> On Sun, Dec 18, 2011 at 05:37:17PM -0500, Stephen Gallagher wrote: > > On Dec 18, 2011, at 5:07 PM, Jakub Hrozek <jhro...@redhat.com> wrote: > > > On Fri, Dec 16, 2011 at 02:49:18PM -0500, Stephen Gallagher wrote: > > >> On Fri, 2011-12-16 at 14:02 +0100, Pavel Březina wrote: > > >>> https://fedorahosted.org/sssd/ticket/1105 (review ticket) > > >>> https://fedorahosted.org/sssd/ticket/623 (sudo integration) > > >>> > > >>> Hello, > > >>> it is finally here. > > >>> > > >>> These patches *assume* that "Responders: Split getting domain by name > > >>> into separate function" patch has been applied, it can be found in > > >>> "Ability to set a domain as case sensitive or insensitive" thread. > > >>> > > >>> Design page: > > >>> https://fedorahosted.org/sssd/wiki/DesignDocs/SUDOIntegrationNewAppro > > >>> ach > > >>> > > >>> What's left: > > >>> 1. implementing support of sssd in sudo sudoers plugin > > >>> 2. periodical update of all rules > > >>> 3. provide documentation > > >>> 4. in memory cache in responder > > >>> 5. refactor DP request using "RESPONDER: Refactor DP requests into > > >>> tevent_req style" patch > > >>> 6. provide few more configuration options > > >>> 7. support the IPA scheme > > >>> > > >>> How to configure it: > > >>> 1. configure --enable-all-experimental-features > > >>> > > >>> 2. sssd.conf: > > >>> services += sudo > > >>> domain options: sudo_provider, ldap_sudo_search_base > > >>> > > >>> How to test it: > > >>>> sss_sudo_cli username > > >>> > > >>> This will display rules for %username. It performs two lookups: > > >>> 1. using native sssd api to get and display raw date (it prints every > > >>> byte as char so don't be scared of silly characters that are shown > > >>> instead of numbers) > > >>> 2. using api that we provide to sudo and use it to display data in > > >>> user readable format > > >>> > > >>> Big thanks to Jakub, who has written whole sysdb api and a big part > > >>> of responder. > > >> > > >> I'm acking this and pushing it to master provisionally. It's > > >> self-contained code that only builds with the > > >> --enable-all-experimental-features flag, so we're going to break with > > >> our usual process here somewhat and get the changes in now. We'll > > >> tweak what needs tweaking during the 1.8.0 process, but there's no > > >> reason to hold it back in the meantime. > > >> > > >> I'm pushing the patches with one minor modification to the sysdb patch > > >> to fix a -Wformat-security warning due to passing a variable directly > > >> to a talloc_asprintf. > > >> > > >> Pushed to master. > > > > > > Thank you. I noticed on IRC that Jan expressed interest in reviewing > > > the patches. I still think this is a good idea. We could put the > > > review items into a new ticket and handle it in either 1.7 or 1.8. > > > _______________________________________________ > > > sssd-devel mailing list > > > sssd-devel@lists.fedorahosted.org > > > https://fedorahosted.org/mailman/listinfo/sssd-devel > > > > I agree. Please open a ticket. > > https://fedorahosted.org/sssd/ticket/1105
Thanks, I'll take a look at the code during this afternoon. Jan
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
