June 2010 - sssd-devel - Fedora Mailing-Lists

by David O'Brien

This time I'm wrestling with "native LDAP" vs any other sort of LDAP, and where does MS Active Directory fit in? afaik "native LDAP" just means LDAP provides the identities and does the authentication. If I'm using OpenLDAP or 389 that's easy enough. Switch to IPA and Kerberos does the auth (= not native LDAP, right?). What if I'm using MS Active Directory? Does that or can that do both? Does it provide identities and rely on Kerberos for auth? Should I not be using "native LDAP" at all to avoid confusion? "native" also comes up in the bug report* in relation to Kerberos: "Should provide an example of using the proxy identity provider in concert with the native Kerberos authentication." What's "native Kerberos"? That's probably enough for now. Remind me why I gave up coffee...? *https://bugzilla.redhat.com/show_bug.cgi?id=601870 -- David "We couldn't care less about comfort. We make you feel good." Federico Minoli CEO Ducati Motor S.p.A.

13 years, 10 months

4
10
0 / 0

last word on min_id default?

by David O'Brien

The src/examples/sssd.conf file still has min_id = 1000 in the Active Directory example. Is this by design or accident? -- David O'Brien Senior Technical Writer, Engineering Content Services Red Hat Asia Pacific Pty Ltd 193 North Quay, Brisbane "We couldn't care less about comfort. We make you feel good." Federico Minoli CEO Ducati Motor S.p.A.

13 years, 10 months

2
1
0 / 0

[PATCH] Fix potential resource leak in remove_tree_with_ctx()

by Stephen Gallagher

https://fedorahosted.org/sssd/ticket/515 -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/

13 years, 10 months

2
2
0 / 0

[PATCH] Initialize len before looping to read the pidfile

by Stephen Gallagher

https://fedorahosted.org/sssd/ticket/544 Pushed to master under the one-liner rule. -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/

13 years, 10 months

1
1
0 / 0

[PATCHES] Bugfixes for the negative cache

by Stephen Gallagher

Patch 0001: Ensure that all domains are checked for users/groups There was a bug in the negative cache checks (probably a leftover from when filter_users was global-only) that meant that if a user was filtered out of a domain, the remaining domains would not be checked for that user. (Same for groups/initgroups) Patch 0002: Refactor the negative cache Rename functions from nss_ncache_* to sss_ncache_* Move negative cache to responder/common and rename as negcache.c/h Patch 0003: Move setup of filter_users and filter_groups to negcache.c Creates a new function - sss_ncache_prepopulate() - that can be shared with other responders, such as PAM. Patch 0004: Honor filter_users in PAM. Previously, while the user was filtered out of NSS, we were still trying to authenticate against the user in PAM. See https://bugzilla.redhat.com/show_bug.cgi?id=596295 for more details. (Tested and verified that these patches fix that issue) -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/

13 years, 10 months

1
3
0 / 0

[PATCHES] Bugfixes for the negative cache (sssd-1-2)

by Stephen Gallagher

Patch 0001: Refactor the negative cache Rename functions from nss_ncache_* to sss_ncache_* Move negative cache to responder/common and rename as negcache.c/h Patch 0002: Move setup of filter_users and filter_groups to negcache.c Creates a new function - sss_ncache_prepopulate() - that can be shared with other responders, such as PAM. Patch 0003: Honor filter_users in PAM. Previously, while the user was filtered out of NSS, we were still trying to authenticate against the user in PAM. See https://bugzilla.redhat.com/show_bug.cgi?id=596295 for more details. (Tested and verified that these patches fix that issue) Differences from the version submitted to the master branch: Patch 0001: Not needed in sssd-1-2. There was a regression in the master branch that this patch fixed. Patch 0002: Rewritten, because the merge was overly-complicated. (Most of this patch is just a s/nss_ncache/sss_ncache/g Patch 0003: Applied cleanly Patch 0004: Trivial merge was clean. -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/

13 years, 10 months

2
2
0 / 0

[PATCHES] Bugfixes for the negative cache

by Stephen Gallagher

Patch 0001: Ensure that all domains are checked for users/groups There was a bug in the negative cache checks (probably a leftover from when filter_users was global-only) that meant that if a user was filtered out of a domain, the remaining domains would not be checked for that user. (Same for groups/initgroups) Patch 0002: Refactor the negative cache Rename functions from nss_ncache_* to sss_ncache_* Move negative cache to responder/common and rename as negcache.c/h Patch 0003: Move setup of filter_users and filter_groups to negcache.c Creates a new function - sss_ncache_prepopulate() - that can be shared with other responders, such as PAM. Patch 0004: Honor filter_users in PAM. Previously, while the user was filtered out of NSS, we were still trying to authenticate against the user in PAM. See https://bugzilla.redhat.com/show_bug.cgi?id=596295 for more details. (Tested and verified that these patches fix that issue) -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/

13 years, 10 months

1
0
0 / 0

missing patch for sssd.conf?

by David O'Brien

I'm running SSSD and IPA on F12. I have the following SSSD versions installed: [root@ipaserver ~]# rpm -qa | grep sss sssd-1.2.0-0.2010061620git6a7b745.fc12.i686 sssd-client-1.2.0-0.2010061620git6a7b745.fc12.i686 In the installed /etc/sssd/sssd.conf file there exists the following typo: # Add new domains condifgurations as [domain/<NAME>] sections. In the src/examples/sssd.conf file in the repo, this exists as: # Add new domain configurations as [domain/<NAME>] sections, There are several other changes that don't appear. I'm using the following SSSD repo; is it no longer valid? http://jdennis.fedorapeople.org/sssd12/fedora/$releasever/$basearch/os/ thanks -- David O'Brien Senior Technical Writer, Engineering Content Services Red Hat Asia Pacific Pty Ltd 193 North Quay, Brisbane "We couldn't care less about comfort. We make you feel good." Federico Minoli CEO Ducati Motor S.p.A.

13 years, 10 months

3
3
0 / 0

[PATCH] Standardize on correct spelling of "principal" for krb5

by Stephen Gallagher

Addresses https://fedorahosted.org/sssd/ticket/542 Attached is the patch for sssd-1-2 and for master (as they had some minor conflicts) -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/

13 years, 10 months

3
4
0 / 0

[PATCH] Do not throw NoOptionError or NoSuchProviderError in get_domain()

by Stephen Gallagher

Addresses https://bugzilla.redhat.com/show_bug.cgi?id=604704 We will now eliminate any unknown options and providers to guarantee that the domain is safe for use. -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/

13 years, 10 months

2
3
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel June 2010