Config problem or bug(?) with sssd and Windows AD 2008
by Patrick Grieshaber
Hello folks,
first let me say that the sssd project is great and I am lucky that this
project is available for CentOS/Redhat through the EPEL repo :-).
I've installed version sssd-1.2.1-27.el5.x86_64 and I want to be able to
fetch user infos plus enable login through AD 2008 - but I fail..
sssd.conf:
[domain/example.com]
enumerate = false
id_provider = ldap
chpass_provider = krb5
ldap_uri = ldap://dc1.example.com, ldap://dc2.example.com
ldap_search_base = dc=example,dc=com
tls_reqcert = demand
ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
ldap_tls_cacertdir = /etc/pki/tls/certs
ldap_default_bind_dn = CN=serviceuser,DC=example,DC=com
ldap_default_authtok_type = password
ldap_default_authtok = serviceuserpassword
ldap_user_name = sAMAccountName
ldap_search_base = OU=IT,DC=example,DC=com
ldap_pwd_policy = none
ldap_user_object_class = person
ldap_schema = rfc2307bis
ldap_user_principal = userPrincipalName
ldap_user_uid_number = sAMAccountName
ldap_user_gid_number = sAMAccountName
ldap_user_uuid = sAMAccountName
ldap_user_fullname = displayName
# kerberos config
auth_provider = krb5
krb5_kdcip = dc1.example.com
krb5_realm = EXAMPLE.COM
krb5_changepw_principle = kadmin/changepw
krb5_ccachedir = /tmp
krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX
krb5_auth_timeout = 15
For debugging reasons I run: sssd -d9
Here the output if I attempt: su - myuser(a)example.com
...snip...
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_get_generic_send]
(6): calling ldap_search_ext with
[(&(sAMAccountName=myuser)(objectclass=person))][OU=IT,DC=example,DC=com].
...snip...
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_process_result]
(8): Trace: sh[0x8f876c0], connected[1], ops[0x8f87500], ldap[0x8f876f0]
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_process_result]
(8): Trace: ldap_result found nothing!
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_process_result]
(8): Trace: sh[0x8f876c0], connected[1], ops[0x8f87500], ldap[0x8f876f0]
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_parse_entry] (9):
OriginalDN: [CN=my,OU=IT,DC=example,DC=com].
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_process_result]
(8): Trace: sh[0x8f876c0], connected[1], ops[0x8f87500], ldap[0x8f876f0]
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_get_generic_done]
(6): Search result: Success(0),
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_get_users_process]
(6): Search for users, returned 1 results.
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_process_result]
(8): Trace: sh[0x8f876c0], connected[1], ops[(nil)], ldap[0x8f876f0]
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_process_result]
(8): Trace: ldap_result found nothing!
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [ldb] (9): start ldb
transaction (nesting: 0)
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_save_user_send]
(9): Save user
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_save_user_send]
(1): no uid provided for [myuser] in domain [example.com].
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_save_users_process]
(2): Failed to store user 0. Ignoring.
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [ldb] (9): commit ldb
transaction (nesting: 0)
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_get_users_done]
(9): Saving 1 Users - Done
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [acctinfo_callback] (4):
Request processed. Returned 0,0,Success
And su outputs: su: user myuser(a)example.com does not exist
What is wrong? I do the mapping of a uid/gid... any help is appreciated!
Thank you,
pat
--
Patrick Grieshaber
Mobile: +41 (0)79 215 63 79
Xing: xing.com/profile/Patrick_Grieshaber
Skype: patrickgrieshaber
GPG Key Fingerprint
0252 0C05 410E C345
1AC7 7530 98ED B18E
62CB CF04
12 years, 7 months
[PATCHES] Patches for Coverity issues in ding-libs INI
by Dmitri Pal
Hello,
10034
Patch attached
10041
No patch. It is currently fixed on master and on 0.1.x the code is not used.
This issue should be dismissed.
10042
No patch. It is currently fixed on master and on 0.1.x the code is not used.
This issue should be dismissed.
10044
Patch attached
10048
Patch attached. Patch was developed on master but since this code has not changed for a long time
the patch should also apply to the 0.1.x branch. The patch name is "COLLECTION-Initializing-variables-in-test".
10071
Patch attached.
10072
Patch attached.
10073
Patch attached.
10076
Patch attached.
10077
Patch attached.
Also there is an attempt to sort out issues 10078 - 10079. See patch
comments.
The only remaining Coverity issue is:
10075
I want to redo the way we deal with paths to config files across the whole test.
Stay tuned for the patch.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
12 years, 8 months
users can't see secondary groups
by GOLLSCHEWSKY, Tim
Hi all.
I'm running sssd on RHEL6 and seem to have a problem seeing secondary/auxiliary groups for logged in users.
I'm using SASL/Kerberos/LDAP authentication to an AD backend. I'm using this config:
[domain/KRB5DOMAIN]
enumerate = true
cache_credentials = True
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_schema = rfc2307bis
ldap_user_object_class = user
ldap_group_object_class = group
ldap_user_member_of = msSFU30PosixMemberOf
ldap_group_member = msSFU30PosixMember
ldap_uri = ldap://xxx.xxx.xxx/
ldap_search_base = dc=xxx,dc=xxx,dc=xxx
ldap_group_search_base = ou=Groups,dc=xxx,dc=xxx,dc=xxx
ldap_sasl_mech = gssapi
ldap_sasl_authid = host/hostname.xxx.xxx.xxx(a)xxx.xxx.xxx
ldap_krb5_keytab = /etc/krb5.keytab
ldap_krb5_init_creds = true
krb5_realm = xxx.xxx.xxx
Logging in works fine, and I can specify an "ldap_access_filter" to limit the people who can log into the machine by the AD groups they are in and it works a treat.
The problem I have is: when I log in I can not see the secondary groups that my userid is in. When I run "id" or "groups", I only see my primary group:
[tim@rhel6 ~]$ groups
sysadm
If I run the "groups" command on a RHEL5 system (using ldap/krb5/pam_ldap), you see many groups:
[tim@rhel5 ~]$ groups
sysadm unixdef edc0002 midrange midora cifrs cifru yyyyy cdirt pdiru jbsrt cdir cdird edcrt cdiri voiru voirs estrt pc4rt middlemr pc4ru insrd insrt insrs fess dplrt dplru sdsdev sdsrd gwrrt mmsrt cbsrt hudru jirru sybau aimru aimrs svnr fshru oggat rmbat aairu aairs pdirs ecors ecoru frirt esvru nexru xyzrt xxxrt kkrt dumrt tabrs tabrt
I've been through the red hat bugzilla and sssd trac and I don't see a solution. I have set my schema to "rfc2307bis"<https://bugzilla.redhat.com/show_bug.cgi?id=580402> and I have enumerate = true<https://bugzilla.redhat.com/show_bug.cgi?id=626775>.
I'm wondering if sssd only grabs the first 1000 users and 1000 groups and then stops:
[root@rhel6 /]# grep 1000 /var/log/sssd/sssd_KRB5DOMAIN.log
(Tue Dec 21 14:50:11 2010) [sssd[be[KRB5DOMAIN]]] [sdap_get_users_process] (6): Search for users, returned 1000 results.
(Tue Dec 21 14:50:17 2010) [sssd[be[KRB5DOMAIN]]] [sdap_get_users_done] (9): Saving 1000 Users - Done
(Tue Dec 21 14:50:21 2010) [sssd[be[KRB5DOMAIN]]] [sdap_get_groups_process] (6): Search for groups, returned 1000 results.
(Tue Dec 21 14:50:36 2010) [sssd[be[KRB5DOMAIN]]] [sdap_get_groups_done] (9): Saving 1000 Groups - Done
[root@rhel6 ~]# getent group | wc -l
1049
[root@rhel6 ~]# wc -l /etc/group
49 /etc/group
Could it be because our AD has many more than 1000 users and 1000 groups? If so, if there any way to increase this limit?
Alternatively, if we there was a group search filter option that would also reduce the number of groups to enumerate, but I see this feature has already been requested<https://fedorahosted.org/sssd/ticket/647>.
I'm not convinced this 1000 record limit exists or is even the root cause of my problem though. If there's anything you guys can suggest I'd be most appreciative.
Many thanks,
Tim.
________________________________
This e-mail is sent by Suncorp-Metway Limited ABN 66 010 831 722 or one of its related entities "Suncorp".
Suncorp may be contacted at Level 18, 36 Wickham Terrace, Brisbane or on 13 11 55 or at suncorp.com.au.
The content of this e-mail is the view of the sender or stated author and does not necessarily reflect the view of Suncorp. The content, including attachments, is a confidential communication between Suncorp and the intended recipient. If you are not the intended recipient, any use, interference with, disclosure or copying of this e-mail, including attachments, is unauthorised and expressly prohibited. If you have received this e-mail in error please contact the sender immediately and delete the e-mail and any attachments from your system.
If this e-mail constitutes a commercial message of a type that you no longer wish to receive please reply to this e-mail by typing Unsubscribe in the subject line.
12 years, 9 months
[PATCH] Remove unnecessary po4a BuildRequires
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It was breaking the build on RHEL 5 and RHEL 6, and is no longer
necessary after Sumit's patch.
Pushed to master under the one-liner and unbreak-the-build rules.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0TmZIACgkQeiVVYja6o6MuEQCfRnKbdVJyO6dZlbShgkpri4q5
wBwAniPz9oTia1Q5LaeuVrKwOhMmoek/
=FIOg
-----END PGP SIGNATURE-----
12 years, 9 months
[PATCH] Build and install translated man pages by default
by Sumit Bose
Hi,
with the current layout it is possible to build the translated man pages
from the tar ball without po4a. So there is no reason why not build and
install them by default. This patch tries to do this.
bye,
Sumit
12 years, 9 months
Fwd: [Transifex] File submitted via email to SSSD | master
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ack and pushed attached patch to master.
- -------- Original Message --------
Subject: [Transifex] File submitted via email to SSSD | master
Date: Thu, 23 Dec 2010 16:18:47 -0000
From: transifex-app(a)fedoraproject.org
To: sgallagh(a)fedoraproject.org
Hello sgallagh, this is Transifex at http://translate.fedoraproject.org/tx/.
The following attached files were submitted to SSSD | master by yurchor
<yurchor(a)fedoraproject.org>
Please, visit Transifex at
http://translate.fedoraproject.org/tx//projects/p/sssd/c/master/ in
order to see the component page.
Thank you,
Transifex
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0TeeYACgkQeiVVYja6o6MV0wCfeNXPdKAjdmP7yJxxhYYnbV0E
lAYAn2R/DESmT5c5rCz+f28IRfPTXwJH
=8DjS
-----END PGP SIGNATURE-----
12 years, 9 months
Fwd: [Transifex] File submitted via email to SSSD | master
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Transifex upgrade seems to be having trouble sending translations to
this list (though as admin of the project I received the update directly)
Acked, and attached patch pushed to master.
- -------- Original Message --------
Subject: [Transifex] File submitted via email to SSSD | master
Date: Thu, 23 Dec 2010 08:07:29 -0000
From: transifex-app(a)fedoraproject.org
To: sgallagh(a)fedoraproject.org
Hello sgallagh, this is Transifex at http://translate.fedoraproject.org/tx/.
The following attached files were submitted to SSSD | master by raven
<raven(a)fedoraproject.org>
Please, visit Transifex at
http://translate.fedoraproject.org/tx//projects/p/sssd/c/master/ in
order to see the component page.
Thank you,
Transifex
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0TS3EACgkQeiVVYja6o6Nk0ACgowitAm6HQ5eTOua1hf5qu1t6
h1MAnAlORTWAR2+MkGHoZfiDXTxr821l
=fmXh
-----END PGP SIGNATURE-----
12 years, 9 months
Announcing the release of SSSD 1.5.0
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The SSSD team is proud to announce the latest enhancement release of the
System Security Services Daemon.
The source tarball is available at https://fedorahosted.org/sssd
== Highlights ==
* Fixed issues with LDAP search filters that needed to be escaped
* Add Kerberos FAST support on platforms that support it
* Reduced verbosity of PAM_TEXT_INFO messages for cached credentials
* Added a Kerberos access provider to honor .k5login
* Addressed several thread-safety issues in the sss_client code
* Improved support for delayed online Kerberos auth
* Significantly reduced time between connecting to the network/VPN and
acquiring a TGT
* Added feature for automatic Kerberos ticket renewal
* Provides the kerberos ticket for long-lived processes or cron jobs
even when the user logs out
* Added several new features to the LDAP access provider
* Support for 'shadow' access control
* Support for authorizedService access control
* Ability to mix-and-match LDAP access control features
* Added an option for a separate password-change LDAP server for those
platforms where LDAP referrals are not supported
* Added support for manpage translations
== Detailed Changelog ==
Jakub Hrozek (5):
* Always use uint32_t for UID/GID numbers
* Internal DNS resolver should check /etc/hosts
* Allow protocol fallback for SRV queries
* Make manual pages translatable
* Add Czech translation
Jan Zeleny (1):
* Option krb5_server is now used to store a list of KDCs instead of
krb5_kdcip.
Marko Myllynen (1):
* Fix a typo in sssd-krb5 man page
Moritz Baumann (1):
* Fix misused SDAP_SEARCH_BASE
Piotr Drąg (1):
* Updating pl translation
Simo Sorce (6):
* sss_client: make code thread-safe
* Pass sdap_id_ctx in sdap_id_op functions.
* ldap: remove variable that was never assigned nor used
* ldap: add checks to determine if USN features are available.
* ldap: Use USN entries if available.
* Fix wrong test in pam_sss
Stephen Gallagher (58):
* Write log opening failures to the syslog
* Improve versioning for automated builds
* Bumping version to 1.5.0 dev
* Fix incorrect free of req in krb5_auth.c
* Don't clean up groups for which a user has it as primary GID
* Handle errors during log reopening better
* Properly check the return value from semanage_commit
* Add utility function to sanitize LDAP/LDB filters
* Add sysdb utility function for sanitizing DN
* Sanitize search filters for the sysdb
* Sanitize sysdb search filters in the IPA provider
* Sanitize sysdb filters in the LDAP provider
* Sanitize sysdb DN helpers
* Sanitize search filters in memberOf plugin
* Sanitize sysdb dn for memberof lookup
* Add unit tests for users and groups with odd characters
* Sanitize search filters in LDAP provider
* Properly document ldap_purge_cache_timeout
* Sanitize ldap attributes in the config file
* Fix cast warning for pam_sss.c
* Fix const cast warning for sysdb_update_members
* Fix const cast warning in build_attrs_from_map
* Fix const cast issue with sysdb_attrs_users_from_str_list
* Fix const cast warning in confdb_create_ldif
* Fix const cast warnings in tests
* Fix incorrect type comparison
* Log startup errors to syslog
* Ensure that SSSD shuts down completely before restarting
* Fix authentication queue code for proxy auth
* Wait for all children to exit
* Add signal documentation to sssd(8)
* Print correct error messages for dp_err_to_string()
* Make default SIGTERM and SIGINT handlers use tevent
* Resend SIGTERM if child doesn't terminate
* Set up signal handlers before initializing sysdb
* Make sure that sss_obfuscate installs as executable
* Move sss_* tools into their own subpackage
* Remove IPA_ACCESS_TIME define
* Add group support to the simple access provider
* Fix timeouts for DNS resolver
* Reschedule the fd timeout for secondary lookups
* Eliminate possible NULL-dereference in pam_check_user_search
* Add missing break statement to sss_hash_create
* Prevent uninitialized value error in monitor_quit
* Fix invalid sizeof in pidfile
* Fix segfault for PAM_TEXT_INFO conversations
* Fix unchecked return value in sss_krb5_verify_keytab_ex
* Fix unsafe return condition in ipa_access_handler
* Fix uninitialized value error in set_local_and_remote_host_info
* Fix unchecked return value in test_sysdb_attrs_to_list
* Fix unchecked return value in set_nonblocking
* Start first enumeration immediately
* Add sysdb_has_enumerated and sysdb_set_enumerated helper functions
* Pass all PAM data to the LDAP access provider
* Add authorizedService support
* Ensure ID is checked in all domains for PAM
* Update the ID cache for any PAM request
* Committing new translation updates for release
Sumit Bose (79):
* Add ldap_deref option
* Add some missing ldap_memfree()
* Download only enabled IPA HBAC rules
* Add netgroups infrastructure to proxy provider
* Implement netgroups for proxy provider
* Remove all nss requests after a reconnect
* Always use talloc_zero() to allocate cmdctx
* Fix double free issue
* Allow authentication for referrals
* Mention ding-libs in BUILD.txt
* Fix two return value checks
* Store krb5 auth context for other targets
* Add infrastructure for Kerberos access provider
* Add krb5_get_simple_upn()
* Make krb5_setup() public
* Add krb5_kuserok() access check to krb5_child
* Make handle_child_* request public
* Call krb5_child to check access permissions
* Add defaultNamingContext to RootDSE attributes
* Use (default)namingContext to set empty search bases
* Make ldap_search_base a non-mandatory option
* Review comments for namingContexts patches
* Avoid long long in messages to PAM client use int64_t
* Introduce pam_verbosity config option
* Add missing error code
* Fix offline detection for LDAP auth/chpass
* Fix man page
* Use a more efficient host search filter
* Add SIGUSR2 to reset offline status
* fix typo in get_server_status()
* Fix a typo on setup_netlink()
* Daemonize by default
* Run checks before resetting offline state
* Fix offline detection in sdap_cli_connect request
* Add check_online method to LDAP ID provider
* Add a special filter type to handle enumerations
* Send authtok_type to krb5_child
* Add a renew task to krb5_child
* Check authtok type for krb5 auth and chpass
* Add krb5_renewable_lifetime option
* Add krb5_lifetime option
* Add support for server-side pam response messages
* krb5_child returns TGT lifetime
* Add support for automatic Kerberos ticket renewal
* Allow krb5 lifetime values without a unit
* Make string_to_shadowpw_days() public
* Add new account expired rule to LDAP access provider
* Add ldap_chpass_uri config option
* Refactor krb5_child to make helpers more flexible
* Add support for FAST in krb5 provider
* Mark unavailable Kerberos server as PORT_NOT_WORKING
* Replace krb5_kdcip by krb5_server in LDAP provider
* Fix build issue with older Kerberos library
* Remove check_access_time() from IPA access provider
* Bye, bye, ipa_timerules
* Fix unchecked return value in sdap_get_msg_dn()
* Fix unchecked return value in sdap_parse_entry()
* Remove unused newauthtok variable in LOCAL_pam_handler
* Fix improper NULL check in fo_add_srv_server()
* Fix incorrect return value on failure in resolve_get_domain_send()
* Fix incorrect return value on failure in check_and_export_options()
* Fix uninitialized value error in sdap_account_expired_shadow()
* Fix uninitialized value error in setup_test in fail_over-tests.c
* Fix improper bit manipulation in pam_sss
* Fix possible memory leak in sss_nss_recv_rep()
* Fix uninitialized value error in main() in stress-tests.c
* Fix possible memory leak in do_pam_conversation
* Fix another possible memory leak in sss_nss_recv_rep()
* Fix memory leak of library handle in proxy
* Fix uninitialized value error in lookup_netgr_step()
* Fix possible NULL-dereference in lookup_netgr_step()
* Avoid multiple initializations in LDAP provider
* Introduce sss_hash_create_ex()
* Fixes for automatic ticket renewal
* Serialize requests of the same user in the krb5 provider
* Update config API files
* Add all values of a multi-valued user attribute
* Remove unused member of a struct
* Fix potential NULL-dereference in krb5_auth_done()
Yuri Chornoivan (1):
* Updating uk translation
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0SSPgACgkQeiVVYja6o6NB5gCdFbTQxLCNdOOOM87A2Ieh7iA5
yZQAoKL/YL8VZb2jFe2QzADqi0ci8SOB
=3C8c
-----END PGP SIGNATURE-----
12 years, 9 months
[Transifex] Upgraded to 1.0, Woohoo!
by Transifex Newsletter
Upgrade to Transifex 1.0, woohoo!
A fresh road leading to increased stability and awesome future plans.
Please fasten seat belts and remain calm for takeoff.
Dear fellow Transifexian,
We've just finished upgrading, testing, bugfixing and polishing a super
major upgrade of Transifex.net. We're psyched with the new features and
the scalability the release brings, as well as the control and options
added to everyone's workflow.
We've went on and re-written the core Transifex Translation Storage Engine
from scratch. If you were wondering what have we been cooking in the last 6
months, since the last newsletter was sent, well, this is it. Transifex is
gradually becoming "git for translations". We now have a solid foundation on
top of which we can continue making Transifex available to a bigger audience
and continue innovating on the service. The new engine can handle way more
fine-grained precision than before, since it is now working on the very
strings inside your translation files.
_Major changes_
The new version [9]brings some big changes to the traditional workflow used
by project maintainers. In particular:
1. Translations are now _stored inside Transifex_ instead of
being auto-committed to the versioning systems. Project maintainers will
now have to use a _command-line client_ to export the translation files
from Transifex, e.g. right before a software release. The command-line
client is continuously enriched with new functionality, and will
eventually become something like 'a vcs for translations'.
2. Instead of cloning the whole VCS repository, Transifex can now _monitor
a source language file_ using a public HTTP link to it, such as your
GitHub "raw" URL link to the English PO file. The command-line client
can also be used to push the source language files, such as after a
string freeze.
3. Support for more translation sources, such as _QT's .ts_ file format
were added. We're already testing _Joomla .ini_ files and others.
Links:
9. http://help.transifex.net/user-guide/one-dot-zero.html?utm_source=Transif...
Moar featurez:
* Translation file metadata auto-updating (PO headers)
* Clone a language (useful for en-GB, fr-CA, etc.)
* Non-English Source Languages for resources
* Web Editor: Translate from Multiple Source Languages,
Translation suggestions, Keyboard Shortcuts
* Basic support for Translation Memory
* AJAX support in many places, including the web editor and common screens
* 100 new languages, now reaching 261
* [10]Application Programmable Interface
* New [11]Transifex.net Help Section
Links:
10. http://help.transifex.net/technical/api/api.html?utm_source=Transifex+New...
11. http://help.transifex.net?utm_source=Transifex+Newsletter&utm_campaign=98...
_Migrating your project_
If you’re a translator, the only differences you will notice are the UI
improvements we made. More AJAX, nicer controls on your files, incremental
saves in the web editor.
If you’re a developer, please refer to the section [12]Migrating
Your Project to make sure your code and workflow are migrated.
Basically you’ll need to start using a command-line tool, similarly to how
you interact with your own versioning system. Then, you can run a couple of
commands on your local workstation to pull fresh files from Transifex
whenever is needed -- e.g. before you release your software. To make this
process automated, Makefile rules are our friends. We understand that this
might require some extra work, but we really think it's worth it in the long
term!
This was a very big step for our small team and large codebase, so please
bear with us while we're learning and getting more experienced with
smooth upgrades. If you have any questions, take a look at the [13]FAQ, or
contact us directly at support(a)indifex.com. If you need assistance over the
telephone or Skype, just let us know straight away. For live,
community-based IRC support, you may find us on #transifex on Freenode.
Links:
12. http://help.transifex.net/user-guide/one-dot-zero.html?utm_source=Transif...
13. http://help.transifex.net/user-guide/one-dot-zero.html?utm_source=Transif...
Let a thousand languages bloom!
About Transifex
[14]Transifex is a one-stop, batteries-included Localization Hub, helping
developers reach out to an international user-base. Transifex supports
translations over standard formats, straight from the development
repository. More than 2.000 projects and companies are using Transifex to an
international audience of many millions.
Links:
14. http://www.transifex.net?utm_source=Transifex+Newsletter&utm_campaign=98e...
Transifex is being developed by [15]Indifex, a fresh company based in sunny
Greece. We work closely with large corporations as well as a large number of
small-to-medium enterprises. Learn more about our work and our services at
www.indifex.com. Do you think we can help your company with its
Localization needs? [17]Get in touch with us.
Links:
15. http://www.indifex.com?utm_source=Transifex+Newsletter&utm_campaign=98eb4...
17. http://www.indifex.com/contact?utm_source=Transifex+Newsletter&utm_campai...
==============================================
Unsubscribe sssd-devel(a)lists.fedorahosted.org from this list:
http://transifex.us1.list-manage.com/unsubscribe?u=14154d471be565eb94c9e3...
12 years, 9 months
[PATCHES] Fix identity caching during PAM actions
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Patch 0001: I found a bug where the first domain in the list wasn't
being checked for whether it needed a cache update during PAM. We
weren't initializing the preq->check_provider variable.
Patch 0002: Add a new per-client option that maintains the time since
the last PAM request updated the cache (default: 5s). Changes the
behavior so that any PAM request (not just AUTH or SETCRED) that's
called will trigger an identity lookup, unless we're within the timeout.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0SIf4ACgkQeiVVYja6o6PfeACePPNxC4KlW+CHPCglJz5XqrtA
dSAAoIuFc0bCDaqFX4A9jNJs8iZNZDRo
=FDwz
-----END PGP SIGNATURE-----
12 years, 9 months
