[SSSD-users] Re: case sensitive email

On Fri, Nov 10, 2017 at 02:53:55PM +, Galen Johnson wrote: > ?Hey, > > > We've recently noticed that users logging in using emails are having issues > when they use camel case but it works fine when all lower case. We haven't > changed the configs so > > > case_sensitive = preserving? >

[SSSD-users] Re: case sensitive email

It's possible that whatever is causing this is in the nss module since it appears that the lowercase address is found where mixed case is not. Previous comment pertained to domain logs. Just browsed the nss log. Still stymied... =G= From: Galen Johnson

[SSSD-users] Re: case sensitive email

Ignore the comment about the query missing. I started fresh and see the same query where the only difference is the case...however, where the mixed case fails, the lowcase continues. Even at debug level 10 I'm not seeing anything obvious as to why it moves on for the lowcase example. Up to

[SSSD-users] Re: case sensitive email

I've done a bit more digging and sssd handles the request differently when it's mixed case versus all lowercase...when it's mixed case, I see this search string in the logs (Mon Nov 13 22:50:11:092700 2017) [sssd[be[exnet]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with

[SSSD-users] Re: net groups with IPA

On ma, 13 marras 2017, Charles Hedrick wrote: While we’re on this subject, it would be useful for IPA to support netgroup.byhost. That would give signifiant advantages with Netapp. If that is supported, Netapp will look up the netgroups for a host every time a mount is done. Without it, they

[SSSD-users] Re: net groups with IPA

On ma, 13 marras 2017, Charles Hedrick wrote: Sure. We use netgroups for /etc/exports. The most natural format for triples is (host,,) That’s the format Netapp documents. By default, ipa netgroup-add-member uses (host,-,domain) where domain seems to come from our Kerberos domain. Netapp

[SSSD-users] Re: net groups with IPA

On ma, 13 marras 2017, Charles Hedrick wrote: So, the real issue is SSSD's inability to support empty netgroup domain part, right? Yes, that’s the real bug. It doesn’t appear that the other issues are serious, as I can’t find any real appiication that uses the NIS entries as triples. The sssd

[SSSD-users] Re: [SSSD] SSSD Virtual Test Suite

On Mon, Nov 13, 2017 at 11:16 AM, Pavel Březina wrote: > Hello, > > It took me a lot longer than I expected but here it is at last. This is my > set of scripts that use vagrant and Ansible to automatically provision > virtual environment that I use to develop and test SSSD. >

[SSSD-users] Re: net groups with IPA

> On Nov 13, 2017, at 12:51 PM, Alexander Bokovoy wrote: > > Not sure why you keep saying that. Your example showed only one entry. Suppose I want to generate (host1, user1,) (host2, user2,) I can use ipa netgroup-add-member —hosts=host1 —users=user1 ipa

[SSSD-users] Re: net groups with IPA

The netapp is using LDAP with RFC2307 for all name service. That include users, groups, and netgroups. What they are asking for is for LDAP to implement netgroup.byhost. It appears that AD does this. As far as I can tell, they are looking for nisMapName=netgroup.byhost accessed via LDAP. I

[SSSD-users] Re: net groups with IPA

> So, the real issue is SSSD's inability to support empty netgroup domain > part, right? Yes, that’s the real bug. It doesn’t appear that the other issues are serious, as I can’t find any real appiication that uses the NIS entries as triples. The sssd problem is moderately serious for me. I

[SSSD-users] Re: net groups with IPA

I just looked at documentation and source code. All the documentation I can find for netgroups leaves the semantics up to the application. The net group documentation does, however, imply that we’re dealing with a set of triples, not separate host and user lists. I checked the source for both

[SSSD-users] Re: net groups with IPA

While we’re on this subject, it would be useful for IPA to support netgroup.byhost. That would give signifiant advantages with Netapp. If that is supported, Netapp will look up the netgroups for a host every time a mount is done. Without it, they consider that reloading the whole net group file

[SSSD-users] Re: net groups with IPA

Sure. We use netgroups for /etc/exports. The most natural format for triples is (host,,) That’s the format Netapp documents. By default, ipa netgroup-add-member uses (host,-,domain) where domain seems to come from our Kerberos domain. Netapp documentation requests leaving that field blank,

[SSSD-users] Re: SSSD and SUDO not working

On (13/11/17 11:20), Andrea Passuello wrote: >Thanks all for the answers. > >This is the debug with level=10. > > >(Mon Nov 13 10:35:40 2017) [sssd[be[MYDOMAIN.COM]]] [sbus_dispatch] >(0x4000): dbus conn: 0xe76180 >(Mon Nov 13 10:35:40 2017) [sssd[be[MYDOMAIN.COM]]] [sbus_dispatch] >(0x4000):

[SSSD-users] Re: net groups with IPA

On ma, 13 marras 2017, Pavel Březina wrote: On 11/08/2017 11:47 PM, Charles Hedrick wrote: In my opinion the whole rfc3704bis implementation of net groups is wonky. RFC 3704bis does not exist. RFC3704 is about ingress filtering in multihome networks. Are you talking about RFC 2307bis? This

[SSSD-users] SSSD Virtual Test Suite

Hello, It took me a lot longer than I expected but here it is at last. This is my set of scripts that use vagrant and Ansible to automatically provision virtual environment that I use to develop and test SSSD. To create this environment you only need to run one command: $ ./setup.sh and