date:20161014

[SSSD] [sssd PR#13][-Accepted] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/13
Title: #13: MEMBEROF: Don't resolve members if they are removed

Label: -Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][closed] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread jhrozek

   URL: https://github.com/SSSD/sssd/pull/13
Author: celestian
 Title: #13: MEMBEROF: Don't resolve members if they are removed
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/13/head:pr13
git checkout pr13
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][+Pushed] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/13
Title: #13: MEMBEROF: Don't resolve members if they are removed

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][comment] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/13
Title: #13: MEMBEROF: Don't resolve members if they are removed

jhrozek commented:
"""
master:
e0903f41922721edf292a9f7e6605a4519db53a1
eaf44bc07dda469a20be07d46737d93f518e2047
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/13#issuecomment-253887578
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#44][-Accepted] libwbclient-sssd: update interface to version 0.13

2016-10-14 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/44
Title: #44: libwbclient-sssd: update interface to version 0.13

Label: -Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#44][closed] libwbclient-sssd: update interface to version 0.13

2016-10-14 Thread lslebodn

   URL: https://github.com/SSSD/sssd/pull/44
Author: sumit-bose
 Title: #44: libwbclient-sssd: update interface to version 0.13
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/44/head:pr44
git checkout pr44
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#44][comment] libwbclient-sssd: update interface to version 0.13

2016-10-14 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/44
Title: #44: libwbclient-sssd: update interface to version 0.13

lslebodn commented:
"""
master:
* f3347a0c72afc75b4d829e9981d1bac6b05a8306

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/44#issuecomment-253857506
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#47][comment] BUILD: Fix build without /sbin/service installed on the build host

2016-10-14 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/47
Title: #47: BUILD: Fix build without /sbin/service installed on the build host

lslebodn commented:
"""
master:
* a2485c56319041f0021a46d63aac38ec2a5a6b2e
* 0d52311adc48ecbe45e84c42332dece12c6d34fe
* a3cf63eab87fc34bd871c7bab0676c3a06558011
* b7b92bafe759854ad05038f1d48a69e358a7ccbf

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/47#issuecomment-253849322
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#47][comment] BUILD: Fix build without /sbin/service installed on the build host

2016-10-14 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/47
Title: #47: BUILD: Fix build without /sbin/service installed on the build host

lslebodn commented:
"""
On (14/10/16 06:42), Jakub Hrozek wrote:
>let's try again..
>
Finally, ACK :-)

http://sssd-ci.duckdns.org/logs/job/55/09/summary.html

And I would appreciate better review in future.
We needn't have 4 one-linres for two patches.

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/47#issuecomment-253848586
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#48][comment] sssctl: Flags for commadn initialization

2016-10-14 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/48
Title: #48: sssctl: Flags for commadn initialization

jhrozek commented:
"""
On Fri, Oct 14, 2016 at 08:03:20AM -0700, mzidek-rh wrote:
> I see the comment did not get forwarded to the devel list, so pasting again:
> 
> 
> Sorry, I am out of ideas here. What name do you propose? Or will it be enough 
> if I just add a comment to the flag that it will not initialize the domain 
> context?
> 

The review comments added to the github review tool do not make it to
the list. Unfortunately github doesn't offer an API to catch the review
comments..

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/48#issuecomment-253831521
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#48][comment] sssctl: Flags for commadn initialization

2016-10-14 Thread mzidek-rh

  URL: https://github.com/SSSD/sssd/pull/48
Title: #48: sssctl: Flags for commadn initialization

mzidek-rh commented:
"""
I see the comment did not get forwarded to the devel list, so pasting again:


Sorry, I am out of ideas here. What name do you propose? Or will it be enough 
if I just add a comment to the flag that it will not initialize the domain 
context?

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/48#issuecomment-253826861
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#48][+Changes requested] sssctl: Flags for commadn initialization

2016-10-14 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/48
Title: #48: sssctl: Flags for commadn initialization

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#47][synchronized] BUILD: Fix build without /sbin/service installed on the build host

2016-10-14 Thread jhrozek

   URL: https://github.com/SSSD/sssd/pull/47
Author: jhrozek
 Title: #47: BUILD: Fix build without /sbin/service installed on the build host
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/47/head:pr47
git checkout pr47
From ece168576cad2dded3bb7a506b2ade05677120ec Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Tue, 11 Oct 2016 20:41:02 +0200
Subject: [PATCH 1/4] BUILD: Not having /sbin/service is not fatal

If the target platform does not have the service executable, we must not
fail the build, but proceed, just disabling the sssctl functionality.
---
 src/external/service.m4 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/external/service.m4 b/src/external/service.m4
index f475f26..709c204 100644
--- a/src/external/service.m4
+++ b/src/external/service.m4
@@ -7,7 +7,7 @@ AC_DEFUN([CHECK_SERVICE_EXECUTABLE],
 AC_MSG_RESULT(yes)
   else
 AC_MSG_RESULT([no])
-AC_MSG_ERROR([the service executable is not available])
+AC_MSG_WARN([the service executable is not available])
   fi
 ]
 )

From 77a5865f71dba1f27bc62fb07b04d4469fe503d0 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Tue, 11 Oct 2016 20:48:44 +0200
Subject: [PATCH 2/4] RPM: Require initscripts on non-systemd platforms

In order for sssctl to work on platforms that do not use systemd, we
need to BuildRequire initscripts so that they are pulled in during build
and also Require them for sssd-tools so that the binary can be invoked.
---
 contrib/sssd.spec.in | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 40e4454..62f3e41 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -296,6 +296,9 @@ Requires: python3-sssdconfig = %{version}-%{release}
 Requires: python2-sss = %{version}-%{release}
 Requires: python2-sssdconfig = %{version}-%{release}
 %endif
+%if (0%{?use_systemd} == 0)
+Requires: /sbin/service
+%endif
 
 %description tools
 Provides userspace tools for manipulating users, groups, and nested groups in

From 9b310fb16726072934474e8d8acbf5d09228ea2f Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Thu, 13 Oct 2016 13:39:37 +0200
Subject: [PATCH 3/4] sssctl: Fix a typo in preprocessor macro

---
 src/tools/sssctl/sssctl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c
index 1035a73..b0510e6 100644
--- a/src/tools/sssctl/sssctl.c
+++ b/src/tools/sssctl/sssctl.c
@@ -128,7 +128,7 @@ static errno_t sssctl_manage_service(enum sssctl_svc_action action)
 case SSSCTL_SVC_RESTART:
 return sssctl_systemd_restart();
 }
-#elif HAVE_SERVICE
+#elif defined(HAVE_SERVICE)
 switch (action) {
 case SSSCTL_SVC_START:
 return sssctl_run_command(SERVICE_PATH" sssd start");

From c0e2fe4475f3e83af2a67ca230b225350826e9d2 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Fri, 14 Oct 2016 10:54:24 +0200
Subject: [PATCH 4/4] BUILD: Only search for service in /sbin and /usr/sbin

---
 src/external/service.m4 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/external/service.m4 b/src/external/service.m4
index 709c204..b69760f 100644
--- a/src/external/service.m4
+++ b/src/external/service.m4
@@ -1,5 +1,5 @@
 AC_DEFUN([CHECK_SERVICE_EXECUTABLE],
-[ AC_PATH_PROG(SERVICE, service)
+[ AC_PATH_PROG([SERVICE], [service], [], [/sbin:/usr/sbin])
   AC_MSG_CHECKING(for the executable \"service\")
   if test -x "$SERVICE"; then
 AC_DEFINE(HAVE_SERVICE, 1, [Whether the service command is available])
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#47][comment] BUILD: Fix build without /sbin/service installed on the build host

2016-10-14 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/47
Title: #47: BUILD: Fix build without /sbin/service installed on the build host

lslebodn commented:
"""
I hope you noticed that CI build failed:
https://ci.centos.org/job/sssd-CentOS6/87/ and 
https://ci.centos.org/job/sssd-CentOS7/100/
```
error: Unclosed %if
Traceback (most recent call last):
  File "/root/payload/contrib/ci/rpm-spec-builddeps", line 33, in 
spec = rpm.spec(sys.argv[1])
ValueError: can't parse specfile

```
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/47#issuecomment-253799442
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#43][comment] RESPONDER: Enable sudoRule in case insen. domains (1.14)

2016-10-14 Thread celestian

  URL: https://github.com/SSSD/sssd/pull/43
Title: #43: RESPONDER: Enable sudoRule in case insen. domains (1.14)

celestian commented:
"""
So, I set ```case_sensitive = preserving``` and:
```
ssh -l TEsT@scorpion.domain 192.168.122.65
TEsT@scorpion.domain@192.168.122.65's password: 
[teST@scorpion.domain@client2 ~]$ sudo less /etc/sssd/sssd.conf
```
still works. AD user was ```teST```.
I comment ```case_sensitive = preserving``` and it works again.

AD domain is case insensitive and sudo works for different (case) version of 
login name. Is there any other corner case, please?

(For example I am not sure if sudoRule have to be applicable on local user. I 
didn't think about it.)
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/43#issuecomment-253794517
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#34][comment] cache_req: move from switch to plugins

2016-10-14 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/34
Title: #34: cache_req: move from switch to plugins

jhrozek commented:
"""
Actually, sorry, one more Coverity warning:
```
Error: FORWARD_NULL (CWE-476):
sssd-1.14.2/src/responder/common/cache_req/cache_req_search.c:105: 
var_compare_op: Comparing "result" to null implies that "result" might be null.
sssd-1.14.2/src/responder/common/cache_req/cache_req_search.c:111: 
var_deref_op: Dereferencing null pointer "result".
#  109|   switch (ret) {
#  110|   case EOK:
#  111|-> if (cr->plugin->only_one_result && result->count > 1) {
#  112|   CACHE_REQ_DEBUG(SSSDBG_CRIT_FAILURE, cr,
#  113|   "Multiple objects were found when "
```
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/34#issuecomment-253792257
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#34][+Changes requested] cache_req: move from switch to plugins

2016-10-14 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/34
Title: #34: cache_req: move from switch to plugins

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#43][comment] RESPONDER: Enable sudoRule in case insen. domains (1.14)

2016-10-14 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/43
Title: #43: RESPONDER: Enable sudoRule in case insen. domains (1.14)

pbrezina commented:
"""
User that is stored in AD as teST can have multiple login names since case 
sensitivity is ignored. It can login as test, but also as teST, TEst, Test, ... 
all of those logins must work with sudo.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/43#issuecomment-253792040
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#43][comment] RESPONDER: Enable sudoRule in case insen. domains (1.14)

2016-10-14 Thread celestian

  URL: https://github.com/SSSD/sssd/pull/43
Title: #43: RESPONDER: Enable sudoRule in case insen. domains (1.14)

celestian commented:
"""
I added user 'teST' on AD. His login on Linux box is 'test'. Patch works.
Or missed I something?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/43#issuecomment-253791285
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#47][-Changes requested] BUILD: Fix build without /sbin/service installed on the build host

2016-10-14 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/47
Title: #47: BUILD: Fix build without /sbin/service installed on the build host

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#47][synchronized] BUILD: Fix build without /sbin/service installed on the build host

2016-10-14 Thread jhrozek

   URL: https://github.com/SSSD/sssd/pull/47
Author: jhrozek
 Title: #47: BUILD: Fix build without /sbin/service installed on the build host
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/47/head:pr47
git checkout pr47
From ece168576cad2dded3bb7a506b2ade05677120ec Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Tue, 11 Oct 2016 20:41:02 +0200
Subject: [PATCH 1/4] BUILD: Not having /sbin/service is not fatal

If the target platform does not have the service executable, we must not
fail the build, but proceed, just disabling the sssctl functionality.
---
 src/external/service.m4 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/external/service.m4 b/src/external/service.m4
index f475f26..709c204 100644
--- a/src/external/service.m4
+++ b/src/external/service.m4
@@ -7,7 +7,7 @@ AC_DEFUN([CHECK_SERVICE_EXECUTABLE],
 AC_MSG_RESULT(yes)
   else
 AC_MSG_RESULT([no])
-AC_MSG_ERROR([the service executable is not available])
+AC_MSG_WARN([the service executable is not available])
   fi
 ]
 )

From 7cb08671ee9abe6a64d28e2292944a3f72dc55bd Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Tue, 11 Oct 2016 20:48:44 +0200
Subject: [PATCH 2/4] RPM: Require initscripts on non-systemd platforms

In order for sssctl to work on platforms that do not use systemd, we
need to BuildRequire initscripts so that they are pulled in during build
and also Require them for sssd-tools so that the binary can be invoked.
---
 contrib/sssd.spec.in | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 40e4454..591e0c9 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -197,7 +197,6 @@ BuildRequires: nss_wrapper
 BuildRequires: libnl3-devel
 %if (0%{?use_systemd} == 1)
 BuildRequires: systemd-devel
-%endif
 %if (0%{?with_cifs_utils_plugin} == 1)
 BuildRequires: cifs-utils-devel
 %endif
@@ -296,6 +295,9 @@ Requires: python3-sssdconfig = %{version}-%{release}
 Requires: python2-sss = %{version}-%{release}
 Requires: python2-sssdconfig = %{version}-%{release}
 %endif
+%if (0%{?use_systemd} == 0)
+Requires: /sbin/service
+%endif
 
 %description tools
 Provides userspace tools for manipulating users, groups, and nested groups in

From 50f6909270ed53b3cb92b468c0dc23f6820e82eb Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Thu, 13 Oct 2016 13:39:37 +0200
Subject: [PATCH 3/4] sssctl: Fix a typo in preprocessor macro

---
 src/tools/sssctl/sssctl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c
index 1035a73..b0510e6 100644
--- a/src/tools/sssctl/sssctl.c
+++ b/src/tools/sssctl/sssctl.c
@@ -128,7 +128,7 @@ static errno_t sssctl_manage_service(enum sssctl_svc_action action)
 case SSSCTL_SVC_RESTART:
 return sssctl_systemd_restart();
 }
-#elif HAVE_SERVICE
+#elif defined(HAVE_SERVICE)
 switch (action) {
 case SSSCTL_SVC_START:
 return sssctl_run_command(SERVICE_PATH" sssd start");

From d297f01ec743948d02e4227685c7a871cbeb2d56 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Fri, 14 Oct 2016 10:54:24 +0200
Subject: [PATCH 4/4] BUILD: Only search for service in /sbin and /usr/sbin

---
 src/external/service.m4 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/external/service.m4 b/src/external/service.m4
index 709c204..b69760f 100644
--- a/src/external/service.m4
+++ b/src/external/service.m4
@@ -1,5 +1,5 @@
 AC_DEFUN([CHECK_SERVICE_EXECUTABLE],
-[ AC_PATH_PROG(SERVICE, service)
+[ AC_PATH_PROG([SERVICE], [service], [], [/sbin:/usr/sbin])
   AC_MSG_CHECKING(for the executable \"service\")
   if test -x "$SERVICE"; then
 AC_DEFINE(HAVE_SERVICE, 1, [Whether the service command is available])
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#47][+Changes requested] BUILD: Fix build without /sbin/service installed on the build host

2016-10-14 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/47
Title: #47: BUILD: Fix build without /sbin/service installed on the build host

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#34][-Changes requested] cache_req: move from switch to plugins

2016-10-14 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/34
Title: #34: cache_req: move from switch to plugins

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#43][comment] RESPONDER: Enable sudoRule in case insen. domains (1.14)

2016-10-14 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/43
Title: #43: RESPONDER: Enable sudoRule in case insen. domains (1.14)

pbrezina commented:
"""
I didn't do a thorough review but we also need to search with lover case values 
in responder so also names like "admiNISTRATOR" will match on case insensitive 
domains. The approach looks good to me.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/43#issuecomment-253783618
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#43][comment] RESPONDER: Enable sudoRule in case insen. domains (1.14)

2016-10-14 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/43
Title: #43: RESPONDER: Enable sudoRule in case insen. domains (1.14)

pbrezina commented:
"""
I didn't do a thorough review but we also need to search with lover case values 
in responder so also names like "admiNISTRATOR" will match on case insensitive 
domains.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/43#issuecomment-253783618
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][comment] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread celestian

  URL: https://github.com/SSSD/sssd/pull/13
Title: #13: MEMBEROF: Don't resolve members if they are removed

celestian commented:
"""
So, ldap patch passed intg. tests locally.

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/13#issuecomment-253782152
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][comment] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/13
Title: #13: MEMBEROF: Don't resolve members if they are removed

jhrozek commented:
"""
yes, if we don't know how to trigger the code, we shouldn't push it.

OK to push the two commits now?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/13#issuecomment-253781462
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#34][+Changes requested] cache_req: move from switch to plugins

2016-10-14 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/34
Title: #34: cache_req: move from switch to plugins

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#34][comment] cache_req: move from switch to plugins

2016-10-14 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/34
Title: #34: cache_req: move from switch to plugins

jhrozek commented:
"""
Apart from the nitpicks, the code looks better to me (I like that the lookup 
functionality is abstracted, so adding new lookups will be easy).

I tested several kinds of lookups, including UPN, overrides (only local 
overrides using the sss_override tool..), byname, byuid and negative cache. 
Everything seems to work OK.

There is also a high code coverage.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/34#issuecomment-253780951
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][comment] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/13
Title: #13: MEMBEROF: Don't resolve members if they are removed

lslebodn commented:
"""
On (14/10/16 04:48), celestian wrote:
>I did manual testing with reproducer above. And I ran chmake (it is without 
>intg., isn't it).
>Now I check ldap patch with intg.
>
Then the question is why manual testing is different than newly added
integration tests.

BTW It is possible that patch in memberof plugin can safe some unnecessary
ldb operations and can be considered as perfomance enhancement.
But it's impossible to say that without proper integration test.

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/13#issuecomment-253780298
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][comment] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread celestian

  URL: https://github.com/SSSD/sssd/pull/13
Title: #13: MEMBEROF: Don't resolve members if they are removed

celestian commented:
"""
I did manual testing with reproducer above. And I ran chmake (it is without 
intg., isn't it).
Now I check ldap patch with intg.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/13#issuecomment-253779213
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][comment] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/13
Title: #13: MEMBEROF: Don't resolve members if they are removed

lslebodn commented:
"""
On (14/10/16 04:33), Jakub Hrozek wrote:
>btw since the memberof patch we couldn't test is gone, I'm fine with pushing 
>these two.
>
I would like to know Petr's explanation of his comment before pushing the
patches.

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/13#issuecomment-253776910
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#48][-Changes requested] sssctl: Flags for commadn initialization

2016-10-14 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/48
Title: #48: sssctl: Flags for commadn initialization

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][comment] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/13
Title: #13: MEMBEROF: Don't resolve members if they are removed

jhrozek commented:
"""
btw since the memberof patch we couldn't test is gone, I'm fine with pushing 
these two.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/13#issuecomment-253776046
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][+Accepted] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/13
Title: #13: MEMBEROF: Don't resolve members if they are removed

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#48][synchronized] sssctl: Flags for commadn initialization

2016-10-14 Thread mzidek-rh

   URL: https://github.com/SSSD/sssd/pull/48
Author: mzidek-rh
 Title: #48: sssctl: Flags for commadn initialization
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/48/head:pr48
git checkout pr48
From 2123bd834fd73ffa800beba27d9e3ceee1bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= 
Date: Wed, 12 Oct 2016 13:09:37 +0200
Subject: [PATCH] sssctl: Flags for command initialization

Allow passing flags for command specific initialization. Currently
only one flag is available to skip the confdb initialization which is
required to improve config-check command.

Resolves:
https://fedorahosted.org/sssd/ticket/3209
---
 src/tools/common/sss_tools.c | 93 +---
 src/tools/common/sss_tools.h | 14 +--
 src/tools/sssctl/sssctl.c|  2 +-
 3 files changed, 65 insertions(+), 44 deletions(-)

diff --git a/src/tools/common/sss_tools.c b/src/tools/common/sss_tools.c
index 686b53a..84db824 100644
--- a/src/tools/common/sss_tools.c
+++ b/src/tools/common/sss_tools.c
@@ -182,7 +182,6 @@ errno_t sss_tool_init(TALLOC_CTX *mem_ctx,
   struct sss_tool_ctx **_tool_ctx)
 {
 struct sss_tool_ctx *tool_ctx;
-errno_t ret;
 
 tool_ctx = talloc_zero(mem_ctx, struct sss_tool_ctx);
 if (tool_ctx == NULL) {
@@ -192,45 +191,9 @@ errno_t sss_tool_init(TALLOC_CTX *mem_ctx,
 
 sss_tool_common_opts(tool_ctx, argc, argv);
 
-/* Connect to confdb. */
-ret = sss_tool_confdb_init(tool_ctx, _ctx->confdb);
-if (ret != EOK) {
-DEBUG(SSSDBG_CRIT_FAILURE, "Unable to open confdb [%d]: %s\n",
-   ret, sss_strerror(ret));
-goto done;
-}
+*_tool_ctx = tool_ctx;
 
-/* Setup domains. */
-ret = sss_tool_domains_init(tool_ctx, tool_ctx->confdb, _ctx->domains);
-if (ret != EOK) {
-DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup domains [%d]: %s\n",
-   ret, sss_strerror(ret));
-goto done;
-}
-
-ret = confdb_get_string(tool_ctx->confdb, tool_ctx,
-CONFDB_MONITOR_CONF_ENTRY,
-CONFDB_MONITOR_DEFAULT_DOMAIN,
-NULL, _ctx->default_domain);
-if (ret != EOK) {
-DEBUG(SSSDBG_OP_FAILURE, "Cannot get the default domain [%d]: %s\n",
- ret, strerror(ret));
-goto done;
-}
-
-ret = EOK;
-
-done:
-switch (ret) {
-case EOK:
-case ERR_SYSDB_VERSION_TOO_OLD:
-*_tool_ctx = tool_ctx;
-break;
-default:
-break;
-}
-
-return ret;
+return EOK;
 }
 
 static bool sss_tool_is_delimiter(struct sss_route_cmd *command)
@@ -300,6 +263,49 @@ void sss_tool_usage(const char *tool_name, struct sss_route_cmd *commands)
 sss_tool_print_common_opts(min_len);
 }
 
+static int tool_cmd_init(struct sss_tool_ctx *tool_ctx,
+ struct sss_route_cmd *command)
+{
+int ret;
+
+if (command->flags & SSS_TOOL_CMD_FLAG_NO_CONFDB) {
+/* This tool does not need to connect to confdb.
+ * Nothing to do. */
+return EOK;
+}
+
+/* Connect to confdb. */
+ret = sss_tool_confdb_init(tool_ctx, _ctx->confdb);
+if (ret != EOK) {
+DEBUG(SSSDBG_CRIT_FAILURE, "Unable to open confdb [%d]: %s\n",
+  ret, sss_strerror(ret));
+goto done;
+}
+
+/* Setup domains. */
+ret = sss_tool_domains_init(tool_ctx, tool_ctx->confdb, _ctx->domains);
+if (ret != EOK) {
+DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup domains [%d]: %s\n",
+  ret, sss_strerror(ret));
+goto done;
+}
+
+ret = confdb_get_string(tool_ctx->confdb, tool_ctx,
+CONFDB_MONITOR_CONF_ENTRY,
+CONFDB_MONITOR_DEFAULT_DOMAIN,
+NULL, _ctx->default_domain);
+if (ret != EOK) {
+DEBUG(SSSDBG_OP_FAILURE, "Cannot get the default domain [%d]: %s\n",
+  ret, strerror(ret));
+goto done;
+}
+
+ret = EOK;
+
+done:
+return ret;
+}
+
 errno_t sss_tool_route(int argc, const char **argv,
struct sss_tool_ctx *tool_ctx,
struct sss_route_cmd *commands,
@@ -308,6 +314,7 @@ errno_t sss_tool_route(int argc, const char **argv,
 struct sss_cmdline cmdline;
 const char *cmd;
 int i;
+int ret;
 
 if (commands == NULL) {
 DEBUG(SSSDBG_CRIT_FAILURE, "Bug: commands can't be NULL!\n");
@@ -339,6 +346,14 @@ errno_t sss_tool_route(int argc, const char **argv,
 return tool_ctx->init_err;
 }
 
+ret = tool_cmd_init(tool_ctx, [i]);
+if (ret != EOK) {
+DEBUG(SSSDBG_FATAL_FAILURE,
+  "Command initialization failed [%d] %s\n",
+  ret,

[SSSD] [sssd PR#48][comment] sssctl: Flags for commadn initialization

2016-10-14 Thread mzidek-rh

  URL: https://github.com/SSSD/sssd/pull/48
Title: #48: sssctl: Flags for commadn initialization

mzidek-rh commented:
"""
Ok, new patch uploaded.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/48#issuecomment-253774056
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][comment] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/13
Title: #13: MEMBEROF: Don't resolve members if they are removed

lslebodn commented:
"""
> Great, the result is the same. Both patches could fix it. So we can use just 
> ldap patch.

What do you mean by both patches could fix it?

I aplied just a memboerof patch + test
```
git log --oneline -3
1cde694 TESTS: Adding intg. tests on nested groups
5a9c686 MEMBEROF: Don't resolve members if they are removed
761515e sssctl: call service with absolute path
```

and test failed
```
make -C src/tests/intg intgcheck-installed INTGCHECK_PYTEST_ARGS=" -k 
test_ldap.py"
//snip
test_ldap.py::test_user_2307bis_nested_groups PASSED
test_ldap.py::test_special_characters_in_names PASSED
test_ldap.py::test_extra_attribute_already_exists PASSED
test_ldap.py::test_add_user_to_group PASSED
test_ldap.py::test_remove_user_from_group FAILED
test_ldap.py::test_remove_user_from_nested_group FAILED

 FAILURES 

__ test_remove_user_from_group 
___
Traceback (most recent call last):
  File "src/tests/intg/test_ldap.py", line 877, in test_remove_user_from_group
ent.assert_group_by_name("group1", dict(mem=ent.contains_only()))
  File "src/tests/intg/ent.py", line 377, in assert_group_by_name
assert not d, d
AssertionError: member list mismatch: 
unexpected members found:
['user1']
___ test_remove_user_from_nested_group 
___
Traceback (most recent call last):
  File "src/tests/intg/test_ldap.py", line 953, in 
test_remove_user_from_nested_group
dict(mem=ent.contains_only()))
  File "src/tests/intg/ent.py", line 377, in assert_group_by_name
assert not d, d
AssertionError: member list mismatch: 
unexpected members found:
['user1']
 102 tests deselected by '-ktest_ldap.py' 

== 2 failed, 15 passed, 102 deselected in 46.02 seconds 
==
Makefile:728: recipe for target 'intgcheck-installed' failed
make: *** [intgcheck-installed] Error 1
make: Leaving directory 'intg/bld/src/tests/intg'
```
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/13#issuecomment-253772653
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][comment] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/13
Title: #13: MEMBEROF: Don't resolve members if they are removed

lslebodn commented:
"""
> Great, the result is the same. Both patches could fix it. So we can use just 
> ldap patch.
What do you mean by both patches could fix it?

I aplied just a memboerof patch + test
```
git log --oneline -3
1cde694 TESTS: Adding intg. tests on nested groups
5a9c686 MEMBEROF: Don't resolve members if they are removed
761515e sssctl: call service with absolute path
```

and test failed
```
make -C src/tests/intg intgcheck-installed INTGCHECK_PYTEST_ARGS=" -k 
test_ldap.py"
//snip
test_ldap.py::test_user_2307bis_nested_groups PASSED
test_ldap.py::test_special_characters_in_names PASSED
test_ldap.py::test_extra_attribute_already_exists PASSED
test_ldap.py::test_add_user_to_group PASSED
test_ldap.py::test_remove_user_from_group FAILED
test_ldap.py::test_remove_user_from_nested_group FAILED

 FAILURES 

__ test_remove_user_from_group 
___
Traceback (most recent call last):
  File "src/tests/intg/test_ldap.py", line 877, in test_remove_user_from_group
ent.assert_group_by_name("group1", dict(mem=ent.contains_only()))
  File "src/tests/intg/ent.py", line 377, in assert_group_by_name
assert not d, d
AssertionError: member list mismatch: 
unexpected members found:
['user1']
___ test_remove_user_from_nested_group 
___
Traceback (most recent call last):
  File "src/tests/intg/test_ldap.py", line 953, in 
test_remove_user_from_nested_group
dict(mem=ent.contains_only()))
  File "src/tests/intg/ent.py", line 377, in assert_group_by_name
assert not d, d
AssertionError: member list mismatch: 
unexpected members found:
['user1']
 102 tests deselected by '-ktest_ldap.py' 

== 2 failed, 15 passed, 102 deselected in 46.02 seconds 
==
Makefile:728: recipe for target 'intgcheck-installed' failed
make: *** [intgcheck-installed] Error 1
make: Leaving directory 'intg/bld/src/tests/intg'
```
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/13#issuecomment-253772653
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#48][comment] sssctl: Flags for commadn initialization

2016-10-14 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/48
Title: #48: sssctl: Flags for commadn initialization

lslebodn commented:
"""
IMHO, it would be nicer if you add new macro SSS_TOOL_COMMAND_FLAGS (or 
different name)
rather then changing usage of SSS_TOOL_COMMAND and SSS_TOOL_COMMAND_NOMSG on 
all places.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/48#issuecomment-253767686
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#48][+Changes requested] sssctl: Flags for commadn initialization

2016-10-14 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/48
Title: #48: sssctl: Flags for commadn initialization

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: controls for solaris clients for password-less login (sshkey)

2016-10-14 Thread Jakub Hrozek

On Fri, Oct 14, 2016 at 11:36:17AM +0200, Csaba Dobo wrote:
> Hi,
> I need to add the below control to openldap:
> 1.3.6.1.4.1.42.2.27.9.5.8 (Account Usability Control)
> 
> Anyone knows how to do such thing?

The openldap-technical mailing list:
http://www.openldap.org/lists/mm/listinfo/openldap-technical
is a better place to ask questions about openldap.
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] controls for solaris clients for password-less login (sshkey)

2016-10-14 Thread Csaba Dobo

Hi,
I need to add the below control to openldap:
1.3.6.1.4.1.42.2.27.9.5.8 (Account Usability Control)

Anyone knows how to do such thing?


thnx

Csaba
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#47][synchronized] BUILD: Fix build without /sbin/service installed on the build host

2016-10-14 Thread jhrozek

   URL: https://github.com/SSSD/sssd/pull/47
Author: jhrozek
 Title: #47: BUILD: Fix build without /sbin/service installed on the build host
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/47/head:pr47
git checkout pr47
From ece168576cad2dded3bb7a506b2ade05677120ec Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Tue, 11 Oct 2016 20:41:02 +0200
Subject: [PATCH 1/4] BUILD: Not having /sbin/service is not fatal

If the target platform does not have the service executable, we must not
fail the build, but proceed, just disabling the sssctl functionality.
---
 src/external/service.m4 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/external/service.m4 b/src/external/service.m4
index f475f26..709c204 100644
--- a/src/external/service.m4
+++ b/src/external/service.m4
@@ -7,7 +7,7 @@ AC_DEFUN([CHECK_SERVICE_EXECUTABLE],
 AC_MSG_RESULT(yes)
   else
 AC_MSG_RESULT([no])
-AC_MSG_ERROR([the service executable is not available])
+AC_MSG_WARN([the service executable is not available])
   fi
 ]
 )

From c6a278b1b3ad032e078664a09a42cfcacc5d5a7c Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Tue, 11 Oct 2016 20:48:44 +0200
Subject: [PATCH 2/4] RPM: Require initscripts on non-systemd platforms

In order for sssctl to work on platforms that do not use systemd, we
need to BuildRequire initscripts so that they are pulled in during build
and also Require them for sssd-tools so that the binary can be invoked.
---
 contrib/sssd.spec.in | 5 +
 1 file changed, 5 insertions(+)

diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 40e4454..a795431 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -197,6 +197,8 @@ BuildRequires: nss_wrapper
 BuildRequires: libnl3-devel
 %if (0%{?use_systemd} == 1)
 BuildRequires: systemd-devel
+%else
+BuildRequires: initscripts
 %endif
 %if (0%{?with_cifs_utils_plugin} == 1)
 BuildRequires: cifs-utils-devel
@@ -296,6 +298,9 @@ Requires: python3-sssdconfig = %{version}-%{release}
 Requires: python2-sss = %{version}-%{release}
 Requires: python2-sssdconfig = %{version}-%{release}
 %endif
+%if (0%{?use_systemd} == 0)
+Requires: initscripts
+%endif
 
 %description tools
 Provides userspace tools for manipulating users, groups, and nested groups in

From 9a48a5a431be41b83097bb1e918d3f2c83f9e1c8 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Thu, 13 Oct 2016 13:39:37 +0200
Subject: [PATCH 3/4] sssctl: Fix a typo in preprocessor macro

---
 src/tools/sssctl/sssctl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c
index 1035a73..b0510e6 100644
--- a/src/tools/sssctl/sssctl.c
+++ b/src/tools/sssctl/sssctl.c
@@ -128,7 +128,7 @@ static errno_t sssctl_manage_service(enum sssctl_svc_action action)
 case SSSCTL_SVC_RESTART:
 return sssctl_systemd_restart();
 }
-#elif HAVE_SERVICE
+#elif defined(HAVE_SERVICE)
 switch (action) {
 case SSSCTL_SVC_START:
 return sssctl_run_command(SERVICE_PATH" sssd start");

From 1e641bc172846d0f1353d06849cdc2342aee9d75 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Fri, 14 Oct 2016 10:54:24 +0200
Subject: [PATCH 4/4] BUILD: Only search for service in /sbin and /usr/sbin

---
 src/external/service.m4 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/external/service.m4 b/src/external/service.m4
index 709c204..b69760f 100644
--- a/src/external/service.m4
+++ b/src/external/service.m4
@@ -1,5 +1,5 @@
 AC_DEFUN([CHECK_SERVICE_EXECUTABLE],
-[ AC_PATH_PROG(SERVICE, service)
+[ AC_PATH_PROG([SERVICE], [service], [], [/sbin:/usr/sbin])
   AC_MSG_CHECKING(for the executable \"service\")
   if test -x "$SERVICE"; then
 AC_DEFINE(HAVE_SERVICE, 1, [Whether the service command is available])
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#47][comment] BUILD: Fix build without /sbin/service installed on the build host

2016-10-14 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/47
Title: #47: BUILD: Fix build without /sbin/service installed on the build host

jhrozek commented:
"""
@lslebodn suggested on IRC to only search for service in /sbin and /usr/sbin. I 
added another patch that does that..

CI: http://sssd-ci.duckdns.org/logs/job/54/99/summary.html
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/47#issuecomment-253755197
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][comment] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread celestian

  URL: https://github.com/SSSD/sssd/pull/13
Title: #13: MEMBEROF: Don't resolve members if they are removed

celestian commented:
"""
Great, the result is the same. Both patches could fix it. So we can use just 
ldap patch.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/13#issuecomment-253736716
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][comment] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread celestian

  URL: https://github.com/SSSD/sssd/pull/13
Title: #13: MEMBEROF: Don't resolve members if they are removed

celestian commented:
"""
Oh no, I tested it for ldap, not for ipa provider. Wait a minute a will test it 
again. :-(
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/13#issuecomment-253735227
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][comment] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread celestian

  URL: https://github.com/SSSD/sssd/pull/13
Title: #13: MEMBEROF: Don't resolve members if they are removed

celestian commented:
"""
I changed the author of ldap patch to @sumit-bose.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/13#issuecomment-253734041
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][synchronized] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread celestian

   URL: https://github.com/SSSD/sssd/pull/13
Author: celestian
 Title: #13: MEMBEROF: Don't resolve members if they are removed
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/13/head:pr13
git checkout pr13
From 1b5c97c64c7179da8b324c7aa83767484c5c15ee Mon Sep 17 00:00:00 2001
From: Sumit Bose 
Date: Mon, 12 Sep 2016 15:18:07 +0200
Subject: [PATCH 1/2] LDAP: Removing of member link from group

Resolves:
https://fedorahosted.org/sssd/ticket/2940
---
 src/providers/ldap/sdap_async_groups.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index 72760b7..08dfa01 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -878,6 +878,8 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx,
 size_t nuserdns = 0;
 struct sss_domain_info *group_dom = NULL;
 int ret;
+const char *remove_attrs[] = {SYSDB_MEMBER, SYSDB_ORIG_MEMBER, SYSDB_GHOST,
+  NULL};
 
 if (dom->ignore_group_members) {
 DEBUG(SSSDBG_CRIT_FAILURE,
@@ -962,6 +964,13 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx,
 if (el->num_values == 0 && nuserdns == 0) {
 DEBUG(SSSDBG_TRACE_FUNC,
   "No members for group [%s]\n", group_name);
+
+ret = sysdb_remove_attrs(group_dom, group_name, SYSDB_MEMBER_GROUP,
+ discard_const(remove_attrs));
+if (ret != EOK) {
+DEBUG(SSSDBG_OP_FAILURE, "sysdb_remove_attrs failed.\n");
+goto fail;
+}
 } else {
 DEBUG(SSSDBG_TRACE_FUNC,
   "Adding member users to group [%s]\n", group_name);

From 28467e4330c500d4149135f49e019e1c6a9ee972 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= 
Date: Fri, 9 Sep 2016 06:28:01 +0200
Subject: [PATCH 2/2] TESTS: Adding intg. tests on nested groups

Resolves:
https://fedorahosted.org/sssd/ticket/2940
---
 src/tests/intg/test_ldap.py | 157 
 1 file changed, 157 insertions(+)

diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py
index 11792f5..7f0b8ff 100644
--- a/src/tests/intg/test_ldap.py
+++ b/src/tests/intg/test_ldap.py
@@ -794,3 +794,160 @@ def test_extra_attribute_already_exists(ldap_conn, extra_attributes):
   user, domain, extra_attribute)
 
 assert val == given_name
+
+
+@pytest.fixture
+def add_user_to_group(request, ldap_conn):
+"""
+Adding user to group
+"""
+ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ent_list.add_user("user1", 1001, 2001)
+ent_list.add_group_bis("group1", 20001, member_uids=["user1"])
+create_ldap_fixture(request, ldap_conn, ent_list)
+create_conf_fixture(request,
+format_rfc2307bis_deref_conf(
+ldap_conn,
+SCHEMA_RFC2307_BIS))
+create_sssd_fixture(request)
+return None
+
+
+def test_add_user_to_group(ldap_conn, add_user_to_group):
+ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
+ent.assert_group_by_name("group1", dict(mem=ent.contains_only("user1")))
+
+
+@pytest.fixture
+def remove_user_from_group(request, ldap_conn):
+"""
+Adding user to group
+"""
+ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ent_list.add_user("user1", 1001, 2001)
+ent_list.add_user("user2", 1002, 2002)
+ent_list.add_group_bis("group1", 20001, member_uids=["user1", "user2"])
+create_ldap_fixture(request, ldap_conn, ent_list)
+create_conf_fixture(request,
+format_rfc2307bis_deref_conf(
+ldap_conn,
+SCHEMA_RFC2307_BIS))
+create_sssd_fixture(request)
+return None
+
+
+def test_remove_user_from_group(ldap_conn, remove_user_from_group):
+"""
+Removing two users from group, step by step
+"""
+group1_dn = 'cn=group1,ou=Groups,' + ldap_conn.ds_inst.base_dn
+
+ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
+ent.assert_passwd_by_name("user2", dict(name="user2", uid=1002, gid=2002))
+ent.assert_group_by_name("group1",
+ dict(mem=ent.contains_only("user1", "user2")))
+
+# removing of user2 from group1
+old = {'member': ["uid=user1,ou=Users,dc=example,dc=com",
+  "uid=user2,ou=Users,dc=example,dc=com"]}
+new = {'member': ["uid=user1,ou=Users,dc=example,dc=com"]}
+
+ldif = ldap.modlist.modifyModlist(old, new)
+ldap_conn.modify_s(group1_dn, ldif)
+
+if subprocess.call(["sss_cache", "-GU"]) != 0:
+raise Exception("sssd_cache failed")
+
+ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
+

[SSSD] [sssd PR#13][comment] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/13
Title: #13: MEMBEROF: Don't resolve members if they are removed

fidencio commented:
"""
On Fri, Oct 14, 2016 at 9:46 AM, celestian  wrote:

> So, I looked this patch set again. Both, ldap and memberof patch, can fix
> the issue itself. I removed memberof patch.
>
> Original author of ldap patch is @sumit-bose
>  -- do you agree with applying? I am
> sorry, I don't know how to write co-author to the patch.
>

If you changed something in the patch, just add this* to the end of the
commit message.

*: Co-Author: Petr Čech 

Best Regards,

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/13#issuecomment-253732823
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][comment] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread celestian

  URL: https://github.com/SSSD/sssd/pull/13
Title: #13: MEMBEROF: Don't resolve members if they are removed

celestian commented:
"""
So, I looked this patch set again. Both, ldap and memberof patch, can fix the 
issue itself. I removed memberof patch.

Original author of ldap patch is @sumit-bose -- do you agree with applying? I 
am sorry, I don't know how to write co-author to the patch.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/13#issuecomment-253732056
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][-Changes requested] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread celestian

  URL: https://github.com/SSSD/sssd/pull/13
Title: #13: MEMBEROF: Don't resolve members if they are removed

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#13][synchronized] MEMBEROF: Don't resolve members if they are removed

2016-10-14 Thread celestian

   URL: https://github.com/SSSD/sssd/pull/13
Author: celestian
 Title: #13: MEMBEROF: Don't resolve members if they are removed
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/13/head:pr13
git checkout pr13
From 4c1632e15d8a35b8d53401a69ab4e3314769fde0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= 
Date: Mon, 12 Sep 2016 15:18:07 +0200
Subject: [PATCH 1/2] LDAP: Removing of member link from group

Co-author: Sumit Bose

Resolves:
https://fedorahosted.org/sssd/ticket/2940
---
 src/providers/ldap/sdap_async_groups.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index 72760b7..08dfa01 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -878,6 +878,8 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx,
 size_t nuserdns = 0;
 struct sss_domain_info *group_dom = NULL;
 int ret;
+const char *remove_attrs[] = {SYSDB_MEMBER, SYSDB_ORIG_MEMBER, SYSDB_GHOST,
+  NULL};
 
 if (dom->ignore_group_members) {
 DEBUG(SSSDBG_CRIT_FAILURE,
@@ -962,6 +964,13 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx,
 if (el->num_values == 0 && nuserdns == 0) {
 DEBUG(SSSDBG_TRACE_FUNC,
   "No members for group [%s]\n", group_name);
+
+ret = sysdb_remove_attrs(group_dom, group_name, SYSDB_MEMBER_GROUP,
+ discard_const(remove_attrs));
+if (ret != EOK) {
+DEBUG(SSSDBG_OP_FAILURE, "sysdb_remove_attrs failed.\n");
+goto fail;
+}
 } else {
 DEBUG(SSSDBG_TRACE_FUNC,
   "Adding member users to group [%s]\n", group_name);

From b55cc72f0124105cb043856ad608604a951a98d9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= 
Date: Fri, 9 Sep 2016 06:28:01 +0200
Subject: [PATCH 2/2] TESTS: Adding intg. tests on nested groups

Resolves:
https://fedorahosted.org/sssd/ticket/2940
---
 src/tests/intg/test_ldap.py | 157 
 1 file changed, 157 insertions(+)

diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py
index 11792f5..7f0b8ff 100644
--- a/src/tests/intg/test_ldap.py
+++ b/src/tests/intg/test_ldap.py
@@ -794,3 +794,160 @@ def test_extra_attribute_already_exists(ldap_conn, extra_attributes):
   user, domain, extra_attribute)
 
 assert val == given_name
+
+
+@pytest.fixture
+def add_user_to_group(request, ldap_conn):
+"""
+Adding user to group
+"""
+ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ent_list.add_user("user1", 1001, 2001)
+ent_list.add_group_bis("group1", 20001, member_uids=["user1"])
+create_ldap_fixture(request, ldap_conn, ent_list)
+create_conf_fixture(request,
+format_rfc2307bis_deref_conf(
+ldap_conn,
+SCHEMA_RFC2307_BIS))
+create_sssd_fixture(request)
+return None
+
+
+def test_add_user_to_group(ldap_conn, add_user_to_group):
+ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
+ent.assert_group_by_name("group1", dict(mem=ent.contains_only("user1")))
+
+
+@pytest.fixture
+def remove_user_from_group(request, ldap_conn):
+"""
+Adding user to group
+"""
+ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ent_list.add_user("user1", 1001, 2001)
+ent_list.add_user("user2", 1002, 2002)
+ent_list.add_group_bis("group1", 20001, member_uids=["user1", "user2"])
+create_ldap_fixture(request, ldap_conn, ent_list)
+create_conf_fixture(request,
+format_rfc2307bis_deref_conf(
+ldap_conn,
+SCHEMA_RFC2307_BIS))
+create_sssd_fixture(request)
+return None
+
+
+def test_remove_user_from_group(ldap_conn, remove_user_from_group):
+"""
+Removing two users from group, step by step
+"""
+group1_dn = 'cn=group1,ou=Groups,' + ldap_conn.ds_inst.base_dn
+
+ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
+ent.assert_passwd_by_name("user2", dict(name="user2", uid=1002, gid=2002))
+ent.assert_group_by_name("group1",
+ dict(mem=ent.contains_only("user1", "user2")))
+
+# removing of user2 from group1
+old = {'member': ["uid=user1,ou=Users,dc=example,dc=com",
+  "uid=user2,ou=Users,dc=example,dc=com"]}
+new = {'member': ["uid=user1,ou=Users,dc=example,dc=com"]}
+
+ldif = ldap.modlist.modifyModlist(old, new)
+ldap_conn.modify_s(group1_dn, ldif)
+
+if subprocess.call(["sss_cache", "-GU"]) != 0:
+raise Exception("sssd_cache failed")
+
+ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001,

53 matches

Mail list logo