[PATCHES] Assorted specfile fixes
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Patch 0001: Minor specfile changes
We should be using BuildRequires: gettext-devel
Also, for best compatibility across multiple RPM-based distros, we
should be running autoreconf before configure.
This is how SSSD is built in RHEL and Fedora, this patch is provided to
bring them back into sync.
Patch 0002: Detect the proper location for memberof.so
Our configure script detects where the system version of libldb stores
its modules. This adds a mechanism to ensure that the specfile
automatically identifies this location as well (rather than requiring
manual edits to the %files section). Our automated build on Fedora
rawhide against libldb-1.0.0 was broken without this.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1ZjZQACgkQeiVVYja6o6O+owCggNscnfM4GaBnSbLApGybq9Nh
uOEAoKEV8qVOWer+8Lq9c0bLNwan99vs
=nRlq
-----END PGP SIGNATURE-----
13 years, 2 months
[PATCH] Verify LDAP file descriptor validity
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We weren't verifying that the file descriptor that we get back from
openldap was valid. This patch checks that the file descriptor is >= 0
before returning it.
There's another (arguable) bug here in libtevent. Libtevent should
probably not return success for tevent_add_fd() when fd < 0 (especially
since it crashes). I'll open a bug upstream.
Fixes https://fedorahosted.org/sssd/ticket/797 and
https://bugzilla.redhat.com/show_bug.cgi?id=676027
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1ZRxsACgkQeiVVYja6o6N9HQCcCas4ORYpjW9PiHAvSn0Avba/
5dYAoJOPVfWzVGB7KoZTq9uPNrEXBi7d
=kWO0
-----END PGP SIGNATURE-----
13 years, 2 months
[PATCH] Check LDB_MODULES_PATH for sysdb
by Sumit Bose
Hi,
the recent changes to our test environment in "Make 'make check' look
nice again" have revealed that older version of libldb does not support
the evaluation of the LDB_MODULES_PATH enviroment variable. These two
patches let sssd itself check LDB_MODULES_PATH while opening sysdb.
While the first patch only refactors the current code the second set the
ldb module path if LDB_MODULES_PATH is set.
bye,
Sumit
13 years, 2 months
Problems configuring sssd for ssl/ldaps no tls
by sssd help
Hello. We are building a kickstart profile so that we can begin using RHEL 6
in our environment. However, we have run into a problem with sssd and ldaps.
It seems that in RHEL 6 nss_ldap has been depreciated and replaced with
sssd. I have been able to configure sssd for regular ldap without problem.
When I attempt to enable ldaps by changing the ldap uri to ldaps://
authentication no longer functions. However, id and getent functionality
remains. Debug level was changed to 10 and here is what I see in the logs
for sssd.
(Thu Feb 10 12:03:04 2011) [sssd[be[default]]] [simple_bind_send] (4):
Executing simple bind as: uid=testuser,ou=people,dc=mydomain,dc=com
(Thu Feb 10 12:03:04 2011) [sssd[be[default]]] [simple_bind_send] (8): ldap
simple bind sent, msgid = 2
(Thu Feb 10 12:03:04 2011) [sssd[be[default]]] [sdap_process_result] (8):
Trace: sh[0x1994860], connected[1], ops[0x1a5dde0], ldap[0x16d2fc0]
(Thu Feb 10 12:03:04 2011) [sssd[be[default]]] [sdap_process_result] (4):
ldap_result gave -1, something bad happend!
(Thu Feb 10 12:03:04 2011) [sssd[be[default]]] [sdap_handle_release] (8):
Trace: sh[0x1994860], connected[1], ops[0x1a5dde0], ldap[0x16d2fc0],
destructor_lock[0], release_memory[0]
(Thu Feb 10 12:03:04 2011) [sssd[be[default]]] [remove_connection_callback]
(9): Successfully removed connection callback.
Unfortunately, "Something bad happend!" isn't quite specific enough to track
down the problem.
Below is other pertinent information for this case.
SSSD version: sssd-1.2.1-28.el6.x86_64
SSSD.conf:
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = default
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
[domain/default]
ldap_tls_reqcert = demand
auth_provider = ldap
cache_credentials = False
ldap_id_use_start_tls = False
debug_level = 20
enumerate = True
ldap_schema = rfc2307
ldap_group_search_base = ou=posixGroups,dc=mydomain,dc=com
ldap_user_search_base = ou=People,dc=mydomain,dc=com
ldap_default_authtok_type = password
ldap_search_base = dc=mydomain,dc=com
chpass_provider = ldap
id_provider = ldap
ldap_default_bind_dn = uid=binduser,ou=Special Users,dc=mydomain,dc=com
ldap_uri = ldaps://ldap.mydomain.com/
ldap_default_authtok = XXXXXXXXXXX
ldap_tls_cacertdir = /etc/ssl/certs
Please let me know if there is other information that you need.
Thank you very much for any help you can provide. Ive been trying to track
down this problem for three days.
Brandon
13 years, 2 months
[PATCH] make names nss neutral
by Simo Sorce
While looking at the previous patch I saw that we were still using the
sss_nss_ prefix for a number of functions that are used by both the pam
and nss responders. Changed the prefix to sss_cli_ so it is more clear
those functions are not nss specific.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
13 years, 2 months
[PATCH] Make 'make check' look nice again
by Sumit Bose
Hi,
while Simo's recent patch fixed the build and the tests this patch adds
a more cosmetic optimization to 'make check' with recent libldb version.
bye,
Sumit
13 years, 2 months
[PATCH] Fix cleanup transaction
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Without setting in_transaction=true, if the sysdb operations threw
an error, we wouldn't cancel the transaction.
Coverity bug 10568
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1UPewACgkQeiVVYja6o6Oo3ACdE2f1KrdVtDbSQ52SzzqS4N+e
D+gAoI+W3dvMaEIV5+RwVUfH+wE15BV9
=RGlZ
-----END PGP SIGNATURE-----
13 years, 2 months
[PATCH] Clear up -Wunused-but-set-variable warnings
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Some new warnings appeared in gcc 4.6.0. This patch fixes them.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1UPagACgkQeiVVYja6o6PecACggO3SfqrReP0XTBLT7bZnWxdH
sGYAn3F4N6GynI9TundwSf4El+YOh6Cz
=PwCL
-----END PGP SIGNATURE-----
13 years, 2 months
[PATCH] Disable cache cleanup in 1.2.x
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There are several problems with how we determine what entries to purge
from the cache during the cleanup task in 1.2.x. Rather than expend the
energy trying to track them down, it makes sense to disable the cleanup
task by default.
The only purpose of the cache cleanup is to keep disk usage down, but
there should be no issue with disabling it. It's possible that there may
be groups with no members hanging around, but this is not harmful.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1SzPwACgkQeiVVYja6o6MFBQCdHKjPc/Zoa3hbA61tsyMs56AX
b5MAoJgn1xqO4x2SthCPpV7LtEraIROT
=/VhA
-----END PGP SIGNATURE-----
13 years, 2 months