech



From 529b0d3009f8310b8257d5a69639a0fafa30140c Mon Sep 17 00:00:00 2001
From: Petr Cech 
Date: Tue, 16 Aug 2016 09:32:18 +0200
Subject: [PATCH 1/7] SYSDB: Adding message to inform which cache is used

Resolves:
https://fedorahosted.org/sssd/ticket/3060
---
src/db/sysdb_ops.c | 32 
1 file changed, 32 insertions(+)

diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 
5d9c9fb24a149f8215b3027dcb4b0e1a183e4b43..847b663bdb2ec31de3eb3b4c33e2b942145a4c42
 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -27,6 +27,12 @@
#include "util/cert.h"
#include 

+
+#define SSS_SYSDB_NO_CACHE 0x0
+#define SSS_SYSDB_CACHE 0x1
+#define SSS_SYSDB_TS_CACHE 0x2
+#define SSS_SYSDB_BOTH_CACHE (SSS_SYSDB_CACHE | SSS_SYSDB_TS_CACHE)
+
static uint32_t get_attr_as_uint32(struct ldb_message *msg, const char *attr)
{
const struct ldb_val *v = ldb_msg_find_ldb_val(msg, attr);
@@ -1176,6 +1182,21 @@ done:
return ret;
}

+static const char *get_attr_storage(int state_mask)
+{
+const char *storage = "";
+
+if ((state_mask & SSS_SYSDB_BOTH_CACHE) != 0) {

Let's assume that we will add new type of cache in future
(e.g. SSS_SYSDB_SECRET_CACHE)

If the value of "state_mask" was CACHE | TS_CACHE SECRET_CACHE
then this condition would be true but return incorrent string.


So, I

[SSSD] [sssd PR#25][synchronized] TESTS: Add integration tests for the proxy provider of sssd-secrets

   URL: https://github.com/SSSD/sssd/pull/25
Author: jhrozek
 Title: #25: TESTS: Add integration tests for the proxy provider of sssd-secrets
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/25/head:pr25
git checkout pr25
From 49e9473b07d7bcd8ee1085f7f32e82a96aa1c537 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Mon, 8 Aug 2016 17:49:05 +0200
Subject: [PATCH] TESTS: Add integration tests for the sssd-secrets local
 provider

Resolves:
https://fedorahosted.org/sssd/ticket/3054

Implements a simple HTTP client and uses it to talk to the sssd-secrets
responder. Only the local provider is tested at the moment.
---
 contrib/ci/deps.sh |   2 +
 src/tests/intg/Makefile.am |   5 ++
 src/tests/intg/config.py.m4|   3 +
 src/tests/intg/secrets.py  | 138 +++
 src/tests/intg/test_secrets.py | 143 +
 src/util/util.c|   2 +-
 6 files changed, 292 insertions(+), 1 deletion(-)
 create mode 100644 src/tests/intg/secrets.py
 create mode 100644 src/tests/intg/test_secrets.py

diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh
index 1a94e3d..9a7098c 100644
--- a/contrib/ci/deps.sh
+++ b/contrib/ci/deps.sh
@@ -45,6 +45,7 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then
 pyldb
 rpm-build
 uid_wrapper
+python-requests
 )
 _DEPS_LIST_SPEC=`
 sed -e 's/@PACKAGE_VERSION@/0/g' \
@@ -114,6 +115,7 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then
 python-pytest
 python-ldap
 python-ldb
+python-requests
 ldap-utils
 slapd
 systemtap-sdt-dev
diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am
index 75422a4..1e08ead 100644
--- a/src/tests/intg/Makefile.am
+++ b/src/tests/intg/Makefile.am
@@ -16,6 +16,8 @@ dist_noinst_DATA = \
 test_memory_cache.py \
 test_ts_cache.py \
 test_netgroup.py \
+secrets.py \
+test_secrets.py \
 $(NULL)
 
 config.py: config.py.m4
@@ -25,6 +27,9 @@ config.py: config.py.m4
 	   -D "pidpath=\`$(pidpath)'" \
 	   -D "logpath=\`$(logpath)'" \
 	   -D "mcpath=\`$(mcpath)'" \
+	   -D "secdbpath=\`$(secdbpath)'" \
+	   -D "libexecpath=\`$(libexecdir)'" \
+	   -D "runstatedir=\`$(runstatedir)'" \
 	   $< > $@
 
 root:
diff --git a/src/tests/intg/config.py.m4 b/src/tests/intg/config.py.m4
index 77aa47b..65e17e5 100644
--- a/src/tests/intg/config.py.m4
+++ b/src/tests/intg/config.py.m4
@@ -12,3 +12,6 @@ PID_PATH= "pidpath"
 PIDFILE_PATH= PID_PATH + "/sssd.pid"
 LOG_PATH= "logpath"
 MCACHE_PATH = "mcpath"
+SECDB_PATH  = "secdbpath"
+LIBEXEC_PATH= "libexecpath"
+RUNSTATEDIR = "runstatedir"
diff --git a/src/tests/intg/secrets.py b/src/tests/intg/secrets.py
new file mode 100644
index 000..b488225
--- /dev/null
+++ b/src/tests/intg/secrets.py
@@ -0,0 +1,138 @@
+#
+# Secrets responder test client
+#
+# Copyright (c) 2016 Red Hat, Inc.
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+import socket
+import requests
+
+from requests.adapters import HTTPAdapter
+from requests.packages.urllib3.connection import HTTPConnection
+from requests.packages.urllib3.connectionpool import HTTPConnectionPool
+from requests.compat import quote, unquote, urlparse
+
+
+class HTTPUnixConnection(HTTPConnection):
+def __init__(self, host, timeout=60, **kwargs):
+# pylint: disable=bad-super-call
+super(HTTPUnixConnection, self).__init__('localhost')
+self.unix_socket = host
+self.timeout = timeout
+
+def connect(self):
+sock = socket.socket(family=socket.AF_UNIX)
+sock.settimeout(self.timeout)
+sock.connect(self.unix_socket)
+self.sock = sock
+
+
+class HTTPUnixConnectionPool(HTTPConnectionPool):
+scheme = 'http+unix'
+ConnectionCls = HTTPUnixConnection
+
+
+class HTTPUnixAdapter(HTTPAdapter):
+def get_connection(self, url, proxies=None):
+# proxies, silently ignored
+path = unquote(urlparse(url).netloc)
+return HTTPUnixConnectionPool(path)
+
+
+class SecretsHttpClient(object):
+secrets_sock_path = '/var/run/secrets.socket'
+secrets_container = 'secrets'
+
+def __init__(self, content_type='application/json', sock_path=None):
+if sock_path is None:
+sock_path =

[SSSD] [sssd PR#21][comment] IFP: expose user and group unique IDs through DBus

2016-09-16 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/21
Title: #21: IFP: expose user and group unique IDs through DBus

lslebodn commented:
"""
On (16/09/16 06:12), Jakub Hrozek wrote:
>I also wonder if the SIDs are needed. I don't have anything to add them in 
>principle, except I would prefer to not add more attributes to the bus unless 
>necessary, because then we have to keep them.
>
>So if you can find out the ID mapping is good enough for you, I think just 
>going with ID numbers might be better.
>

BTW, I think that even with current version of sssd you could get UUID
That was a purpose of config option ```user_attributes```.
Please check man sssd-ifp -> user_attributes

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/21#issuecomment-247605525
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#27][comment] Minor code changes

2016-09-16 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/27
Title: #27: Minor code changes

lslebodn commented:
"""
NACK to the first patch.
We should rather use ldap_err2string.
Adding more if/else statementes just complicate the code.

the 2nd patch would make sense if you would like to reuse
enum for other use-case which I cannot see in patch set.
If there is not such use-case I would prefer to keep curret name of enum.

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/27#issuecomment-247604790
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#27][opened] Minor code changes

2016-09-16 Thread mzidek-rh

   URL: https://github.com/SSSD/sssd/pull/27
Author: mzidek-rh
 Title: #27: Minor code changes
Action: opened

PR body:
"""
Some small changes in the code.
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/27/head:pr27
git checkout pr27
From b861d0b4887f49cc9a43bea0e95a2156603b7db3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= 
Date: Fri, 16 Sep 2016 15:08:03 +0200
Subject: [PATCH 1/2] SDAP: Special dbg msg when exceeding adminlimit

Use different debug message LDAP_SIZELIMIT_EXCEEDED
and LDAP_ADMINLIMIT_EXCEEDED.
---
 src/providers/ldap/sdap_async.c | 11 ---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index f374112..b260c09 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -1526,15 +1526,20 @@ static void sdap_get_generic_op_finished(struct sdap_op *op,
   sss_ldap_err2string(result), result,
   errmsg ? errmsg : "no errmsg set");
 
-if (result == LDAP_SIZELIMIT_EXCEEDED
-|| result == LDAP_ADMINLIMIT_EXCEEDED) {
+if (result == LDAP_SIZELIMIT_EXCEEDED) {
 /* Try to return what we've got */
-
 if ( ! (state->flags & SDAP_SRCH_FLG_SIZELIMIT_SILENT)) {
 DEBUG(SSSDBG_MINOR_FAILURE,
   "LDAP sizelimit was exceeded, "
   "returning incomplete data\n");
 }
+} else if (result == LDAP_ADMINLIMIT_EXCEEDED) {
+/* Try to return what we've got */
+if ( ! (state->flags & SDAP_SRCH_FLG_SIZELIMIT_SILENT)) {
+DEBUG(SSSDBG_MINOR_FAILURE,
+  "LDAP adminlimit was exceeded, "
+  "returning incomplete data\n");
+}
 } else if (result == LDAP_INAPPROPRIATE_MATCHING) {
 /* This error should only occur when we're testing for
  * specialized functionality like the ldap matching rule

From 50f214ac00350cde7198df2827a321502e77f00e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= 
Date: Fri, 16 Sep 2016 15:12:01 +0200
Subject: [PATCH 2/2] SDAP: Rename flag to silence debug msg

Rename SDAP_SRCH_FLG_SIZELIMIT_SILENT into
SDAP_SRCH_FLG_SILENT, because it is used
for both sizelimit and adminlimit.
---
 src/providers/ldap/sdap_async.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index b260c09..70f295d 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -1187,7 +1187,7 @@ static void sdap_get_generic_op_finished(struct sdap_op *op,
 
 enum {
 /* Be silent about exceeded size limit */
-SDAP_SRCH_FLG_SIZELIMIT_SILENT = 1 << 0,
+SDAP_SRCH_FLG_SILENT = 1 << 0,
 
 /* Allow paging */
 SDAP_SRCH_FLG_PAGING   = 1 << 1,
@@ -1528,14 +1528,14 @@ static void sdap_get_generic_op_finished(struct sdap_op *op,
 
 if (result == LDAP_SIZELIMIT_EXCEEDED) {
 /* Try to return what we've got */
-if ( ! (state->flags & SDAP_SRCH_FLG_SIZELIMIT_SILENT)) {
+if ( ! (state->flags & SDAP_SRCH_FLG_SILENT)) {
 DEBUG(SSSDBG_MINOR_FAILURE,
   "LDAP sizelimit was exceeded, "
   "returning incomplete data\n");
 }
 } else if (result == LDAP_ADMINLIMIT_EXCEEDED) {
 /* Try to return what we've got */
-if ( ! (state->flags & SDAP_SRCH_FLG_SIZELIMIT_SILENT)) {
+if ( ! (state->flags & SDAP_SRCH_FLG_SILENT)) {
 DEBUG(SSSDBG_MINOR_FAILURE,
   "LDAP adminlimit was exceeded, "
   "returning incomplete data\n");
@@ -2669,7 +2669,7 @@ static errno_t sdap_posix_check_next(struct tevent_req *req)
  state->attrs,
  NULL, NULL, 1, state->timeout,
  sdap_posix_check_parse, state,
- SDAP_SRCH_FLG_SIZELIMIT_SILENT);
+ SDAP_SRCH_FLG_SILENT);
 if (subreq == NULL) {
 return ENOMEM;
 }
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#11][+Pushed] SECRETS: Don't remove a container when it has children

  URL: https://github.com/SSSD/sssd/pull/11
Title: #11: SECRETS: Don't remove a container when it has children

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#11][comment] SECRETS: Don't remove a container when it has children

  URL: https://github.com/SSSD/sssd/pull/11
Title: #11: SECRETS: Don't remove a container when it has children

jhrozek commented:
"""
* master: ab7b33fd7d820688545d5994a402cedf4bcdb6e1
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/11#issuecomment-247597744
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#11][closed] SECRETS: Don't remove a container when it has children

   URL: https://github.com/SSSD/sssd/pull/11
Author: fidencio
 Title: #11: SECRETS: Don't remove a container when it has children
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/11/head:pr11
git checkout pr11
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#11][-Accepted] SECRETS: Don't remove a container when it has children

  URL: https://github.com/SSSD/sssd/pull/11
Title: #11: SECRETS: Don't remove a container when it has children

Label: -Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#21][comment] IFP: expose user and group unique IDs through DBus

  URL: https://github.com/SSSD/sssd/pull/21
Title: #21: IFP: expose user and group unique IDs through DBus

jhrozek commented:
"""
I also wonder if the SIDs are needed. I don't have anything to add them in 
principle, except I would prefer to not add more attributes to the bus unless 
necessary, because then we have to keep them.

So if you can find out the ID mapping is good enough for you, I think just 
going with ID numbers might be better.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/21#issuecomment-247596888
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#17][-Accepted] Improve support for gdm Smartcard support

  URL: https://github.com/SSSD/sssd/pull/17
Title: #17: Improve support for gdm Smartcard support

Label: -Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#17][comment] Improve support for gdm Smartcard support

  URL: https://github.com/SSSD/sssd/pull/17
Title: #17: Improve support for gdm Smartcard support

jhrozek commented:
"""
master:
35ba922bc51416f02877b53a6f25c04104ae5f03
3649b959709f1ab187092f054d4aace0798c98fa
71cd9f98150577224559bdc12c53c01ce6f2c3d9 
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/17#issuecomment-247596520
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#17][+Pushed] Improve support for gdm Smartcard support

  URL: https://github.com/SSSD/sssd/pull/17
Title: #17: Improve support for gdm Smartcard support

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#17][closed] Improve support for gdm Smartcard support

   URL: https://github.com/SSSD/sssd/pull/17
Author: sumit-bose
 Title: #17: Improve support for gdm Smartcard support
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/17/head:pr17
git checkout pr17
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#17][comment] Improve support for gdm Smartcard support

  URL: https://github.com/SSSD/sssd/pull/17
Title: #17: Improve support for gdm Smartcard support

jhrozek commented:
"""
CI: http://sssd-ci.duckdns.org/logs/job/53/47/summary.html
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/17#issuecomment-247593970
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#26][+Changes requested] KRB5: Fixing FQ name of user in krb5_setup()

  URL: https://github.com/SSSD/sssd/pull/26
Title: #26: KRB5: Fixing FQ name of user in krb5_setup()

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#26][comment] KRB5: Fixing FQ name of user in krb5_setup()

  URL: https://github.com/SSSD/sssd/pull/26
Title: #26: KRB5: Fixing FQ name of user in krb5_setup()

jhrozek commented:
"""
You also need to use the output name for `kr->kuserok_user`, currently it's 
using qualified name, which is not going to work (see the branch just below..)
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/26#issuecomment-247593387
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: [PATCH] sss_override: improve --debug description

On (31/08/16 09:25), Justin Stephenson wrote:
>On 08/31/2016 06:59 AM, Pavel Březina wrote:
>> On 08/30/2016 08:52 PM, Justin Stephenson wrote:
>> > On 08/05/2016 11:45 AM, Lukas Slebodnik wrote:
>> > > On (15/03/16 12:40), Pavel Březina wrote:
>> > > > On 12/09/2015 01:16 PM, Jakub Hrozek wrote:
>> > > > > On Wed, Dec 09, 2015 at 01:07:10PM +0100, Pavel Březina wrote:
>> > > > > > https://fedorahosted.org/sssd/ticket/2813
>> > > > > > 
>> > > > > > I wanted to split include/debug_levels.xml into more files so we
>> > > > > > don't
>> > > > > > duplicate information, but I didn't figure out how to use
>> > > > > > xi:include in
>> > > > > > files that are already beeing included. I always managed to fail on
>> > > > > > dtd
>> > > > > > validation. Maybe someone more familiar with docbook may chime in.
>> > > > > 
>> > > > > If nesting doesn't work, wouldn't it be better to have a separate 
>> > > > > file
>> > > > > with just the levels so that services would include the
>> > > > > how-to-debug-services.xml and then levels?
>> > > > > 
>> > > > > Either way, the new file must be added to src/man/po/po4a.cfg
>> > > > 
>> > > > Here is the original patch with po4a.cfg altered.
>> > > > 
>> > > 
>> > > > From fb91d0bb1a84e77c5900aae0f8ca8b634f9baea7 Mon Sep 17 00:00:00 2001
>> > > > From: =?UTF-8?q?Pavel=20B=C5=99ezina?= 
>> > > > Date: Wed, 9 Dec 2015 13:04:35 +0100
>> > > > Subject: [PATCH] sss_override: improve --debug description
>> > > > 
>> > > > Resolves:
>> > > > https://fedorahosted.org/sssd/ticket/2813
>> > > > ---
>> > > Bump for review
>> > 
>> > + Critical failures. An error that doesn't kill the SSSD, but
>> > one that
>> > + indicates that at least one major feature is not going to work
>> > + properly.
>> > +
>> > +
>> > 
>> > ACK with one minor change.
>> > 
>> >  s/kill the SSSD/kill SSSD/
>> 
>> Since it was just copy pasted text I'm sending this change in separate
>> commit and did it in both places.
>
>Hi Pavel,
>
>I still see 'the SSSD' in the newly attached patch
>0001-sss_override-improve-debug-descripption.patch
>
>One thing I noticed just now, I was not clear on understanding the Minor
>failures description.
>
>+ 0x0080: Minor failures. These are the errors
>that
>+ would percolate down to cause the operation failure of 2.
>
>Does it mean these are errors of minor importance that should not affect SSSD
>functionality but may lead up to Serious Failure errors
>
>Sorry to nitpick, if it reads well to others then ACK.
>
Pavel,
Could you prepare updated version?

LS
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: [PATCH] sudo man page: say that we support IPA schema

On (16/09/16 14:37), Lukas Slebodnik wrote:
>On (30/08/16 16:51), Justin Stephenson wrote:
>>
>>On 08/30/2016 09:56 AM, Justin Stephenson wrote:
>>> 
>>> On 08/30/2016 04:24 AM, Lukas Slebodnik wrote:
>>> > On (30/08/16 10:14), Jakub Hrozek wrote:
>>> > > On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote:
>>> > > > On 08/10/2016 04:33 PM, Dan Lavu wrote:
>>> > > > > I asked Lukas this but he wasn't positive, is the objectClasses
>>> > > > > different when adding 'ldap_sudo_search_base' ? Or is it just
>>> > > > > location?
>>> > > > > 
>>> > > > > Eitherway, I think this is going to be a little more concise,
>>> > > > > 
>>> > > > > "When SSSD is configured and using the IPA provider, sudo is
>>> > > > > automatically enabled. The sudo search base is
>>> > > > > cn=sudo,ou=sudoers,$DC. If a different search base is defined in
>>> > > > > sssd.conf, it will use the value from the configuration file. (e.g.
>>> > > > > ou=sudoers,$DC generated by compat plugin)."
>>> > > > 
>>> > > > Hello Dan/Pavel,
>>> > > > 
>>> > > > I tried to combine some of your suggestions, Please see attached.
>>> > > > 
>>> > > > I also thought that $SUFFIX makes the root suffix more clear than
>>> > > > $DC but
>>> > > > that is just my personal opinion.
>>> > > > 
>>> > > > Kind regards,
>>> > > > Justin Stephenson
>>> > > > 
>>> > > > > ___
>>> > > > > sssd-devel mailing list
>>> > > > > sssd-devel@lists.fedorahosted.org
>>> > > > > https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
>>> > > > > 
>>> > > > > 
>>> > > 
>>> > > > From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001
>>> > > > From: Justin Stephenson 
>>> > > > Date: Mon, 29 Aug 2016 11:20:00 -0400
>>> > > > Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP
>>> > > > tree support
>>> > > > 
>>> > > > Update sssd-sudo man page to reflect native IPA sudo support
>>> > > > 
>>> > > > Resolves:
>>> > > > https://fedorahosted.org/sssd/ticket/3145
>>> > > > ---
>>> > > >  src/man/sssd-sudo.5.xml | 9 ++---
>>> > > >  1 file changed, 6 insertions(+), 3 deletions(-)
>>> > > > 
>>> > > > diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
>>> > > > index
>>> > > > de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b
>>> > > > 100644
>>> > > > --- a/src/man/sssd-sudo.5.xml
>>> > > > +++ b/src/man/sssd-sudo.5.xml
>>> > > > @@ -109,9 +109,12 @@ ldap_sudo_search_base =
>>> > > > ou=sudoers,dc=example,dc=com
>>> > > >  
>>> > > >  
>>> > > >  
>>> > > > -When the SSSD is configured to use IPA as the ID 
>>> > > > provider,
>>> > > > -the sudo provider is automatically enabled. The sudo
>>> > > > search base
>>> > > > -is configured to use the compat tree (ou=sudoers,$DC).
>>> > > > +When SSSD is configured to use IPA as the ID provider, 
>>> > > > the
>>> > > > +sudo provider is automatically enabled. The sudo search
>>> > > > base is
>>> > > > +configured to use the IPA native LDAP
>>> > > > tree(cn=sudo,ou=sudoers,$SUFFIX).
>>> > 
>>> > ^^^
>>> > I thought it is either (ou=sudoers,$SUFFIX)
>>> > or (cn=sudo,$SUFFIX)
>>> > 
>>> > > Hi, the manpage builds and the text reads good to me. I would just like
>>> > > to put a whitespace between "tree" and the opening "(". If you agree, I
>>> > > can fix this before pushing the patch, no need to re-send it..
>>> 
>>> Yes, please go ahead.
>>> 
>>> > > 
>>> > IMHO, It deserves a new patch :-)
>>> 
>>> Hi Lukas, I can resubmit the patch if you'd like.
>>
>>Updated patch attached with both changes made.
>>
>
>>From 76915bf609fdb2008c17f407f517de1a8602fc8b Mon Sep 17 00:00:00 2001
>>From: Justin Stephenson 
>>Date: Mon, 29 Aug 2016 11:20:00 -0400
>>Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support
>>
>>Update sssd-sudo man page to reflect native IPA sudo support
>>
>>Resolves:
>>https://fedorahosted.org/sssd/ticket/3145
>>---
>> src/man/sssd-sudo.5.xml | 9 ++---
>> 1 file changed, 6 insertions(+), 3 deletions(-)
>>
>>diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
>>index 
>>de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..9be77725d679946bd09b86771cc7379b6ac64627
>> 100644
>>--- a/src/man/sssd-sudo.5.xml
>>+++ b/src/man/sssd-sudo.5.xml
>>@@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
>> 
>> 
>> 
>>-When the SSSD is configured to use IPA as the ID provider,
>>-the sudo provider is automatically enabled. The sudo search base
>>-is configured to use the compat tree (ou=sudoers,$DC).
>>+When SSSD is configured to use IPA as the ID provider, the
>>+sudo provider is automatically enabled. The sudo search base is
>>+configured to use

[SSSD] Re: [PATCH] sudo man page: say that we support IPA schema

On (30/08/16 16:51), Justin Stephenson wrote:
>
>On 08/30/2016 09:56 AM, Justin Stephenson wrote:
>> 
>> On 08/30/2016 04:24 AM, Lukas Slebodnik wrote:
>> > On (30/08/16 10:14), Jakub Hrozek wrote:
>> > > On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote:
>> > > > On 08/10/2016 04:33 PM, Dan Lavu wrote:
>> > > > > I asked Lukas this but he wasn't positive, is the objectClasses
>> > > > > different when adding 'ldap_sudo_search_base' ? Or is it just
>> > > > > location?
>> > > > > 
>> > > > > Eitherway, I think this is going to be a little more concise,
>> > > > > 
>> > > > > "When SSSD is configured and using the IPA provider, sudo is
>> > > > > automatically enabled. The sudo search base is
>> > > > > cn=sudo,ou=sudoers,$DC. If a different search base is defined in
>> > > > > sssd.conf, it will use the value from the configuration file. (e.g.
>> > > > > ou=sudoers,$DC generated by compat plugin)."
>> > > > 
>> > > > Hello Dan/Pavel,
>> > > > 
>> > > > I tried to combine some of your suggestions, Please see attached.
>> > > > 
>> > > > I also thought that $SUFFIX makes the root suffix more clear than
>> > > > $DC but
>> > > > that is just my personal opinion.
>> > > > 
>> > > > Kind regards,
>> > > > Justin Stephenson
>> > > > 
>> > > > > ___
>> > > > > sssd-devel mailing list
>> > > > > sssd-devel@lists.fedorahosted.org
>> > > > > https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
>> > > > > 
>> > > > > 
>> > > 
>> > > > From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001
>> > > > From: Justin Stephenson 
>> > > > Date: Mon, 29 Aug 2016 11:20:00 -0400
>> > > > Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP
>> > > > tree support
>> > > > 
>> > > > Update sssd-sudo man page to reflect native IPA sudo support
>> > > > 
>> > > > Resolves:
>> > > > https://fedorahosted.org/sssd/ticket/3145
>> > > > ---
>> > > >  src/man/sssd-sudo.5.xml | 9 ++---
>> > > >  1 file changed, 6 insertions(+), 3 deletions(-)
>> > > > 
>> > > > diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
>> > > > index
>> > > > de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b
>> > > > 100644
>> > > > --- a/src/man/sssd-sudo.5.xml
>> > > > +++ b/src/man/sssd-sudo.5.xml
>> > > > @@ -109,9 +109,12 @@ ldap_sudo_search_base =
>> > > > ou=sudoers,dc=example,dc=com
>> > > >  
>> > > >  
>> > > >  
>> > > > -When the SSSD is configured to use IPA as the ID provider,
>> > > > -the sudo provider is automatically enabled. The sudo
>> > > > search base
>> > > > -is configured to use the compat tree (ou=sudoers,$DC).
>> > > > +When SSSD is configured to use IPA as the ID provider, the
>> > > > +sudo provider is automatically enabled. The sudo search
>> > > > base is
>> > > > +configured to use the IPA native LDAP
>> > > > tree(cn=sudo,ou=sudoers,$SUFFIX).
>> > 
>> > ^^^
>> > I thought it is either (ou=sudoers,$SUFFIX)
>> > or (cn=sudo,$SUFFIX)
>> > 
>> > > Hi, the manpage builds and the text reads good to me. I would just like
>> > > to put a whitespace between "tree" and the opening "(". If you agree, I
>> > > can fix this before pushing the patch, no need to re-send it..
>> 
>> Yes, please go ahead.
>> 
>> > > 
>> > IMHO, It deserves a new patch :-)
>> 
>> Hi Lukas, I can resubmit the patch if you'd like.
>
>Updated patch attached with both changes made.
>

>From 76915bf609fdb2008c17f407f517de1a8602fc8b Mon Sep 17 00:00:00 2001
>From: Justin Stephenson 
>Date: Mon, 29 Aug 2016 11:20:00 -0400
>Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support
>
>Update sssd-sudo man page to reflect native IPA sudo support
>
>Resolves:
>https://fedorahosted.org/sssd/ticket/3145
>---
> src/man/sssd-sudo.5.xml | 9 ++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
>diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
>index 
>de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..9be77725d679946bd09b86771cc7379b6ac64627
> 100644
>--- a/src/man/sssd-sudo.5.xml
>+++ b/src/man/sssd-sudo.5.xml
>@@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
> 
> 
> 
>-When the SSSD is configured to use IPA as the ID provider,
>-the sudo provider is automatically enabled. The sudo search base
>-is configured to use the compat tree (ou=sudoers,$DC).
>+When SSSD is configured to use IPA as the ID provider, the
>+sudo provider is automatically enabled. The sudo search base is
>+configured to use the IPA native LDAP tree (cn=sudo,$SUFFIX).
>+If any other search base is defined in sssd.conf, this value will 
>be
>+used instead. The compat tree

[SSSD] [sssd PR#25][synchronized] TESTS: Add integration tests for the proxy provider of sssd-secrets

   URL: https://github.com/SSSD/sssd/pull/25
Author: jhrozek
 Title: #25: TESTS: Add integration tests for the proxy provider of sssd-secrets
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/25/head:pr25
git checkout pr25
From 7372f0e8f328339bf54cc00a2d83be0bf1e23cab Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Mon, 8 Aug 2016 17:49:05 +0200
Subject: [PATCH] TESTS: Add integration tests for the sssd-secrets local
 provider

Resolves:
https://fedorahosted.org/sssd/ticket/3054

Implements a simple HTTP client and uses it to talk to the sssd-secrets
responder. Only the local provider is tested at the moment.
---
 contrib/ci/deps.sh |   2 +
 src/tests/intg/Makefile.am |   5 ++
 src/tests/intg/config.py.m4|   3 +
 src/tests/intg/secrets.py  | 138 +++
 src/tests/intg/test_secrets.py | 143 +
 5 files changed, 291 insertions(+)
 create mode 100644 src/tests/intg/secrets.py
 create mode 100644 src/tests/intg/test_secrets.py

diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh
index 1a94e3d..9a7098c 100644
--- a/contrib/ci/deps.sh
+++ b/contrib/ci/deps.sh
@@ -45,6 +45,7 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then
 pyldb
 rpm-build
 uid_wrapper
+python-requests
 )
 _DEPS_LIST_SPEC=`
 sed -e 's/@PACKAGE_VERSION@/0/g' \
@@ -114,6 +115,7 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then
 python-pytest
 python-ldap
 python-ldb
+python-requests
 ldap-utils
 slapd
 systemtap-sdt-dev
diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am
index 75422a4..1e08ead 100644
--- a/src/tests/intg/Makefile.am
+++ b/src/tests/intg/Makefile.am
@@ -16,6 +16,8 @@ dist_noinst_DATA = \
 test_memory_cache.py \
 test_ts_cache.py \
 test_netgroup.py \
+secrets.py \
+test_secrets.py \
 $(NULL)
 
 config.py: config.py.m4
@@ -25,6 +27,9 @@ config.py: config.py.m4
 	   -D "pidpath=\`$(pidpath)'" \
 	   -D "logpath=\`$(logpath)'" \
 	   -D "mcpath=\`$(mcpath)'" \
+	   -D "secdbpath=\`$(secdbpath)'" \
+	   -D "libexecpath=\`$(libexecdir)'" \
+	   -D "runstatedir=\`$(runstatedir)'" \
 	   $< > $@
 
 root:
diff --git a/src/tests/intg/config.py.m4 b/src/tests/intg/config.py.m4
index 77aa47b..65e17e5 100644
--- a/src/tests/intg/config.py.m4
+++ b/src/tests/intg/config.py.m4
@@ -12,3 +12,6 @@ PID_PATH= "pidpath"
 PIDFILE_PATH= PID_PATH + "/sssd.pid"
 LOG_PATH= "logpath"
 MCACHE_PATH = "mcpath"
+SECDB_PATH  = "secdbpath"
+LIBEXEC_PATH= "libexecpath"
+RUNSTATEDIR = "runstatedir"
diff --git a/src/tests/intg/secrets.py b/src/tests/intg/secrets.py
new file mode 100644
index 000..0de0161
--- /dev/null
+++ b/src/tests/intg/secrets.py
@@ -0,0 +1,138 @@
+#
+# Secrets responder test client
+#
+# Copyright (c) 2016 Red Hat, Inc.
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+import socket
+import requests
+
+from requests.adapters import HTTPAdapter
+from requests.packages.urllib3.connection import HTTPConnection
+from requests.packages.urllib3.connectionpool import HTTPConnectionPool
+from requests.compat import quote, unquote, urlparse
+
+
+class HTTPUnixConnection(HTTPConnection):
+def __init__(self, host, timeout=60, **kwargs):
+# pylint: disable=bad-super-call
+super(HTTPConnection, self).__init__('localhost')
+self.unix_socket = host
+self.timeout = timeout
+
+def connect(self):
+s = socket.socket(family=socket.AF_UNIX)
+s.settimeout(self.timeout)
+s.connect(self.unix_socket)
+self.sock = s
+
+
+class HTTPUnixConnectionPool(HTTPConnectionPool):
+scheme = 'http+unix'
+ConnectionCls = HTTPUnixConnection
+
+
+class HTTPUnixAdapter(HTTPAdapter):
+def get_connection(self, url, proxies=None):
+# proxies, silently ignored
+path = unquote(urlparse(url).netloc)
+return HTTPUnixConnectionPool(path)
+
+
+class SecretsHttpClient(object):
+secrets_sock_path = '/var/run/secrets.socket'
+secrets_container = 'secrets'
+
+def __init__(self, content_type='application/json', sock_path=None):
+if sock_path is None:
+sock_path = self.secrets_sock_path
+
+self.content_type = content_type
+

[SSSD] [sssd PR#25][-Changes requested] TESTS: Add integration tests for the proxy provider of sssd-secrets

  URL: https://github.com/SSSD/sssd/pull/25
Title: #25: TESTS: Add integration tests for the proxy provider of sssd-secrets

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: [sssd PR#25] TESTS: Add integration tests for the proxy provider of sssd-secrets (opened)

On (14/09/16 12:02), jhrozek wrote:
>jhrozek's pull request #25: "TESTS: Add integration tests for the proxy 
>provider of sssd-secrets" was opened
>
>PR body:
>"""
>Execrcies the basic operations of the sssd-secrets responder and can be
>used as a basis to add more tests.
>"""
>
>See the full pull-request at https://github.com/SSSD/sssd/pull/25
>... or pull the PR as Git branch:
>git remote add ghsssd https://github.com/SSSD/sssd
>git fetch ghsssd pull/25/head:pr25
>git checkout pr25

>From 5be3820f25b0eb30f3bd63538a3900cf51f7ae21 Mon Sep 17 00:00:00 2001
>From: Jakub Hrozek 
>Date: Mon, 8 Aug 2016 17:49:05 +0200
>Subject: [PATCH] TESTS: Add integration tests for the sssd-secrets local
> provider
>
>Resolves:
>https://fedorahosted.org/sssd/ticket/3054
>
>Implements a simple HTTP client and uses it to talk to the sssd-secrets
>responder. Only the local provider is tested at the moment.

BTW it looks like you do not use our commit template.

  sh$ cat .git-commit-template
  COMPONENT: Subject

  Explanation

  Resolves:
  https://fedorahosted.org/sssd/ticket/

  # Try to keep the subject line within 52 chars |
  # Also please try to not exceed 72 characters of length for the body --|

LS
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: fedorahosted.org sunset

2016-09-16 Thread Michal Židek


On 09/16/2016 01:19 PM, Jakub Hrozek wrote:

On Fri, Sep 16, 2016 at 12:50:54PM +0200, Jakub Hrozek wrote:

The first step imo is -- define what exactly we miss from pagure's
tracker. For me it's:
 - milestones


Apparently, pagure has a creative way to deal with milestones:
 https://docs.pagure.org/pagure/usage/roadmap.html


This maps our current processes pretty well.
New tickets have no roadmap tags, so they are "Unplanned"
(NEEDS_TRIAGE), and adding them to a certain milestone is
a matter of setting a tag.
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#24][comment] MAN: Add a manpage for the sssd-secrets responder

  URL: https://github.com/SSSD/sssd/pull/24
Title: #24: MAN: Add a manpage for the sssd-secrets responder

jhrozek commented:
"""
On Fri, Sep 16, 2016 at 05:03:04AM -0700, Christian Heimes wrote:
> * Can SSSD's secret responder contact Custodia over Unix socket? I'd rather 
> have UDS as the default example configuration than TCP/IP.

Looking at the code, so far it doesn't seem to be the case. For one,
there is code that checks for either http:// or https:// in the schema and
the connection itself only connects over SOCK_STREAM.

> * We are considering to limit allowed characters in paths as Custodia can't 
> handle all quoted characters correctly.  
> https://github.com/latchset/custodia/issues/60#issuecomment-247580469

OK, noted, but should we mention this in the sssd manpage?

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/24#issuecomment-247585198
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#24][comment] MAN: Add a manpage for the sssd-secrets responder

2016-09-16 Thread tiran

  URL: https://github.com/SSSD/sssd/pull/24
Title: #24: MAN: Add a manpage for the sssd-secrets responder

tiran commented:
"""
* Can SSSD's secret responder contact Custodia over Unix socket? I'd rather 
have UDS as the default example configuration than TCP/IP.
* We are considering to limit allowed characters in paths as Custodia can't 
handle all quoted characters correctly.  
https://github.com/latchset/custodia/issues/60#issuecomment-247580469
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/24#issuecomment-247583785
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#17][comment] Improve support for gdm Smartcard support

  URL: https://github.com/SSSD/sssd/pull/17
Title: #17: Improve support for gdm Smartcard support

jhrozek commented:
"""
OK, even the added patch looks good to me and I just sent the patches to CI to 
be sure we don't break anything.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/17#issuecomment-247583850
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: fedorahosted.org sunset

On Fri, Sep 16, 2016 at 12:50:54PM +0200, Jakub Hrozek wrote:
> The first step imo is -- define what exactly we miss from pagure's
> tracker. For me it's:
> - milestones

Apparently, pagure has a creative way to deal with milestones:
https://docs.pagure.org/pagure/usage/roadmap.html
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: fedorahosted.org sunset

On (16/09/16 12:52), Jakub Hrozek wrote:
>On Fri, Sep 16, 2016 at 12:34:26PM +0200, Fabiano Fidêncio wrote:
>> Howdy!
>> 
>> On Fri, Sep 16, 2016 at 11:09 AM, Jakub Hrozek  wrote:
>> > Hi,
>> >
>> > fedorahosted.org is being decomissioned:
>> > 
>> > https://lists.fedoraproject.org/archives/list/annou...@lists.fedoraproject.org/thread/RLL3LFUPLYMAUKGZ5B3O64XKJXBT24KZ/
>> > so we need to find a new home for SSSD..
>> >
>> > I wanted to ask:
>> > 1) anyone from the core development team who is interested in
>> >finding a new home to raise a hand, we need someone to "own" this
>> >work
>> > 2) anyone from outside or inside the team who has an opinion to
>> >voice it :) so far we haven't even thought about the requirements
>> >in too much detail, though..
>> >
>> > In the meantime I just wrote up what fields we use from Trac and
>> > therefore what info we need to keep in the new system:
>> > https://fedorahosted.org/sssd/wiki/ticket_fields
>> 
>> So, I've seen that both pagure and github have pretty much the same
>> "issues" system and, AFAIR, it doesn't fit as well.
>> Considering Pavel's suggestion (something self-hosted), why not
>> Phabricator? Phabricator's trac seems to fit pretty much what we need.
>
>I've also heard good things about Phabricator (except being written in
>PHP..),
I do not really mind which language was used; if I do not need to administrate
it.

>but IMO we shouldn't host our own project tracker, we just don't
>have the manpower..
Maybe fedora-infra would be interested in hosting Phabricator.
It might be good to combine Phabricator + Pagure. The question
is whether they would be interested in hosting hosting another service
if they decide to get rid of servidces in fedorahosted

BTW the deadline is on 2017-02-28. So we still have time to persuade
them to either improve pagure issues tracker or to deply something else
(e.g. Phabricator)

LS
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: fedorahosted.org sunset

On Fri, Sep 16, 2016 at 12:34:26PM +0200, Fabiano Fidêncio wrote:
> Howdy!
> 
> On Fri, Sep 16, 2016 at 11:09 AM, Jakub Hrozek  wrote:
> > Hi,
> >
> > fedorahosted.org is being decomissioned:
> > 
> > https://lists.fedoraproject.org/archives/list/annou...@lists.fedoraproject.org/thread/RLL3LFUPLYMAUKGZ5B3O64XKJXBT24KZ/
> > so we need to find a new home for SSSD..
> >
> > I wanted to ask:
> > 1) anyone from the core development team who is interested in
> >finding a new home to raise a hand, we need someone to "own" this
> >work
> > 2) anyone from outside or inside the team who has an opinion to
> >voice it :) so far we haven't even thought about the requirements
> >in too much detail, though..
> >
> > In the meantime I just wrote up what fields we use from Trac and
> > therefore what info we need to keep in the new system:
> > https://fedorahosted.org/sssd/wiki/ticket_fields
> > ___
> > sssd-devel mailing list
> > sssd-devel@lists.fedorahosted.org
> > https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
> 
> So, I've seen that both pagure and github have pretty much the same
> "issues" system and, AFAIR, it doesn't fit as well.
> Considering Pavel's suggestion (something self-hosted), why not
> Phabricator? Phabricator's trac seems to fit pretty much what we need.

I've also heard good things about Phabricator (except being written in
PHP..), but IMO we shouldn't host our own project tracker, we just don't
have the manpower..
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: fedorahosted.org sunset

On Fri, Sep 16, 2016 at 12:25:41PM +0200, Lukas Slebodnik wrote:
> On (16/09/16 13:18), Nikolai Kondrashov wrote:
> >On 09/16/2016 12:09 PM, Jakub Hrozek wrote:
> >> fedorahosted.org is being decomissioned:
> >> 
> >> https://lists.fedoraproject.org/archives/list/annou...@lists.fedoraproject.org/thread/RLL3LFUPLYMAUKGZ5B3O64XKJXBT24KZ/
> >> so we need to find a new home for SSSD..
> >> 
> >> I wanted to ask:
> >> 1) anyone from the core development team who is interested in
> >>finding a new home to raise a hand, we need someone to "own" this
> >>work
> >> 2) anyone from outside or inside the team who has an opinion to
> >>voice it :) so far we haven't even thought about the requirements
> >>in too much detail, though..
> >
> >Alright, here comes my opinion :)
> >
> >GitHub seems to me the path of least resistance, as we already
> >have hooks and started doing the pull requests. Especially considering the
> >recent addition of a review process.
> >
> That is just a temporary solution. I plan to move it to Pagure
> (later not now :-)
> 
> >However, the issue tracker seems to be a point of contention. I know little 
> >of
> >requirements here, but personally would be OK with GitHub tracker, and think
> >tighter integration and better visibility could win over deficiencies.
> >
> >I don't think Pagure is going to be a smooth ride at this point.
> >
> Tracker in github is not better.

Well, no, the tracker at pagure is absolutely awful right now. I couldn't
even see milestones there. But I hope we can ask to add some fields..

The first step imo is -- define what exactly we miss from pagure's
tracker. For me it's:
- milestones
- a way to link to RHBZ
- priority (could be solved with tags I guess)
- patch submmitted (could be solved with tags)
- link to a design document (not totally needed, but if could be
  added together with RHBZ link hopefully)

So milestone and a link to external tracker are missing and need to be
added before pagure is useful.

> But we have a power to influence
> improvementes in Pagure.

Right. Github is missing links to RHBZ, but I don't see a way to add it
there..
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#24][comment] MAN: Add a manpage for the sssd-secrets responder

  URL: https://github.com/SSSD/sssd/pull/24
Title: #24: MAN: Add a manpage for the sssd-secrets responder

jhrozek commented:
"""
it would be nice if @simo5 or @tiran could skim over the manpage
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/24#issuecomment-247570447
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: fedorahosted.org sunset

2016-09-16 Thread Fabiano Fidêncio

Howdy!

On Fri, Sep 16, 2016 at 11:09 AM, Jakub Hrozek  wrote:
> Hi,
>
> fedorahosted.org is being decomissioned:
> 
> https://lists.fedoraproject.org/archives/list/annou...@lists.fedoraproject.org/thread/RLL3LFUPLYMAUKGZ5B3O64XKJXBT24KZ/
> so we need to find a new home for SSSD..
>
> I wanted to ask:
> 1) anyone from the core development team who is interested in
>finding a new home to raise a hand, we need someone to "own" this
>work
> 2) anyone from outside or inside the team who has an opinion to
>voice it :) so far we haven't even thought about the requirements
>in too much detail, though..
>
> In the meantime I just wrote up what fields we use from Trac and
> therefore what info we need to keep in the new system:
> https://fedorahosted.org/sssd/wiki/ticket_fields
> ___
> sssd-devel mailing list
> sssd-devel@lists.fedorahosted.org
> https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

So, I've seen that both pagure and github have pretty much the same
"issues" system and, AFAIR, it doesn't fit as well.
Considering Pavel's suggestion (something self-hosted), why not
Phabricator? Phabricator's trac seems to fit pretty much what we need.

Best Regards,
--
Fabiano Fidêncio
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: fedorahosted.org sunset

2016-09-16 Thread Nikolai Kondrashov

On 09/16/2016 01:25 PM, Lukas Slebodnik wrote:

On (16/09/16 13:18), Nikolai Kondrashov wrote:

On 09/16/2016 12:09 PM, Jakub Hrozek wrote:

fedorahosted.org is being decomissioned:

https://lists.fedoraproject.org/archives/list/annou...@lists.fedoraproject.org/thread/RLL3LFUPLYMAUKGZ5B3O64XKJXBT24KZ/
so we need to find a new home for SSSD..

I wanted to ask:
1) anyone from the core development team who is interested in
finding a new home to raise a hand, we need someone to "own" this
work
2) anyone from outside or inside the team who has an opinion to
voice it :) so far we haven't even thought about the requirements
in too much detail, though..

Alright, here comes my opinion :)

GitHub seems to me the path of least resistance, as we already
have hooks and started doing the pull requests. Especially considering the
recent addition of a review process.

That is just a temporary solution. I plan to move it to Pagure
(later not now :-)

However, the issue tracker seems to be a point of contention. I know little of
requirements here, but personally would be OK with GitHub tracker, and think
tighter integration and better visibility could win over deficiencies.

I don't think Pagure is going to be a smooth ride at this point.

Tracker in github is not better. But we have a power to influence
improvementes in Pagure.

I will be on your side if you decide to go to Pagure, but I wouldn't be too
enthusiastic about the speed with which we can expect improvements and
features to come and stabilize. To me Pagure seems very raw and I'm cautious
about it.

It is a construction site right now, there's basically nobody there (compared
to GitHub and other similar services), and potential contributors would need
to jump over an additional hurdle of registering another account, which, most
likely, will be of little use to them otherwise.

It would be nice to help Pagure improve and grow, but the question is can we
afford it?

Nick
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#24][comment] MAN: Add a manpage for the sssd-secrets responder

2016-09-16 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/24
Title: #24: MAN: Add a manpage for the sssd-secrets responder

lslebodn commented:
"""
Do we need review also from native speaker for initial version?

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/24#issuecomment-247568557
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: fedorahosted.org sunset

On (16/09/16 13:21), Nikolai Kondrashov wrote:
>On 09/16/2016 01:18 PM, Nikolai Kondrashov wrote:
>> On 09/16/2016 12:09 PM, Jakub Hrozek wrote:
>> > fedorahosted.org is being decomissioned:
>> > 
>> > https://lists.fedoraproject.org/archives/list/annou...@lists.fedoraproject.org/thread/RLL3LFUPLYMAUKGZ5B3O64XKJXBT24KZ/
>> > so we need to find a new home for SSSD..
>> > 
>> > I wanted to ask:
>> > 1) anyone from the core development team who is interested in
>> >finding a new home to raise a hand, we need someone to "own" this
>> >work
>> > 2) anyone from outside or inside the team who has an opinion to
>> >voice it :) so far we haven't even thought about the requirements
>> >in too much detail, though..
>> 
>> Alright, here comes my opinion :)
>> 
>> GitHub seems to me the path of least resistance, as we already
>> have hooks and started doing the pull requests. Especially considering the
>> recent addition of a review process.
>
>Oh, and I can help with remaking the website for github.io hosting, if you
>decide to go there. At least starting it up, if not going all the way. I would
>also advocate putting any documentation and design documents from the wiki
>into the source tree as Markdown, regardless whether we go to GitHub or
>Pagure.
>
I would prefer as small dependencies as possible on github.

LS
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: fedorahosted.org sunset

On (16/09/16 13:18), Nikolai Kondrashov wrote:
>On 09/16/2016 12:09 PM, Jakub Hrozek wrote:
>> fedorahosted.org is being decomissioned:
>> 
>> https://lists.fedoraproject.org/archives/list/annou...@lists.fedoraproject.org/thread/RLL3LFUPLYMAUKGZ5B3O64XKJXBT24KZ/
>> so we need to find a new home for SSSD..
>> 
>> I wanted to ask:
>> 1) anyone from the core development team who is interested in
>>finding a new home to raise a hand, we need someone to "own" this
>>work
>> 2) anyone from outside or inside the team who has an opinion to
>>voice it :) so far we haven't even thought about the requirements
>>in too much detail, though..
>
>Alright, here comes my opinion :)
>
>GitHub seems to me the path of least resistance, as we already
>have hooks and started doing the pull requests. Especially considering the
>recent addition of a review process.
>
That is just a temporary solution. I plan to move it to Pagure
(later not now :-)

>However, the issue tracker seems to be a point of contention. I know little of
>requirements here, but personally would be OK with GitHub tracker, and think
>tighter integration and better visibility could win over deficiencies.
>
>I don't think Pagure is going to be a smooth ride at this point.
>
Tracker in github is not better. But we have a power to influence
improvementes in Pagure.

LS
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: fedorahosted.org sunset

On (16/09/16 11:20), Michal Židek wrote:
>On 09/16/2016 11:09 AM, Jakub Hrozek wrote:
>> Hi,
>> 
>> fedorahosted.org is being decomissioned:
>>  
>> https://lists.fedoraproject.org/archives/list/annou...@lists.fedoraproject.org/thread/RLL3LFUPLYMAUKGZ5B3O64XKJXBT24KZ/
>> so we need to find a new home for SSSD..
>> 
>> I wanted to ask:
>>  1) anyone from the core development team who is interested in
>> finding a new home to raise a hand, we need someone to "own" this
>> work
>>  2) anyone from outside or inside the team who has an opinion to
>> voice it :) so far we haven't even thought about the requirements
>> in too much detail, though..
>> 
>> In the meantime I just wrote up what fields we use from Trac and
>> therefore what info we need to keep in the new system:
>>  https://fedorahosted.org/sssd/wiki/ticket_fields
>> 
>
>I would love to see SSSD on Pagure.
>
+1 I can help with transition to Pagure.
git hosting is not a problem and Nikolai voluntered to
convert wiki to markdown in git

The question is which way would we use for tracking bugs/issues.
I would wait for decision in freeIPA team.

LS
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: fedorahosted.org sunset

2016-09-16 Thread Nikolai Kondrashov


On 09/16/2016 01:18 PM, Nikolai Kondrashov wrote:

On 09/16/2016 12:09 PM, Jakub Hrozek wrote:

fedorahosted.org is being decomissioned:

https://lists.fedoraproject.org/archives/list/annou...@lists.fedoraproject.org/thread/RLL3LFUPLYMAUKGZ5B3O64XKJXBT24KZ/
so we need to find a new home for SSSD..

I wanted to ask:
1) anyone from the core development team who is interested in
   finding a new home to raise a hand, we need someone to "own" this
   work
2) anyone from outside or inside the team who has an opinion to
   voice it :) so far we haven't even thought about the requirements
   in too much detail, though..


Alright, here comes my opinion :)

GitHub seems to me the path of least resistance, as we already
have hooks and started doing the pull requests. Especially considering the
recent addition of a review process.


Oh, and I can help with remaking the website for github.io hosting, if you
decide to go there. At least starting it up, if not going all the way. I would
also advocate putting any documentation and design documents from the wiki
into the source tree as Markdown, regardless whether we go to GitHub or
Pagure.

Nick
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: fedorahosted.org sunset

2016-09-16 Thread Nikolai Kondrashov


On 09/16/2016 12:09 PM, Jakub Hrozek wrote:

fedorahosted.org is being decomissioned:

https://lists.fedoraproject.org/archives/list/annou...@lists.fedoraproject.org/thread/RLL3LFUPLYMAUKGZ5B3O64XKJXBT24KZ/
so we need to find a new home for SSSD..

I wanted to ask:
1) anyone from the core development team who is interested in
   finding a new home to raise a hand, we need someone to "own" this
   work
2) anyone from outside or inside the team who has an opinion to
   voice it :) so far we haven't even thought about the requirements
   in too much detail, though..


Alright, here comes my opinion :)

GitHub seems to me the path of least resistance, as we already
have hooks and started doing the pull requests. Especially considering the
recent addition of a review process.

However, the issue tracker seems to be a point of contention. I know little of
requirements here, but personally would be OK with GitHub tracker, and think
tighter integration and better visibility could win over deficiencies.

I don't think Pagure is going to be a smooth ride at this point.

Nick
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#24][+Accepted] MAN: Add a manpage for the sssd-secrets responder

2016-09-16 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/24
Title: #24: MAN: Add a manpage for the sssd-secrets responder

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: fedorahosted.org sunset

2016-09-16 Thread Pavel Březina


On 09/16/2016 11:09 AM, Jakub Hrozek wrote:

Hi,

fedorahosted.org is being decomissioned:

https://lists.fedoraproject.org/archives/list/annou...@lists.fedoraproject.org/thread/RLL3LFUPLYMAUKGZ5B3O64XKJXBT24KZ/
so we need to find a new home for SSSD..

I wanted to ask:
1) anyone from the core development team who is interested in
   finding a new home to raise a hand, we need someone to "own" this
   work
2) anyone from outside or inside the team who has an opinion to
   voice it :) so far we haven't even thought about the requirements
   in too much detail, though..

In the meantime I just wrote up what fields we use from Trac and
therefore what info we need to keep in the new system:
https://fedorahosted.org/sssd/wiki/ticket_fields


Can't we just host custom trac instance and maybe create a nicer webpage 
such as FreeIPA's?

___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

[SSSD] Re: fedorahosted.org sunset

2016-09-16 Thread Michal Židek


On 09/16/2016 11:09 AM, Jakub Hrozek wrote:

Hi,

fedorahosted.org is being decomissioned:
 
https://lists.fedoraproject.org/archives/list/annou...@lists.fedoraproject.org/thread/RLL3LFUPLYMAUKGZ5B3O64XKJXBT24KZ/
so we need to find a new home for SSSD..

I wanted to ask:
 1) anyone from the core development team who is interested in
finding a new home to raise a hand, we need someone to "own" this
work
 2) anyone from outside or inside the team who has an opinion to
voice it :) so far we haven't even thought about the requirements
in too much detail, though..

In the meantime I just wrote up what fields we use from Trac and
therefore what info we need to keep in the new system:
 https://fedorahosted.org/sssd/wiki/ticket_fields
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org



I would love to see SSSD on Pagure.

Michal
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

[SSSD] fedorahosted.org sunset

Hi,

fedorahosted.org is being decomissioned:

https://lists.fedoraproject.org/archives/list/annou...@lists.fedoraproject.org/thread/RLL3LFUPLYMAUKGZ5B3O64XKJXBT24KZ/
so we need to find a new home for SSSD..

I wanted to ask:
1) anyone from the core development team who is interested in
   finding a new home to raise a hand, we need someone to "own" this
   work
2) anyone from outside or inside the team who has an opinion to
   voice it :) so far we haven't even thought about the requirements
   in too much detail, though..

In the meantime I just wrote up what fields we use from Trac and
therefore what info we need to keep in the new system:
https://fedorahosted.org/sssd/wiki/ticket_fields
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

[SSSD] Re: RFC: github PR workflow