On 05/25/2017 12:16 PM, Joseph Fischetti wrote:
> I was able to build/install/test via copr, which is an awesome resource.
>
> Thanks Lukas for the suggestion. I'd still like to get it sorted at some
> point so I can use a local repository for the package, but this will work for
> the time
On 05/25/2017 12:04 PM, Lukas Slebodnik wrote:
> On (25/05/17 15:26), Joseph Fischetti wrote:
>> Thanks Lukas,
>> I did find the optional (and extras) repos, enabled them, etc, etc.
>>
>> After building from source rpm on a rhel7 machine, rpm/RPMS/x86_64 contains
>> ~30 rpms. rpm -Uvh *
On 11/22/2016 09:38 AM, Simo Sorce wrote:
> On Tue, 2016-11-22 at 09:23 -0500, Stephen Gallagher wrote:
>> OK, so the service is only semi-socket-activated? If we're keeping tevent
>> timers
>> around for renewals and reaping, the service won't be exiting unless all
>&
On 08/31/2016 01:40 PM, Fabiano Fidêncio wrote:
> Howdy!
>
> Taking a look on https://fedorahosted.org/sssd/ticket/2395 seems that
> there are a few ways to achieve what's proposed by Simo and I'd like
> to discuss one of those before start implementing it.
>
> As far as I understand the bug,
On 08/31/2016 01:24 PM, Simo Sorce wrote:
> On Wed, 2016-08-31 at 17:41 +0200, Michal Židek wrote:
>> Hi,
>>
>> here is patch for ticket #3161.
>>
>> See more in the ticket description.
>>
>> I was thinking why we originally replaced
>> the lists and I think it comes from confusion
>> on how we
On 08/17/2016 09:17 AM, Justin Stephenson wrote:
>
> On 08/17/2016 07:34 AM, Lukas Slebodnik wrote:
>> On (16/08/16 09:57), Justin Stephenson wrote:
>>> Thanks for the info, yes please go ahead and squash them.
>>>
>>> Kind regards,
>>> Justin Stephenson
>>>
>>> On 08/16/2016 09:32 AM, Jakub
On 08/12/2016 11:26 AM, Justin Stephenson wrote:
> code patch and man page attached, also added the PATCH: prefix to the commit
> message for the code patch.
>
> Kind regards,
>
> Justin Stephenson
>
>
> On 08/12/2016 06:00 AM, Jakub Hrozek wrote:
>> On Tue, Aug 09, 2016 at 12:04:56PM -0400,
On 08/16/2016 09:26 AM, Jakub Hrozek wrote:
> On Tue, Aug 16, 2016 at 03:17:19PM +0200, Petr Cech wrote:
From 24d32d0eb12ddc433e64ffd6411e9e13f0067b35 Mon Sep 17 00:00:00 2001
From: Petr Cech
Date: Fri, 13 May 2016 05:21:07 -0400
Subject: [PATCH 1/5]
On 08/12/2016 07:30 AM, Lukas Slebodnik wrote:
> On (12/08/16 13:24), Jakub Hrozek wrote:
>> Hi,
>>
>> a simple one-liner is attached.
>
>>From c7bd0b7e695d031258ab47d8c425c9d5843d4069 Mon Sep 17 00:00:00 2001
>> From: Jakub Hrozek
>> Date: Fri, 12 Aug 2016 13:23:16 +0200
>>
On 07/12/2016 03:40 AM, Petr Cech wrote:
> On 07/11/2016 08:22 PM, Jakub Hrozek wrote:
>> On Mon, Jul 11, 2016 at 09:49:15AM -0400, Stephen Gallagher wrote:
>>> On 07/11/2016 09:33 AM, Petr Cech wrote:
>>>> Hi list,
>>>>
>>>> how Jaku
On 07/18/2016 03:40 PM, Stephen Gallagher wrote:
> On 07/14/2016 11:06 AM, Fabiano Fidêncio wrote:
>> Best Regards,
>>
>>
>
> Looks like it's too late, but I disagree with this patch. The reason that the
> logs are all in UTC is to make it easy to corr
On 07/14/2016 11:06 AM, Fabiano Fidêncio wrote:
> Best Regards,
>
>
Looks like it's too late, but I disagree with this patch. The reason that the
logs are all in UTC is to make it easy to correlate them if you are managing
geographically-diverse environments. If there's actual confusion about
On 07/11/2016 09:33 AM, Petr Cech wrote:
> Hi list,
>
> how Jakub mentioned on internal list this debug message should be removed. So
> I
> attached simple patch for it.
>
I'd recommend changing it to "Trace: end of ldap_result list" rather than
deleting it.
signature.asc
Description:
On 06/20/2016 05:48 AM, Sumit Bose wrote:
> On Mon, Jun 20, 2016 at 11:15:20AM +0200, Lukas Slebodnik wrote:
>> BTW we can add Requires/Recommends into pacakge sssd-ad for this sub-pacakge.
>> So it will be installed by default.
>
> I think this is not needed. It is only needed for samba, not on
On 06/20/2016 03:09 PM, Jakub Hrozek wrote:
> On Mon, Jun 20, 2016 at 08:54:18PM +0200, Lukas Slebodnik wrote:
>> ehlo,
>>
>> Attached is a sligtly modified version of Michal's patch.
>
> The same patch is attached twice. Was it by accident or did you mean to
> send two patches?
>
>> I fixed few
On 04/28/2016 09:30 AM, Lukas Slebodnik wrote:
> On (27/04/16 15:18), Stephen Gallagher wrote:
>> On 04/27/2016 05:57 AM, Pavel Březina wrote:
>>> On 04/26/2016 05:08 PM, Stephen Gallagher wrote:
>>>> Our users constantly make the mistake of typing `debug = 9` in th
On 05/13/2016 09:07 AM, Stephen Gallagher wrote:
> Polkit is an authorization mechanism of its own (similar to sudo). SSSD
> doesn't
> need to apply additional authorization decisions atop it, so we'll just accept
> it as "allow".
>
> Resolves:
> https://bugs.la
On 05/13/2016 10:29 AM, Lukas Slebodnik wrote:
> On (11/05/16 17:35), Lukas Slebodnik wrote:
>> On (10/05/16 17:06), Jakub Hrozek wrote:
>>> On Tue, May 10, 2016 at 09:51:18AM -0400, Stephen Gallagher wrote:
>>>> On 05/10/2016 09:45 AM, Jakub Hrozek wrote:
>> T
93a469 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Fri, 13 May 2016 09:03:29 -0400
Subject: [PATCH] GPO: Add "polkit-1" to ad_gpo_map_allow
Polkit is an authorization mechanism of its own (similar to sudo).
SSSD doesn't need to apply additional au
On 05/10/2016 09:45 AM, Jakub Hrozek wrote:
> On Tue, Apr 19, 2016 at 02:09:14PM -0400, Stephen Gallagher wrote:
>> These patches provide support for shipping a default configuration file that
>> the
>> monitor will automatically copy to /etc/sssd/sssd.conf if none already
&
On 05/10/2016 09:00 AM, Lukas Slebodnik wrote:
> On (10/05/16 08:42), Stephen Gallagher wrote:
>> On 05/10/2016 07:24 AM, Lukas Slebodnik wrote:
>>> On (10/05/16 06:40), Stephen Gallagher wrote:
>>>> I was thinking this morning again about how we could deal with the
On 05/10/2016 07:24 AM, Lukas Slebodnik wrote:
> On (10/05/16 06:40), Stephen Gallagher wrote:
>> I was thinking this morning again about how we could deal with the 32-bit
>> on 64-bit problem. On Fedora 24 and newer, we have the ability to use rich
>> RPM dependenc
I was thinking this morning again about how we could deal with the 32-bit on
64-bit problem. On Fedora 24 and newer, we have the ability to use rich RPM
dependencies (Recommends: sssd-client.i686 if glibc.i686) That doesn't help on
older Fedora or RHEL systems though.
What if we were to split
On 05/06/2016 07:05 AM, Lukas Slebodnik wrote:
> On (06/05/16 06:58), Stephen Gallagher wrote:
>>> On May 6, 2016, at 6:55 AM, Lukas Slebodnik <lsleb...@redhat.com> wrote:
>>>
>>>> On (05/05/16 10:46), Stephen Gallagher wrote:
>>>> Ubuntu
> On May 6, 2016, at 6:55 AM, Lukas Slebodnik <lsleb...@redhat.com> wrote:
>
>> On (05/05/16 10:46), Stephen Gallagher wrote:
>> Ubuntu systems use "unity" as their screen-locker. Without this in the
>> defaults,
>> people often get lock
2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Thu, 5 May 2016 10:44:24 -0400
Subject: [PATCH] GPO: Add "unity" to ad_gpo_map_interactive
Ubuntu systems use "unity" as their screen-locker. Without this in the
defaults, people often get locked out of their machi
On 04/27/2016 06:44 AM, Petr Cech wrote:
> On 04/27/2016 08:47 AM, Petr Cech wrote:
>> On 04/26/2016 05:08 PM, Stephen Gallagher wrote:
>>> Our users constantly make the mistake of typing `debug = 9` in the
>>> sssd.conf
>>> instead of `debug_level =
On 04/27/2016 05:57 AM, Pavel Březina wrote:
> On 04/26/2016 05:08 PM, Stephen Gallagher wrote:
>> Our users constantly make the mistake of typing `debug = 9` in the sssd.conf
>> instead of `debug_level = 9` as would be correct. This happens
>> frequently-enough
>>
f59256f027bb15a5cff317e5b1d418107b4a0a95 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Tue, 26 Apr 2016 11:04:36 -0400
Subject: [PATCH] DEBUG: Add `debug` alias for debug_level
Our users constantly make the mistake of typing `debug = 9` in the
sssd.conf i
le to allow
this access.
From 0ec3577f3cc543b2d9b0b8edc47705e679327ee4 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Tue, 19 Apr 2016 09:17:52 -0400
Subject: [PATCH 1/3] UTIL: Add secure copy function
This is a precursor to supporting a static default configurat
> On Apr 7, 2016, at 3:27 AM, Lukas Slebodnik <lsleb...@redhat.com> wrote:
>
>> On (06/04/16 15:38), Jakub Hrozek wrote:
>>> On Wed, Apr 06, 2016 at 03:16:20PM +0200, Jakub Hrozek wrote:
>>>> On Wed, Apr 06, 2016 at 08:39:39AM -0400, Stephen Gallagher w
> On Apr 6, 2016, at 8:37 AM, Jakub Hrozek <jhro...@redhat.com> wrote:
>
>> On Tue, Apr 05, 2016 at 02:34:33PM -0400, Stephen Gallagher wrote:
>> We only need to go online if we receive a netlink signal that might
>> indicate that the external connecti
We only need to go online if we receive a netlink signal that might
indicate that the external connection might have become available. This
will never be true for link-local addresses.
From 672b2335c4f94a16a9955814ff77c85462934043 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sg
On 04/04/2016 08:54 AM, Jakub Hrozek wrote:
> On Mon, Apr 04, 2016 at 02:30:16PM +0200, Lukas Slebodnik wrote:
>> On (04/04/16 13:57), Jakub Hrozek wrote:
>>> Hi,
>>>
>>> I'm looking at a logfile from one sssd installation and I'm wondering if
>>> it's a GPO bug. The relevant part of the logs is:
On 03/22/2016 07:42 AM, Pavel Reichl wrote:
> Hello,
>
> Pavel Březina and I have prepared the 1st draft of design document. We mostly
> focused on summing up its future functionality and its interface.
>
> Please comment if you miss some essential functionality or if you would prefer
> some
Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Fri, 26 Feb 2016 13:10:50 -0500
Subject: [PATCH 1/2] GPO: Add Cockpit to the Remote Interactive defaults
The Cockpit Project is an administrative console that is gaining in
popularity and is a default component o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/14/2016 05:19 AM, Pavel Březina wrote:
> On 01/13/2016 03:45 PM, Stephen Gallagher wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>
>> On 01/13/2016 07:25 AM, Pavel Březina wrote:
>>> https://fed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/13/2016 07:25 AM, Pavel Březina wrote:
> https://fedorahosted.org/sssd/ticket/2906
>
> Hi, I'm CCing Stephen as he is original author of the code.
>
> Without this patch I am not able to work with AD when
> ldap_referrals=true, with this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/09/2015 05:32 AM, Petr Cech wrote:
> On 11/04/2015 11:24 AM, Jakub Hrozek wrote:
>> Hi,
>>
>> I created this patch to try to diagnose an issue where sssd
>> would randomly restart on any of machines in a VM cluster without
>> giving too much
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/28/2015 04:48 PM, Lukas Slebodnik wrote:
> On (28/10/15 09:03), Stephen Gallagher wrote:
>> On 10/27/2015 05:33 PM, Lukas Slebodnik wrote:
>>> On (27/10/15 09:48), Stephen Gallagher wrote:
>>>> We get an err
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/27/2015 05:33 PM, Lukas Slebodnik wrote:
> On (27/10/15 09:48), Stephen Gallagher wrote:
>> We get an error message if we start up SSSD and the debug log
>> does not yet exist.
>
>> From 53592734f73c50029fa573b9bc0704373
SIGNATURE-
>From 53592734f73c50029fa573b9bc070437304ea489 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Tue, 27 Oct 2015 09:39:01 -0400
Subject: [PATCH] DEBUG: Don't error on chown of nonexistent file
We get an error message if we start up SSSD and the debug
: GnuPG v2
iEYEARECAAYFAlYvgvQACgkQeiVVYja6o6NeVQCgocyUqrHud6p+KyyDULRdtx+/
Vj0AoIEfXJAbEgwDEgAmDJBuRLNv0v+n
=h2IT
-END PGP SIGNATURE-
>From 9a53c342335ce68ec8196c5d05fecf8e12197411 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Tue, 27 Oct 2015 09:55
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/08/2015 05:16 AM, Lukas Slebodnik wrote:
> On (23/01/15 12:27), Stephen Gallagher wrote:
>> On Fri, 2015-01-23 at 17:27 +0100, Jakub Hrozek wrote:
>>> On Fri, Jan 23, 2015 at 05:24:51PM +0100, Michal Židek wrote:
>>&
/ActiveDirectoryGPOIntegra
tion
We also need to delete the result object from the cache to ensure that
offline operation will also grant access.
Resolves:
https://fedorahosted.org/sssd/ticket/2691From 06e58a26fd5b59631b479f2f076e80ecfae425b8 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher sgall...@redhat.com
Date: Mon
On Tue, 2015-06-30 at 12:04 +0200, Jakub Hrozek wrote:
On Tue, Jun 30, 2015 at 10:30:16AM +0200, Jan Pazdziora wrote:
- Running sssd in environment where all actions complete
successfully
should emit no debug messages. Default log level should be
moved to
SSSDBG_OP_FAILURE or
On Fri, 2015-06-12 at 21:30 +0200, Jakub Hrozek wrote:
On Fri, Jun 12, 2015 at 06:33:16PM +0200, Lukas Slebodnik wrote:
On (12/06/15 16:45), Jakub Hrozek wrote:
=== SSSD 1.12.5 ===
The SSSD team is proud to announce the release of version 1.12.5
of
the
On Thu, 2015-06-11 at 16:19 +0200, Lukas Slebodnik wrote:
On (11/06/15 09:35), Stephen Gallagher wrote:
On Thu, 2015-06-11 at 09:19 -0400, Stephen Gallagher wrote:
We're attempting to use strerror() to print the result from
ad_gpo_access_check(), but that function returns an extended SSSD
We're attempting to use strerror() to print the result from
ad_gpo_access_check(), but that function returns an extended SSSD
errno.
This resulted in Unknown Error being printed to the logs.
signature.asc
Description: This is a digitally signed message part
On Thu, 2015-06-11 at 09:19 -0400, Stephen Gallagher wrote:
We're attempting to use strerror() to print the result from
ad_gpo_access_check(), but that function returns an extended SSSD
errno.
This resulted in Unknown Error being printed to the logs.
And now with the patch attached...
From
On Wed, 2015-05-27 at 15:54 -0400, Stephen Gallagher wrote:
On Wed, 2015-05-27 at 21:36 +0200, Lukas Slebodnik wrote:
On (27/05/15 15:30), Stephen Gallagher wrote:
On Wed, 2015-05-27 at 13:31 -0400, Stephen Gallagher wrote:
To set up a Vagrant development environment:
* Install
On Fri, 2015-05-22 at 16:13 +0200, Jakub Hrozek wrote:
On Thu, May 21, 2015 at 01:43:19PM +0200, Lukas Slebodnik wrote:
ehlo,
There were some failed tests in ci log
http://sssd-ci.duckdns.org/logs/job/12/67/fedora_rawhide/ci.html
On Wed, 2015-05-27 at 21:36 +0200, Lukas Slebodnik wrote:
On (27/05/15 15:30), Stephen Gallagher wrote:
On Wed, 2015-05-27 at 13:31 -0400, Stephen Gallagher wrote:
To set up a Vagrant development environment:
* Install the Vagrant packages for your development system
* On Fedora 22
On Wed, 2015-05-27 at 11:15 +0200, Jakub Hrozek wrote:
On Tue, May 26, 2015 at 03:56:35PM -0400, Stephen Gallagher wrote:
Sorry for the delay; two new patches attached.
This patch fixes the two missing error checks in the AD GPO code as
well as making several changes to the general LDAP
On Wed, 2015-05-27 at 13:31 -0400, Stephen Gallagher wrote:
To set up a Vagrant development environment:
* Install the Vagrant packages for your development system
* On Fedora 22 and later: 'dnf install vagrant-libvirt'
* Deploy the Vagrant box:
* 'vagrant up'
* Build SSSD:
* vagrant
On Fri, 2015-05-22 at 13:04 +0200, Jakub Hrozek wrote:
On Thu, May 14, 2015 at 05:58:49PM +0200, Jakub Hrozek wrote:
On Thu, May 14, 2015 at 11:49:17AM -0400, Stephen Gallagher wrote:
On Thu, 2015-05-14 at 17:42 +0200, Jakub Hrozek wrote:
On Wed, May 06, 2015 at 02:26:30PM -0400, Stephen
On Thu, 2015-05-14 at 17:42 +0200, Jakub Hrozek wrote:
On Wed, May 06, 2015 at 02:26:30PM -0400, Stephen Gallagher wrote:
Patch 0001: LDAP: Support returning referral information
Some callers may be interested in the raw referral values returned
from
a lookup. This patch allows
On Mon, 2015-05-11 at 09:52 +0200, Jakub Hrozek wrote:
Hi,
while triaging a performance-related issue, I realized our manpage
doesn't say also users and groups are now supported by the background
refresh. The attached patch fixes that.
I'd recommend the phrasing:
The background refresh
On Mon, 2015-05-11 at 19:15 +0200, Jakub Hrozek wrote:
On Mon, May 11, 2015 at 03:18:55PM +0200, Lukas Slebodnik wrote:
On (11/05/15 12:51), Jakub Hrozek wrote:
On Mon, May 11, 2015 at 11:15:29AM +0200, Lukas Slebodnik wrote:
Please document in man pages that it is not possible to turn
://fedorahosted.org/sssd/ticket/2645From 3f8826061d34639ddaaf245947085ea577e77fbe Mon Sep 17 00:00:00 2001
From: Stephen Gallagher sgall...@redhat.com
Date: Fri, 1 May 2015 11:42:06 -0400
Subject: [PATCH 1/2] LDAP: Support returning referral information
Some callers may be interested in the raw referral
On Wed, 2015-04-29 at 09:38 +0200, Lukas Slebodnik wrote:
On (24/04/15 14:07), Jakub Hrozek wrote:
On Fri, Apr 24, 2015 at 02:01:11PM +0200, Lukas Slebodnik wrote:
On (24/04/15 12:43), Jakub Hrozek wrote:
On Thu, Apr 23, 2015 at 07:29:07AM -0400, Stephen Gallagher
wrote:
On Thu
On Wed, 2015-04-29 at 18:50 +0200, Lukas Slebodnik wrote:
On (29/04/15 08:00), Stephen Gallagher wrote:
I'm not aware of any situation where this would be a sensible
reply,
so this should be fine (and at worst, safe).
I suspect (but since Yassir isn't here any more cannot confirm
On Thu, 2015-04-23 at 08:14 +0200, Lukas Slebodnik wrote:
On (20/04/15 14:38), Stephen Gallagher wrote:
On Mon, 2015-04-20 at 08:53 +0200, Lukas Slebodnik wrote:
ehlo,
attached patch fixes crash in
https://fedorahosted.org/sssd/ticket/2629
Nack. I'd rather we fixed
a different default
value.From 3ef7523f4e0e8bd6a5e182bd64790b6ab9f5c310 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher sgall...@redhat.com
Date: Mon, 20 Apr 2015 10:51:04 -0400
Subject: [PATCH] AD GPO: Change default to enforcing
When a user enrolls a system against Active Directory, the expectation
On Mon, 2015-04-20 at 08:53 +0200, Lukas Slebodnik wrote:
ehlo,
attached patch fixes crash in
https://fedorahosted.org/sssd/ticket/2629
Nack. I'd rather we fixed the root of this problem. I did some digging
this afternoon and tracked the issue back to ad_gpo.c line 3499 (in
current
39a0dc5dd670cb251e3c9a3b35aca9dbb2ede061 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher sgall...@redhat.com
Date: Tue, 14 Apr 2015 13:07:36 -0400
Subject: [PATCH 1/3] AD: Clean up ad_access_gpo
Align goto usage with conventions in the rest of the source.
---
src/providers/ad/ad_gpo.c | 12
On Fri, 2015-03-27 at 11:00 +0100, Pavel Reichl wrote:
On 03/26/2015 06:09 PM, Stephen Gallagher wrote:
On Thu, 2015-03-26 at 17:51 +0100, Pavel Reichl wrote:
Hello,
please see this trivial patch.
I CCed Stephen in hope that he would be so kind and do the
language
review
On Thu, 2015-03-26 at 17:51 +0100, Pavel Reichl wrote:
Hello,
please see this trivial patch.
I CCed Stephen in hope that he would be so kind and do the language
review.
Thanks!
The value of 'pwdAccountLockedTime' attribute must end with 'Z' as
only UTC time zone is currently
On Mon, 2015-03-02 at 14:43 +0100, Lukas Slebodnik wrote:
On (02/03/15 14:39), Sumit Bose wrote:
On Mon, Mar 02, 2015 at 11:27:09AM +0100, Sumit Bose wrote:
On Mon, Mar 02, 2015 at 10:43:36AM +0100, Jakub Hrozek wrote:
On Mon, Mar 02, 2015 at 10:41:22AM +0100, Pavel Reichl wrote:
On Thu, 2015-02-26 at 14:01 +0100, Jakub Hrozek wrote:
On Thu, Feb 26, 2015 at 11:26:13AM +0100, Lukas Slebodnik wrote:
On (26/02/15 11:17), Jakub Hrozek wrote:
On Wed, Feb 25, 2015 at 11:53:00PM +0100, Lukas Slebodnik wrote:
On (25/02/15 23:34), Jakub Hrozek wrote:
On Wed, Feb 25,
On Tue, 2015-02-24 at 11:10 +0100, Lukas Slebodnik wrote:
On (24/02/15 01:26), Lukas Slebodnik wrote:
On (18/02/15 16:36), Stephen Gallagher wrote:
On Tue, 2015-02-10 at 23:40 +0100, Lukas Slebodnik wrote:
ehlo,
Attached patches:
* drop support for python 2.6
On Tue, 2015-02-10 at 23:40 +0100, Lukas Slebodnik wrote:
ehlo,
Attached patches:
* drop support for python 2.6
* fix packaging of binding (backward incompatible change)
* add possibility to build python{2,3} bindings
There are also small other enhancements.
Patch 0005-0013: Ack
On Thu, 2015-02-12 at 19:32 +0100, Lukas Slebodnik wrote:
ehlo,
attached is a simple patch for ticket #2572
My reproducer:
* start sssd
* attach gdb to some service e.g. nss
- DO NOT RUN any command (we just need to simulate unresponsive service)
* wait until monitor send SIGKILL
On Fri, 2015-01-23 at 17:27 +0100, Jakub Hrozek wrote:
On Fri, Jan 23, 2015 at 05:24:51PM +0100, Michal Židek wrote:
On 01/23/2015 04:35 PM, Lukas Slebodnik wrote:
On (23/01/15 10:21), Stephen Gallagher wrote:
On Fri, 2015-01-23 at 14:39 +0100, Lukas Slebodnik wrote:
ehlo
On Fri, 2015-01-23 at 14:39 +0100, Lukas Slebodnik wrote:
ehlo,
I was reprodicing other bug and it took me some time to find out why I was not
able to resolve user. RID was bigger than range size.
I saw just general message about id mapping failer
[sdap_save_user] (0x0400): Processing
On Mon, 2015-01-19 at 09:58 +0100, Jakub Hrozek wrote:
On Mon, Jan 19, 2015 at 09:39:41AM +0100, Pavel Reichl wrote:
man page:
Specify AD site client should try to connect to.
Specify AD site to which client should try to connect.
Which one sounds better?
I don't care much, maybe
On Wed, 2015-01-14 at 13:34 +0100, Pavel Reichl wrote:
On 01/13/2015 08:39 PM, Stephen Gallagher wrote:
On Tue, 2015-01-13 at 18:58 +0100, Pavel Reichl wrote:
Hello,
please see simple patch attached.
Thanks!
Nack.
First, what exactly is this service doing? I don't think
On Tue, 2015-01-13 at 18:58 +0100, Pavel Reichl wrote:
Hello,
please see simple patch attached.
Thanks!
Nack.
First, what exactly is this service doing? I don't think we would want
to map it to ServiceLogonRight. That's intended for granting access to
the machine from a service (as
02417814befc89609e2ca6490a4791de5032dc99 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher sgall...@redhat.com
Date: Wed, 10 Dec 2014 14:16:49 -0500
Subject: [PATCH] monitor: Service restart fixes
There are actually two bugs here:
1) When either the kill(SIGTERM) or kill(SIGKILL) commands returned
failure (for any reason), we
On Wed, 2014-12-10 at 14:59 -0500, Stephen Gallagher wrote:
There are actually two bugs here:
1) When either the kill(SIGTERM) or kill(SIGKILL) commands returned
failure (for any reason), we would talloc_free(svc) which removed it
from being eligible for restart, resulting in the service
On Sat, 2014-11-22 at 14:24 +0100, Jakub Hrozek wrote:
On Fri, Nov 21, 2014 at 04:26:58PM -0500, Stephen Gallagher wrote:
On Fri, 2014-11-21 at 20:03 +0100, Jakub Hrozek wrote:
Hi,
I was going through our design page that describes the rootless sssd and
I'd like
On Fri, 2014-11-21 at 20:03 +0100, Jakub Hrozek wrote:
Hi,
I was going through our design page that describes the rootless sssd and
I'd like to discuss the default ownership of sssd.conf a bit more.
In the design document we proposed to change the default ownership to
sssd.sssd. This
On Fri, 2014-10-03 at 16:46 +0200, Jakub Hrozek wrote:
Hi,
While I was talking to the Fedora automake maintainer about an
enhancement related to test environment, he suggested to make the change
in the attached patch.
How far back does that macro go? Does it cover all platforms that
On Thu, 2014-10-02 at 11:45 +0200, Jakub Hrozek wrote:
On Wed, Oct 01, 2014 at 10:50:26PM -0400, Stephen Gallagher wrote:
Sorry it took me so long to finish this review. The code is mostly
right, but I found three issues that needed to be addressed before we
could commit it.
1
On Thu, 2014-10-02 at 19:29 +0200, Lukas Slebodnik wrote:
ehlo,
Talloc context was not used in functions ad_gpo_parse_gpo_child_response
ad_gpo_process_cse_recv, ad_gpo_store_policy_settings.
Patch is attached.
Ack
signature.asc
Description: This is a digitally signed message part
On Thu, 2014-10-02 at 19:27 +0200, Lukas Slebodnik wrote:
ehlo,
Some internal gpo functions [1] were called just once and with constant
NDR_SCALARS as 2nd argument(ndr_flags), but 2nd argument was not used
in these functions[1]. They used constant NDR_SCALARS.
[1]
:00:00 2001
From: Stephen Gallagher sgall...@redhat.com
Date: Wed, 1 Oct 2014 20:42:31 -0400
Subject: [PATCH 1/2] AD GPO: Fix incorrect return of EACCES
In the access providers, we expect to receive ERR_ACCESS_DENIED when
access is denied, but we were returning EACCES here. The effect was the
same
On Wed, 2014-10-01 at 22:50 -0400, Stephen Gallagher wrote:
On Thu, 2014-09-11 at 23:51 -0400, Yassir Elley wrote:
- Original Message -
- Original Message -
Hi,
The attached patch fixes ticket #2437 (conflicting gpo policy settings
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/25/2014 04:56 AM, Jakub Hrozek wrote:
On Wed, Sep 24, 2014 at 11:10:00AM -0400, Stephen Gallagher wrote:
We were assuming that the ad_hostname value would match the
sAMAccountName attribute, but in practice this was almost never
the case
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/25/2014 03:40 PM, Stephen Gallagher wrote:
On 09/25/2014 04:56 AM, Jakub Hrozek wrote:
On Wed, Sep 24, 2014 at 11:10:00AM -0400, Stephen Gallagher
wrote: We were assuming that the ad_hostname value would match
the sAMAccountName attribute
iEYEARECAAYFAlQi3YEACgkQeiVVYja6o6PqAACgjb4ISPCELnMMBIoKKHX/tj8r
UdgAmQHRTCMC0BQo8oBlFy4ZKNj1gshs
=AaTR
-END PGP SIGNATURE-
From fee75b35053029a9b856a231f99fa607bd91e8e4 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher sgall...@redhat.com
Date: Wed, 24 Sep 2014 11:00:44 -0400
Subject: [PATCH] UTIL: Do not change SSSD domains in get_domains_head
17 00:00:00 2001
From: Stephen Gallagher sgall...@redhat.com
Date: Tue, 23 Sep 2014 17:44:41 -0400
Subject: [PATCH] AD GPO: Fix incorrect sAMAccountName selection
---
src/providers/ad/ad_gpo.c | 20 +++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/providers/ad
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/28/2014 10:00 PM, John Koelndorfer wrote:
Hey folks,
Some quick background on this small patch I prepared. I run sssd on
my desktop (and servers) to authenticate against a Samba 4 DC. I
found that when I attempted to log in via KDM and
On 09/03/2014 07:59 PM, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/28/2014 10:00 PM, John Koelndorfer wrote:
Hey folks,
Some quick background on this small patch I prepared. I run sssd on
my desktop (and servers) to authenticate against a Samba 4 DC. I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/20/2014 09:20 AM, Jakub Hrozek wrote:
Hi,
with the current SSSD code, an LDAP search that results in a
referral fails completely with EIO and usually sends the whole
backend to offline mode. I think this is too strict and if the
admin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/22/2014 09:32 AM, Michal Židek wrote:
On 07/22/2014 02:49 PM, Pavel Reichl wrote:
On 07/22/2014 02:03 PM, Pavel Reichl wrote:
I finally tested the patches and it seems to me to be working
with AD and LDAP provider, but does not seem to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/20/2014 03:20 PM, Jakub Hrozek wrote:
On Fri, Jul 18, 2014 at 05:32:09PM +0200, Lukas Slebodnik wrote:
On (18/07/14 16:34), Jakub Hrozek wrote:
On Thu, Jul 17, 2014 at 04:35:31PM +0200, Lukas Slebodnik
wrote:
ehlo,
There is problem with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/10/2014 05:46 AM, Lukas Slebodnik wrote:
On (07/07/14 20:22), Stephen Gallagher wrote:
On 07/07/2014 10:05 AM, Lukas Slebodnik wrote:
ehlo,
There is a bug in old version of autotools which cause
compilation problems
./libtool: line
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/10/2014 12:24 PM, Lukas Slebodnik wrote:
On (10/07/14 10:51), Stephen Gallagher wrote:
On 07/10/2014 05:46 AM, Lukas Slebodnik wrote:
On (07/07/14 20:22), Stephen Gallagher wrote:
On 07/07/2014 10:05 AM, Lukas Slebodnik wrote:
ehlo
+sI1MejCE3twXL0xN
zdQAnAh0vTyRjqIdt3tk6qSDHGv/xa6i
=GP2r
-END PGP SIGNATURE-
From f31135f1abc3d856d9a5818b1a60dbb8414a6e5d Mon Sep 17 00:00:00 2001
From: Stephen Gallagher sgall...@redhat.com
Date: Mon, 7 Jul 2014 20:14:36 -0400
Subject: [PATCH] Fix specfile for RHEL5
RHEL5 uses an old
1 - 100 of 3579 matches
Mail list logo