[SSSD] Re: Build for RHEL7

On 05/25/2017 12:16 PM, Joseph Fischetti wrote: > I was able to build/install/test via copr, which is an awesome resource. > > Thanks Lukas for the suggestion. I'd still like to get it sorted at some > point so I can use a local repository for the package, but this will work for > the time

[SSSD] Re: Build for RHEL7

On 05/25/2017 12:04 PM, Lukas Slebodnik wrote: > On (25/05/17 15:26), Joseph Fischetti wrote: >> Thanks Lukas, >> I did find the optional (and extras) repos, enabled them, etc, etc. >> >> After building from source rpm on a rhel7 machine, rpm/RPMS/x86_64 contains >> ~30 rpms. rpm -Uvh *

[SSSD] Re: Design document - SSSD KCM server

On 11/22/2016 09:38 AM, Simo Sorce wrote: > On Tue, 2016-11-22 at 09:23 -0500, Stephen Gallagher wrote: >> OK, so the service is only semi-socket-activated? If we're keeping tevent >> timers >> around for renewals and reaping, the service won't be exiting unless all >&

[SSSD] Re: [RFC] Cleaning up the IFP responder (mainly) and socket-activatable responders

On 08/31/2016 01:40 PM, Fabiano Fidêncio wrote: > Howdy! > > Taking a look on https://fedorahosted.org/sssd/ticket/2395 seems that > there are a few ways to achieve what's proposed by Simo and I'd like > to discuss one of those before start implementing it. > > As far as I understand the bug,

[SSSD] Re: [PATCH] GPO: Cat vals with same key from different GPOs

On 08/31/2016 01:24 PM, Simo Sorce wrote: > On Wed, 2016-08-31 at 17:41 +0200, Michal Židek wrote: >> Hi, >> >> here is patch for ticket #3161. >> >> See more in the ticket description. >> >> I was thinking why we originally replaced >> the lists and I think it comes from confusion >> on how we

[SSSD] Re: [PATCH] Add support for disabling netlink use

On 08/17/2016 09:17 AM, Justin Stephenson wrote: > > On 08/17/2016 07:34 AM, Lukas Slebodnik wrote: >> On (16/08/16 09:57), Justin Stephenson wrote: >>> Thanks for the info, yes please go ahead and squash them. >>> >>> Kind regards, >>> Justin Stephenson >>> >>> On 08/16/2016 09:32 AM, Jakub

[SSSD] Re: [PATCH] Add support for disabling netlink use

On 08/12/2016 11:26 AM, Justin Stephenson wrote: > code patch and man page attached, also added the PATCH: prefix to the commit > message for the code patch. > > Kind regards, > > Justin Stephenson > > > On 08/12/2016 06:00 AM, Jakub Hrozek wrote: >> On Tue, Aug 09, 2016 at 12:04:56PM -0400,

[SSSD] Re: [PATCH SET] AD_PROVIDER: ad_enabled_domains

On 08/16/2016 09:26 AM, Jakub Hrozek wrote: > On Tue, Aug 16, 2016 at 03:17:19PM +0200, Petr Cech wrote: From 24d32d0eb12ddc433e64ffd6411e9e13f0067b35 Mon Sep 17 00:00:00 2001 From: Petr Cech Date: Fri, 13 May 2016 05:21:07 -0400 Subject: [PATCH 1/5]

[SSSD] Re: [PATCH] CONFIG: full_name_format is an allowed option for all domains

On 08/12/2016 07:30 AM, Lukas Slebodnik wrote: > On (12/08/16 13:24), Jakub Hrozek wrote: >> Hi, >> >> a simple one-liner is attached. > >>From c7bd0b7e695d031258ab47d8c425c9d5843d4069 Mon Sep 17 00:00:00 2001 >> From: Jakub Hrozek >> Date: Fri, 12 Aug 2016 13:23:16 +0200 >>

[SSSD] Re: [PATCH] LDAP: Removing of useless debug message

On 07/12/2016 03:40 AM, Petr Cech wrote: > On 07/11/2016 08:22 PM, Jakub Hrozek wrote: >> On Mon, Jul 11, 2016 at 09:49:15AM -0400, Stephen Gallagher wrote: >>> On 07/11/2016 09:33 AM, Petr Cech wrote: >>>> Hi list, >>>> >>>> how Jaku

[SSSD] Re: sssctl: Use localtime for time stamps

On 07/18/2016 03:40 PM, Stephen Gallagher wrote: > On 07/14/2016 11:06 AM, Fabiano Fidêncio wrote: >> Best Regards, >> >> > > Looks like it's too late, but I disagree with this patch. The reason that the > logs are all in UTC is to make it easy to corr

[SSSD] Re: sssctl: Use localtime for time stamps

On 07/14/2016 11:06 AM, Fabiano Fidêncio wrote: > Best Regards, > > Looks like it's too late, but I disagree with this patch. The reason that the logs are all in UTC is to make it easy to correlate them if you are managing geographically-diverse environments. If there's actual confusion about

[SSSD] Re: [PATCH] LDAP: Removing of useless debug message

On 07/11/2016 09:33 AM, Petr Cech wrote: > Hi list, > > how Jakub mentioned on internal list this debug message should be removed. So > I > attached simple patch for it. > I'd recommend changing it to "Trace: end of ldap_result list" rather than deleting it. signature.asc Description:

[SSSD] Re: [PATCH] Add winbind idmap plugin

On 06/20/2016 05:48 AM, Sumit Bose wrote: > On Mon, Jun 20, 2016 at 11:15:20AM +0200, Lukas Slebodnik wrote: >> BTW we can add Requires/Recommends into pacakge sssd-ad for this sub-pacakge. >> So it will be installed by default. > > I think this is not needed. It is only needed for samba, not on

[SSSD] Re: [PATCH] confd: Make it possible to use config snippets

On 06/20/2016 03:09 PM, Jakub Hrozek wrote: > On Mon, Jun 20, 2016 at 08:54:18PM +0200, Lukas Slebodnik wrote: >> ehlo, >> >> Attached is a sligtly modified version of Michal's patch. > > The same patch is attached twice. Was it by accident or did you mean to > send two patches? > >> I fixed few

[SSSD] Re: [PATCH] DEBUG: Add `debug` alias for debug_level

On 04/28/2016 09:30 AM, Lukas Slebodnik wrote: > On (27/04/16 15:18), Stephen Gallagher wrote: >> On 04/27/2016 05:57 AM, Pavel Březina wrote: >>> On 04/26/2016 05:08 PM, Stephen Gallagher wrote: >>>> Our users constantly make the mistake of typing `debug = 9` in th

[SSSD] Re: [PATCH] GPO: Add "polkit-1" to ad_gpo_map_allow

On 05/13/2016 09:07 AM, Stephen Gallagher wrote: > Polkit is an authorization mechanism of its own (similar to sudo). SSSD > doesn't > need to apply additional authorization decisions atop it, so we'll just accept > it as "allow". > > Resolves: > https://bugs.la

[SSSD] Re: [PATCHES] Support starting SSSD from a default configuration

On 05/13/2016 10:29 AM, Lukas Slebodnik wrote: > On (11/05/16 17:35), Lukas Slebodnik wrote: >> On (10/05/16 17:06), Jakub Hrozek wrote: >>> On Tue, May 10, 2016 at 09:51:18AM -0400, Stephen Gallagher wrote: >>>> On 05/10/2016 09:45 AM, Jakub Hrozek wrote: >> T

[SSSD] [PATCH] GPO: Add "polkit-1" to ad_gpo_map_allow

93a469 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <sgall...@redhat.com> Date: Fri, 13 May 2016 09:03:29 -0400 Subject: [PATCH] GPO: Add "polkit-1" to ad_gpo_map_allow Polkit is an authorization mechanism of its own (similar to sudo). SSSD doesn't need to apply additional au

[SSSD] Re: [PATCHES] Support starting SSSD from a default configuration

On 05/10/2016 09:45 AM, Jakub Hrozek wrote: > On Tue, Apr 19, 2016 at 02:09:14PM -0400, Stephen Gallagher wrote: >> These patches provide support for shipping a default configuration file that >> the >> monitor will automatically copy to /etc/sssd/sssd.conf if none already &

[SSSD] Re: Idea for multilib handling in Fedora and RHEL

On 05/10/2016 09:00 AM, Lukas Slebodnik wrote: > On (10/05/16 08:42), Stephen Gallagher wrote: >> On 05/10/2016 07:24 AM, Lukas Slebodnik wrote: >>> On (10/05/16 06:40), Stephen Gallagher wrote: >>>> I was thinking this morning again about how we could deal with the

[SSSD] Re: Idea for multilib handling in Fedora and RHEL

On 05/10/2016 07:24 AM, Lukas Slebodnik wrote: > On (10/05/16 06:40), Stephen Gallagher wrote: >> I was thinking this morning again about how we could deal with the 32-bit >> on 64-bit problem. On Fedora 24 and newer, we have the ability to use rich >> RPM dependenc

[SSSD] Idea for multilib handling in Fedora and RHEL

I was thinking this morning again about how we could deal with the 32-bit on 64-bit problem. On Fedora 24 and newer, we have the ability to use rich RPM dependencies (Recommends: sssd-client.i686 if glibc.i686) That doesn't help on older Fedora or RHEL systems though. What if we were to split

[SSSD] Re: [PATCH] GPO: Add "unity" to ad_gpo_map_interactive

On 05/06/2016 07:05 AM, Lukas Slebodnik wrote: > On (06/05/16 06:58), Stephen Gallagher wrote: >>> On May 6, 2016, at 6:55 AM, Lukas Slebodnik <lsleb...@redhat.com> wrote: >>> >>>> On (05/05/16 10:46), Stephen Gallagher wrote: >>>> Ubuntu

[SSSD] Re: [PATCH] GPO: Add "unity" to ad_gpo_map_interactive

> On May 6, 2016, at 6:55 AM, Lukas Slebodnik <lsleb...@redhat.com> wrote: > >> On (05/05/16 10:46), Stephen Gallagher wrote: >> Ubuntu systems use "unity" as their screen-locker. Without this in the >> defaults, >> people often get lock

[SSSD] [PATCH] GPO: Add "unity" to ad_gpo_map_interactive

2001 From: Stephen Gallagher <sgall...@redhat.com> Date: Thu, 5 May 2016 10:44:24 -0400 Subject: [PATCH] GPO: Add "unity" to ad_gpo_map_interactive Ubuntu systems use "unity" as their screen-locker. Without this in the defaults, people often get locked out of their machi

[SSSD] Re: [PATCH] DEBUG: Add `debug` alias for debug_level

On 04/27/2016 06:44 AM, Petr Cech wrote: > On 04/27/2016 08:47 AM, Petr Cech wrote: >> On 04/26/2016 05:08 PM, Stephen Gallagher wrote: >>> Our users constantly make the mistake of typing `debug = 9` in the >>> sssd.conf >>> instead of `debug_level =

[SSSD] Re: [PATCH] DEBUG: Add `debug` alias for debug_level

On 04/27/2016 05:57 AM, Pavel Březina wrote: > On 04/26/2016 05:08 PM, Stephen Gallagher wrote: >> Our users constantly make the mistake of typing `debug = 9` in the sssd.conf >> instead of `debug_level = 9` as would be correct. This happens >> frequently-enough >>

[SSSD] [PATCH] DEBUG: Add `debug` alias for debug_level

f59256f027bb15a5cff317e5b1d418107b4a0a95 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <sgall...@redhat.com> Date: Tue, 26 Apr 2016 11:04:36 -0400 Subject: [PATCH] DEBUG: Add `debug` alias for debug_level Our users constantly make the mistake of typing `debug = 9` in the sssd.conf i

[SSSD] [PATCHES] Support starting SSSD from a default configuration

le to allow this access. From 0ec3577f3cc543b2d9b0b8edc47705e679327ee4 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <sgall...@redhat.com> Date: Tue, 19 Apr 2016 09:17:52 -0400 Subject: [PATCH 1/3] UTIL: Add secure copy function This is a precursor to supporting a static default configurat

[SSSD] Re: [PATCH] Netlink: Ignore RTM_NEWADDR signals from link-local

> On Apr 7, 2016, at 3:27 AM, Lukas Slebodnik <lsleb...@redhat.com> wrote: > >> On (06/04/16 15:38), Jakub Hrozek wrote: >>> On Wed, Apr 06, 2016 at 03:16:20PM +0200, Jakub Hrozek wrote: >>>> On Wed, Apr 06, 2016 at 08:39:39AM -0400, Stephen Gallagher w

[SSSD] Re: [PATCH] Netlink: Ignore RTM_NEWADDR signals from link-local

> On Apr 6, 2016, at 8:37 AM, Jakub Hrozek <jhro...@redhat.com> wrote: > >> On Tue, Apr 05, 2016 at 02:34:33PM -0400, Stephen Gallagher wrote: >> We only need to go online if we receive a netlink signal that might >> indicate that the external connecti

[SSSD] [PATCH] Netlink: Ignore RTM_NEWADDR signals from link-local

We only need to go online if we receive a netlink signal that might indicate that the external connection might have become available. This will never be true for link-local addresses. From 672b2335c4f94a16a9955814ff77c85462934043 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <sg

[SSSD] Re: is this a GPO bug?

On 04/04/2016 08:54 AM, Jakub Hrozek wrote: > On Mon, Apr 04, 2016 at 02:30:16PM +0200, Lukas Slebodnik wrote: >> On (04/04/16 13:57), Jakub Hrozek wrote: >>> Hi, >>> >>> I'm looking at a logfile from one sssd installation and I'm wondering if >>> it's a GPO bug. The relevant part of the logs is:

[SSSD] Re: Design document - sssctl

On 03/22/2016 07:42 AM, Pavel Reichl wrote: > Hello, > > Pavel Březina and I have prepared the 1st draft of design document. We mostly > focused on summing up its future functionality and its interface. > > Please comment if you miss some essential functionality or if you would prefer > some

[SSSD] [PATCHES] Add new default PAM services for AD GPOs

Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <sgall...@redhat.com> Date: Fri, 26 Feb 2016 13:10:50 -0500 Subject: [PATCH 1/2] GPO: Add Cockpit to the Remote Interactive defaults The Cockpit Project is an administrative console that is gaining in popularity and is a default component o

[SSSD] Re: [PATCH] SDAP: do not fail if refs are found but not processed

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/14/2016 05:19 AM, Pavel Březina wrote: > On 01/13/2016 03:45 PM, Stephen Gallagher wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 01/13/2016 07:25 AM, Pavel Březina wrote: >>> https://fed

[SSSD] Re: [PATCH] SDAP: do not fail if refs are found but not processed

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/13/2016 07:25 AM, Pavel Březina wrote: > https://fedorahosted.org/sssd/ticket/2906 > > Hi, I'm CCing Stephen as he is original author of the code. > > Without this patch I am not able to work with AD when > ldap_referrals=true, with this

Re: [SSSD] [PATCH] SSSD: Add a new command diag_cmd

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/09/2015 05:32 AM, Petr Cech wrote: > On 11/04/2015 11:24 AM, Jakub Hrozek wrote: >> Hi, >> >> I created this patch to try to diagnose an issue where sssd >> would randomly restart on any of machines in a VM cluster without >> giving too much

Re: [SSSD] [PATCH] DEBUG: Don't error on chown of nonexistent file

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/28/2015 04:48 PM, Lukas Slebodnik wrote: > On (28/10/15 09:03), Stephen Gallagher wrote: >> On 10/27/2015 05:33 PM, Lukas Slebodnik wrote: >>> On (27/10/15 09:48), Stephen Gallagher wrote: >>>> We get an err

Re: [SSSD] [PATCH] DEBUG: Don't error on chown of nonexistent file

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/27/2015 05:33 PM, Lukas Slebodnik wrote: > On (27/10/15 09:48), Stephen Gallagher wrote: >> We get an error message if we start up SSSD and the debug log >> does not yet exist. > >> From 53592734f73c50029fa573b9bc0704373

[SSSD] [PATCH] DEBUG: Don't error on chown of nonexistent file

SIGNATURE- >From 53592734f73c50029fa573b9bc070437304ea489 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <sgall...@redhat.com> Date: Tue, 27 Oct 2015 09:39:01 -0400 Subject: [PATCH] DEBUG: Don't error on chown of nonexistent file We get an error message if we start up SSSD and the debug

[SSSD] [PATCH] Monitor: Show service pings at debug level 8

: GnuPG v2 iEYEARECAAYFAlYvgvQACgkQeiVVYja6o6NeVQCgocyUqrHud6p+KyyDULRdtx+/ Vj0AoIEfXJAbEgwDEgAmDJBuRLNv0v+n =h2IT -END PGP SIGNATURE- >From 9a53c342335ce68ec8196c5d05fecf8e12197411 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <sgall...@redhat.com> Date: Tue, 27 Oct 2015 09:55

Re: [SSSD] [PATCH] LDAP: Inform about small range size

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/08/2015 05:16 AM, Lukas Slebodnik wrote: > On (23/01/15 12:27), Stephen Gallagher wrote: >> On Fri, 2015-01-23 at 17:27 +0100, Jakub Hrozek wrote: >>> On Fri, Jan 23, 2015 at 05:24:51PM +0100, Michal Židek wrote: >>&

[SSSD] [PATCH] AD: Handle cases where no GPOs apply

/ActiveDirectoryGPOIntegra tion We also need to delete the result object from the cache to ensure that offline operation will also grant access. Resolves: https://fedorahosted.org/sssd/ticket/2691From 06e58a26fd5b59631b479f2f076e80ecfae425b8 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher sgall...@redhat.com Date: Mon

Re: [SSSD] RFC: Improving the debug messages

On Tue, 2015-06-30 at 12:04 +0200, Jakub Hrozek wrote: On Tue, Jun 30, 2015 at 10:30:16AM +0200, Jan Pazdziora wrote: - Running sssd in environment where all actions complete successfully should emit no debug messages. Default log level should be moved to SSSDBG_OP_FAILURE or

Re: [SSSD] [SSSD-users] Announcing SSSD 1.12.5

On Fri, 2015-06-12 at 21:30 +0200, Jakub Hrozek wrote: On Fri, Jun 12, 2015 at 06:33:16PM +0200, Lukas Slebodnik wrote: On (12/06/15 16:45), Jakub Hrozek wrote: === SSSD 1.12.5 === The SSSD team is proud to announce the release of version 1.12.5 of the

Re: [SSSD] [PATCH] GPO: Fix incorrect strerror on GPO access denial

On Thu, 2015-06-11 at 16:19 +0200, Lukas Slebodnik wrote: On (11/06/15 09:35), Stephen Gallagher wrote: On Thu, 2015-06-11 at 09:19 -0400, Stephen Gallagher wrote: We're attempting to use strerror() to print the result from ad_gpo_access_check(), but that function returns an extended SSSD

[SSSD] [PATCH] GPO: Fix incorrect strerror on GPO access denial

We're attempting to use strerror() to print the result from ad_gpo_access_check(), but that function returns an extended SSSD errno. This resulted in Unknown Error being printed to the logs. signature.asc Description: This is a digitally signed message part

Re: [SSSD] [PATCH] GPO: Fix incorrect strerror on GPO access denial

On Thu, 2015-06-11 at 09:19 -0400, Stephen Gallagher wrote: We're attempting to use strerror() to print the result from ad_gpo_access_check(), but that function returns an extended SSSD errno. This resulted in Unknown Error being printed to the logs. And now with the patch attached... From

Re: [SSSD] [PATCH] Add Vagrant configuration for SSSD

On Wed, 2015-05-27 at 15:54 -0400, Stephen Gallagher wrote: On Wed, 2015-05-27 at 21:36 +0200, Lukas Slebodnik wrote: On (27/05/15 15:30), Stephen Gallagher wrote: On Wed, 2015-05-27 at 13:31 -0400, Stephen Gallagher wrote: To set up a Vagrant development environment: * Install

Re: [SSSD] [PATCH] SSSDConfigTest: Use unique temporary directory

On Fri, 2015-05-22 at 16:13 +0200, Jakub Hrozek wrote: On Thu, May 21, 2015 at 01:43:19PM +0200, Lukas Slebodnik wrote: ehlo, There were some failed tests in ci log http://sssd-ci.duckdns.org/logs/job/12/67/fedora_rawhide/ci.html

Re: [SSSD] [PATCH] Add Vagrant configuration for SSSD

On Wed, 2015-05-27 at 21:36 +0200, Lukas Slebodnik wrote: On (27/05/15 15:30), Stephen Gallagher wrote: On Wed, 2015-05-27 at 13:31 -0400, Stephen Gallagher wrote: To set up a Vagrant development environment: * Install the Vagrant packages for your development system * On Fedora 22

Re: [SSSD] [PATCHES] Support GPOs referred from other domains

On Wed, 2015-05-27 at 11:15 +0200, Jakub Hrozek wrote: On Tue, May 26, 2015 at 03:56:35PM -0400, Stephen Gallagher wrote: Sorry for the delay; two new patches attached. This patch fixes the two missing error checks in the AD GPO code as well as making several changes to the general LDAP

Re: [SSSD] [PATCH] Add Vagrant configuration for SSSD

On Wed, 2015-05-27 at 13:31 -0400, Stephen Gallagher wrote: To set up a Vagrant development environment: * Install the Vagrant packages for your development system * On Fedora 22 and later: 'dnf install vagrant-libvirt' * Deploy the Vagrant box: * 'vagrant up' * Build SSSD: * vagrant

Re: [SSSD] [PATCHES] Support GPOs referred from other domains

On Fri, 2015-05-22 at 13:04 +0200, Jakub Hrozek wrote: On Thu, May 14, 2015 at 05:58:49PM +0200, Jakub Hrozek wrote: On Thu, May 14, 2015 at 11:49:17AM -0400, Stephen Gallagher wrote: On Thu, 2015-05-14 at 17:42 +0200, Jakub Hrozek wrote: On Wed, May 06, 2015 at 02:26:30PM -0400, Stephen

Re: [SSSD] [PATCHES] Support GPOs referred from other domains

On Thu, 2015-05-14 at 17:42 +0200, Jakub Hrozek wrote: On Wed, May 06, 2015 at 02:26:30PM -0400, Stephen Gallagher wrote: Patch 0001: LDAP: Support returning referral information Some callers may be interested in the raw referral values returned from a lookup. This patch allows

Re: [SSSD] [PATCH] Amend the man page for refresh_expired_interval

On Mon, 2015-05-11 at 09:52 +0200, Jakub Hrozek wrote: Hi, while triaging a performance-related issue, I realized our manpage doesn't say also users and groups are now supported by the background refresh. The attached patch fixes that. I'd recommend the phrasing: The background refresh

Re: [SSSD] [PATCH] LDAP: disable the cleanup task by default

On Mon, 2015-05-11 at 19:15 +0200, Jakub Hrozek wrote: On Mon, May 11, 2015 at 03:18:55PM +0200, Lukas Slebodnik wrote: On (11/05/15 12:51), Jakub Hrozek wrote: On Mon, May 11, 2015 at 11:15:29AM +0200, Lukas Slebodnik wrote: Please document in man pages that it is not possible to turn

[SSSD] [PATCHES] Support GPOs referred from other domains

://fedorahosted.org/sssd/ticket/2645From 3f8826061d34639ddaaf245947085ea577e77fbe Mon Sep 17 00:00:00 2001 From: Stephen Gallagher sgall...@redhat.com Date: Fri, 1 May 2015 11:42:06 -0400 Subject: [PATCH 1/2] LDAP: Support returning referral information Some callers may be interested in the raw referral

Re: [SSSD] [PATCH] GPO: Fix crash with GPO and missing security descriptor

On Wed, 2015-04-29 at 09:38 +0200, Lukas Slebodnik wrote: On (24/04/15 14:07), Jakub Hrozek wrote: On Fri, Apr 24, 2015 at 02:01:11PM +0200, Lukas Slebodnik wrote: On (24/04/15 12:43), Jakub Hrozek wrote: On Thu, Apr 23, 2015 at 07:29:07AM -0400, Stephen Gallagher wrote: On Thu

Re: [SSSD] [PATCH] GPO: Fix crash with GPO and missing security descriptor

On Wed, 2015-04-29 at 18:50 +0200, Lukas Slebodnik wrote: On (29/04/15 08:00), Stephen Gallagher wrote: I'm not aware of any situation where this would be a sensible reply, so this should be fine (and at worst, safe). I suspect (but since Yassir isn't here any more cannot confirm

Re: [SSSD] [PATCH] GPO: Fix crash with GPO and missing security descriptor

On Thu, 2015-04-23 at 08:14 +0200, Lukas Slebodnik wrote: On (20/04/15 14:38), Stephen Gallagher wrote: On Mon, 2015-04-20 at 08:53 +0200, Lukas Slebodnik wrote: ehlo, attached patch fixes crash in https://fedorahosted.org/sssd/ticket/2629 Nack. I'd rather we fixed

[SSSD] [PATCH] AD GPO: Change default to enforcing

a different default value.From 3ef7523f4e0e8bd6a5e182bd64790b6ab9f5c310 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher sgall...@redhat.com Date: Mon, 20 Apr 2015 10:51:04 -0400 Subject: [PATCH] AD GPO: Change default to enforcing When a user enrolls a system against Active Directory, the expectation

Re: [SSSD] [PATCH] GPO: Fix crash with GPO and missing security descriptor

On Mon, 2015-04-20 at 08:53 +0200, Lukas Slebodnik wrote: ehlo, attached patch fixes crash in https://fedorahosted.org/sssd/ticket/2629 Nack. I'd rather we fixed the root of this problem. I did some digging this afternoon and tracked the issue back to ad_gpo.c line 3499 (in current

[SSSD] [PATCHES] Fix GPO processing for users from subdomains

39a0dc5dd670cb251e3c9a3b35aca9dbb2ede061 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher sgall...@redhat.com Date: Tue, 14 Apr 2015 13:07:36 -0400 Subject: [PATCH 1/3] AD: Clean up ad_access_gpo Align goto usage with conventions in the rest of the source. --- src/providers/ad/ad_gpo.c | 12

Re: [SSSD] [PATCH] MAN: Update ppolicy description

On Fri, 2015-03-27 at 11:00 +0100, Pavel Reichl wrote: On 03/26/2015 06:09 PM, Stephen Gallagher wrote: On Thu, 2015-03-26 at 17:51 +0100, Pavel Reichl wrote: Hello, please see this trivial patch. I CCed Stephen in hope that he would be so kind and do the language review

Re: [SSSD] [PATCH] MAN: Update ppolicy description

On Thu, 2015-03-26 at 17:51 +0100, Pavel Reichl wrote: Hello, please see this trivial patch. I CCed Stephen in hope that he would be so kind and do the language review. Thanks! The value of 'pwdAccountLockedTime' attribute must end with 'Z' as only UTC time zone is currently

Re: [SSSD] [PATCH] Remove useless assignment to function parameter

On Mon, 2015-03-02 at 14:43 +0100, Lukas Slebodnik wrote: On (02/03/15 14:39), Sumit Bose wrote: On Mon, Mar 02, 2015 at 11:27:09AM +0100, Sumit Bose wrote: On Mon, Mar 02, 2015 at 10:43:36AM +0100, Jakub Hrozek wrote: On Mon, Mar 02, 2015 at 10:41:22AM +0100, Pavel Reichl wrote:

Re: [SSSD] [PATCH] Use FQDN if default domain was set

On Thu, 2015-02-26 at 14:01 +0100, Jakub Hrozek wrote: On Thu, Feb 26, 2015 at 11:26:13AM +0100, Lukas Slebodnik wrote: On (26/02/15 11:17), Jakub Hrozek wrote: On Wed, Feb 25, 2015 at 11:53:00PM +0100, Lukas Slebodnik wrote: On (25/02/15 23:34), Jakub Hrozek wrote: On Wed, Feb 25,

Re: [SSSD] [PATCHES] BUILD: Add possibility to build python{2, 3} bindings

On Tue, 2015-02-24 at 11:10 +0100, Lukas Slebodnik wrote: On (24/02/15 01:26), Lukas Slebodnik wrote: On (18/02/15 16:36), Stephen Gallagher wrote: On Tue, 2015-02-10 at 23:40 +0100, Lukas Slebodnik wrote: ehlo, Attached patches: * drop support for python 2.6

Re: [SSSD] [PATCHES] BUILD: Add possibility to build python{2, 3} bindings

On Tue, 2015-02-10 at 23:40 +0100, Lukas Slebodnik wrote: ehlo, Attached patches: * drop support for python 2.6 * fix packaging of binding (backward incompatible change) * add possibility to build python{2,3} bindings There are also small other enhancements. Patch 0005-0013: Ack

Re: [SSSD] sssd-devel@lists.fedorahosted.org

On Thu, 2015-02-12 at 19:32 +0100, Lukas Slebodnik wrote: ehlo, attached is a simple patch for ticket #2572 My reproducer: * start sssd * attach gdb to some service e.g. nss - DO NOT RUN any command (we just need to simulate unresponsive service) * wait until monitor send SIGKILL

Re: [SSSD] [PATCH] LDAP: Inform about small range size

On Fri, 2015-01-23 at 17:27 +0100, Jakub Hrozek wrote: On Fri, Jan 23, 2015 at 05:24:51PM +0100, Michal Židek wrote: On 01/23/2015 04:35 PM, Lukas Slebodnik wrote: On (23/01/15 10:21), Stephen Gallagher wrote: On Fri, 2015-01-23 at 14:39 +0100, Lukas Slebodnik wrote: ehlo

Re: [SSSD] [PATCH] LDAP: Inform about small range size

On Fri, 2015-01-23 at 14:39 +0100, Lukas Slebodnik wrote: ehlo, I was reprodicing other bug and it took me some time to find out why I was not able to resolve user. RID was bigger than range size. I saw just general message about id mapping failer [sdap_save_user] (0x0400): Processing

Re: [SSSD] [PATCHES] AD: support for AD site override

On Mon, 2015-01-19 at 09:58 +0100, Jakub Hrozek wrote: On Mon, Jan 19, 2015 at 09:39:41AM +0100, Pavel Reichl wrote: man page: Specify AD site client should try to connect to. Specify AD site to which client should try to connect. Which one sounds better? I don't care much, maybe

Re: [SSSD] [PATCH] GPO: add systemd-user to default gpo list

On Wed, 2015-01-14 at 13:34 +0100, Pavel Reichl wrote: On 01/13/2015 08:39 PM, Stephen Gallagher wrote: On Tue, 2015-01-13 at 18:58 +0100, Pavel Reichl wrote: Hello, please see simple patch attached. Thanks! Nack. First, what exactly is this service doing? I don't think

Re: [SSSD] [PATCH] GPO: add systemd-user to default gpo list

On Tue, 2015-01-13 at 18:58 +0100, Pavel Reichl wrote: Hello, please see simple patch attached. Thanks! Nack. First, what exactly is this service doing? I don't think we would want to map it to ServiceLogonRight. That's intended for granting access to the machine from a service (as

[SSSD] [PATCH] monitor: Service restart fixes

02417814befc89609e2ca6490a4791de5032dc99 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher sgall...@redhat.com Date: Wed, 10 Dec 2014 14:16:49 -0500 Subject: [PATCH] monitor: Service restart fixes There are actually two bugs here: 1) When either the kill(SIGTERM) or kill(SIGKILL) commands returned failure (for any reason), we

Re: [SSSD] [PATCH] monitor: Service restart fixes

On Wed, 2014-12-10 at 14:59 -0500, Stephen Gallagher wrote: There are actually two bugs here: 1) When either the kill(SIGTERM) or kill(SIGKILL) commands returned failure (for any reason), we would talloc_free(svc) which removed it from being eligible for restart, resulting in the service

Re: [SSSD] sssd.conf ownership

On Sat, 2014-11-22 at 14:24 +0100, Jakub Hrozek wrote: On Fri, Nov 21, 2014 at 04:26:58PM -0500, Stephen Gallagher wrote: On Fri, 2014-11-21 at 20:03 +0100, Jakub Hrozek wrote: Hi, I was going through our design page that describes the rootless sssd and I'd like

Re: [SSSD] sssd.conf ownership

On Fri, 2014-11-21 at 20:03 +0100, Jakub Hrozek wrote: Hi, I was going through our design page that describes the rootless sssd and I'd like to discuss the default ownership of sssd.conf a bit more. In the design document we proposed to change the default ownership to sssd.sssd. This

Re: [SSSD] [PATCH] BUILD: Use $(MKDIR_P) in Makefile.am

On Fri, 2014-10-03 at 16:46 +0200, Jakub Hrozek wrote: Hi, While I was talking to the Fedora automake maintainer about an enhancement related to test environment, he suggested to make the change in the attached patch. How far back does that macro go? Does it cover all platforms that

Re: [SSSD] [PATCH] AD: conflicting gpo policy settings not being resolved correctly

On Thu, 2014-10-02 at 11:45 +0200, Jakub Hrozek wrote: On Wed, Oct 01, 2014 at 10:50:26PM -0400, Stephen Gallagher wrote: Sorry it took me so long to finish this review. The code is mostly right, but I found three issues that needed to be addressed before we could commit it. 1

Re: [SSSD] [PATCH] GPO: remove unused talloc contexts

On Thu, 2014-10-02 at 19:29 +0200, Lukas Slebodnik wrote: ehlo, Talloc context was not used in functions ad_gpo_parse_gpo_child_response ad_gpo_process_cse_recv, ad_gpo_store_policy_settings. Patch is attached. Ack signature.asc Description: This is a digitally signed message part

Re: [SSSD] [PATCH] GPO: Use argument ndg_flags instead of constant

On Thu, 2014-10-02 at 19:27 +0200, Lukas Slebodnik wrote: ehlo, Some internal gpo functions [1] were called just once and with constant NDR_SCALARS as 2nd argument(ndr_flags), but 2nd argument was not used in these functions[1]. They used constant NDR_SCALARS. [1]

Re: [SSSD] [PATCH] AD: conflicting gpo policy settings not being resolved correctly

:00:00 2001 From: Stephen Gallagher sgall...@redhat.com Date: Wed, 1 Oct 2014 20:42:31 -0400 Subject: [PATCH 1/2] AD GPO: Fix incorrect return of EACCES In the access providers, we expect to receive ERR_ACCESS_DENIED when access is denied, but we were returning EACCES here. The effect was the same

Re: [SSSD] [PATCH] AD: conflicting gpo policy settings not being resolved correctly

On Wed, 2014-10-01 at 22:50 -0400, Stephen Gallagher wrote: On Thu, 2014-09-11 at 23:51 -0400, Yassir Elley wrote: - Original Message - - Original Message - Hi, The attached patch fixes ticket #2437 (conflicting gpo policy settings

Re: [SSSD] [PATCH] AD GPO: Fix incorrect sAMAccountName selection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/25/2014 04:56 AM, Jakub Hrozek wrote: On Wed, Sep 24, 2014 at 11:10:00AM -0400, Stephen Gallagher wrote: We were assuming that the ad_hostname value would match the sAMAccountName attribute, but in practice this was almost never the case

Re: [SSSD] [PATCH] AD GPO: Fix incorrect sAMAccountName selection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/25/2014 03:40 PM, Stephen Gallagher wrote: On 09/25/2014 04:56 AM, Jakub Hrozek wrote: On Wed, Sep 24, 2014 at 11:10:00AM -0400, Stephen Gallagher wrote: We were assuming that the ad_hostname value would match the sAMAccountName attribute

[SSSD] [PATCH] UTIL: Do not change SSSD domains in get_domains_head

iEYEARECAAYFAlQi3YEACgkQeiVVYja6o6PqAACgjb4ISPCELnMMBIoKKHX/tj8r UdgAmQHRTCMC0BQo8oBlFy4ZKNj1gshs =AaTR -END PGP SIGNATURE- From fee75b35053029a9b856a231f99fa607bd91e8e4 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher sgall...@redhat.com Date: Wed, 24 Sep 2014 11:00:44 -0400 Subject: [PATCH] UTIL: Do not change SSSD domains in get_domains_head

[SSSD] [PATCH] AD GPO: Fix incorrect sAMAccountName selection

17 00:00:00 2001 From: Stephen Gallagher sgall...@redhat.com Date: Tue, 23 Sep 2014 17:44:41 -0400 Subject: [PATCH] AD GPO: Fix incorrect sAMAccountName selection --- src/providers/ad/ad_gpo.c | 20 +++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/src/providers/ad

Re: [SSSD] Patch to fix incorrect PAM return code when user enters invalid credentials

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/28/2014 10:00 PM, John Koelndorfer wrote: Hey folks, Some quick background on this small patch I prepared. I run sssd on my desktop (and servers) to authenticate against a Samba 4 DC. I found that when I attempted to log in via KDM and

Re: [SSSD] Patch to fix incorrect PAM return code when user enters invalid credentials

On 09/03/2014 07:59 PM, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/28/2014 10:00 PM, John Koelndorfer wrote: Hey folks, Some quick background on this small patch I prepared. I run sssd on my desktop (and servers) to authenticate against a Samba 4 DC. I

Re: [SSSD] [PATCH] Ignore referrals when ldap_referrals=false

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/20/2014 09:20 AM, Jakub Hrozek wrote: Hi, with the current SSSD code, an LDAP search that results in a referral fails completely with EIO and usually sends the whole backend to offline mode. I think this is too strict and if the admin

Re: [SSSD] [PATCHES] sss_case = preserving

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/22/2014 09:32 AM, Michal Židek wrote: On 07/22/2014 02:49 PM, Pavel Reichl wrote: On 07/22/2014 02:03 PM, Pavel Reichl wrote: I finally tested the patches and it seems to me to be working with AD and LDAP provider, but does not seem to

Re: [SSSD] [PATCH] ldap_opts: Get rid on 389ds specific values in rfc2307bis schema

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/20/2014 03:20 PM, Jakub Hrozek wrote: On Fri, Jul 18, 2014 at 05:32:09PM +0200, Lukas Slebodnik wrote: On (18/07/14 16:34), Jakub Hrozek wrote: On Thu, Jul 17, 2014 at 04:35:31PM +0200, Lukas Slebodnik wrote: ehlo, There is problem with

Re: [SSSD] [PATCH][ding-libs] SPEC: Do not call autoreconf on epel5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/10/2014 05:46 AM, Lukas Slebodnik wrote: On (07/07/14 20:22), Stephen Gallagher wrote: On 07/07/2014 10:05 AM, Lukas Slebodnik wrote: ehlo, There is a bug in old version of autotools which cause compilation problems ./libtool: line

Re: [SSSD] [PATCH][ding-libs] SPEC: Do not call autoreconf on epel5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/10/2014 12:24 PM, Lukas Slebodnik wrote: On (10/07/14 10:51), Stephen Gallagher wrote: On 07/10/2014 05:46 AM, Lukas Slebodnik wrote: On (07/07/14 20:22), Stephen Gallagher wrote: On 07/07/2014 10:05 AM, Lukas Slebodnik wrote: ehlo

Re: [SSSD] [PATCH][ding-libs] SPEC: Do not call autoreconf on epel5

+sI1MejCE3twXL0xN zdQAnAh0vTyRjqIdt3tk6qSDHGv/xa6i =GP2r -END PGP SIGNATURE- From f31135f1abc3d856d9a5818b1a60dbb8414a6e5d Mon Sep 17 00:00:00 2001 From: Stephen Gallagher sgall...@redhat.com Date: Mon, 7 Jul 2014 20:14:36 -0400 Subject: [PATCH] Fix specfile for RHEL5 RHEL5 uses an old

  1   2   3   4   5   6   7   8   9   10   >