sssd-devel February 2011

sssd-devel@lists.fedorahosted.org

11 participants
38 discussions

[PATCHES] Assorted specfile fixes
by Stephen Gallagher 14 Feb '11

14 Feb '11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Patch 0001: Minor specfile changes We should be using BuildRequires: gettext-devel Also, for best compatibility across multiple RPM-based distros, we should be running autoreconf before configure. This is how SSSD is built in RHEL and Fedora, this patch is provided to bring them back into sync. Patch 0002: Detect the proper location for memberof.so Our configure script detects where the system version of libldb stores its modules. This adds a mechanism to ensure that the specfile automatically identifies this location as well (rather than requiring manual edits to the %files section). Our automated build on Fedora rawhide against libldb-1.0.0 was broken without this. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1ZjZQACgkQeiVVYja6o6O+owCggNscnfM4GaBnSbLApGybq9Nh uOEAoKEV8qVOWer+8Lq9c0bLNwan99vs =nRlq -----END PGP SIGNATURE-----

2 3

[PATCH] Verify LDAP file descriptor validity
by Stephen Gallagher 14 Feb '11

14 Feb '11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We weren't verifying that the file descriptor that we get back from openldap was valid. This patch checks that the file descriptor is >= 0 before returning it. There's another (arguable) bug here in libtevent. Libtevent should probably not return success for tevent_add_fd() when fd < 0 (especially since it crashes). I'll open a bug upstream. Fixes https://fedorahosted.org/sssd/ticket/797 and https://bugzilla.redhat.com/show_bug.cgi?id=676027 - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1ZRxsACgkQeiVVYja6o6N9HQCcCas4ORYpjW9PiHAvSn0Avba/ 5dYAoJOPVfWzVGB7KoZTq9uPNrEXBi7d =kWO0 -----END PGP SIGNATURE-----

2 2

[PATCH] Check LDB_MODULES_PATH for sysdb
by Sumit Bose 14 Feb '11

14 Feb '11

Hi, the recent changes to our test environment in "Make 'make check' look nice again" have revealed that older version of libldb does not support the evaluation of the LDB_MODULES_PATH enviroment variable. These two patches let sssd itself check LDB_MODULES_PATH while opening sysdb. While the first patch only refactors the current code the second set the ldb module path if LDB_MODULES_PATH is set. bye, Sumit

2 1

Problems configuring sssd for ssl/ldaps no tls
by sssd help 11 Feb '11

11 Feb '11

Hello. We are building a kickstart profile so that we can begin using RHEL 6 in our environment. However, we have run into a problem with sssd and ldaps. It seems that in RHEL 6 nss_ldap has been depreciated and replaced with sssd. I have been able to configure sssd for regular ldap without problem. When I attempt to enable ldaps by changing the ldap uri to ldaps:// authentication no longer functions. However, id and getent functionality remains. Debug level was changed to 10 and here is what I see in the logs for sssd. (Thu Feb 10 12:03:04 2011) [sssd[be[default]]] [simple_bind_send] (4): Executing simple bind as: uid=testuser,ou=people,dc=mydomain,dc=com (Thu Feb 10 12:03:04 2011) [sssd[be[default]]] [simple_bind_send] (8): ldap simple bind sent, msgid = 2 (Thu Feb 10 12:03:04 2011) [sssd[be[default]]] [sdap_process_result] (8): Trace: sh[0x1994860], connected[1], ops[0x1a5dde0], ldap[0x16d2fc0] (Thu Feb 10 12:03:04 2011) [sssd[be[default]]] [sdap_process_result] (4): ldap_result gave -1, something bad happend! (Thu Feb 10 12:03:04 2011) [sssd[be[default]]] [sdap_handle_release] (8): Trace: sh[0x1994860], connected[1], ops[0x1a5dde0], ldap[0x16d2fc0], destructor_lock[0], release_memory[0] (Thu Feb 10 12:03:04 2011) [sssd[be[default]]] [remove_connection_callback] (9): Successfully removed connection callback. Unfortunately, "Something bad happend!" isn't quite specific enough to track down the problem. Below is other pertinent information for this case. SSSD version: sssd-1.2.1-28.el6.x86_64 SSSD.conf: [sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam domains = default [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 [domain/default] ldap_tls_reqcert = demand auth_provider = ldap cache_credentials = False ldap_id_use_start_tls = False debug_level = 20 enumerate = True ldap_schema = rfc2307 ldap_group_search_base = ou=posixGroups,dc=mydomain,dc=com ldap_user_search_base = ou=People,dc=mydomain,dc=com ldap_default_authtok_type = password ldap_search_base = dc=mydomain,dc=com chpass_provider = ldap id_provider = ldap ldap_default_bind_dn = uid=binduser,ou=Special Users,dc=mydomain,dc=com ldap_uri = ldaps://ldap.mydomain.com/ ldap_default_authtok = XXXXXXXXXXX ldap_tls_cacertdir = /etc/ssl/certs Please let me know if there is other information that you need. Thank you very much for any help you can provide. Ive been trying to track down this problem for three days. Brandon

4 19

[PATCH] make names nss neutral
by Simo Sorce 11 Feb '11

11 Feb '11

While looking at the previous patch I saw that we were still using the sss_nss_ prefix for a number of functions that are used by both the pam and nss responders. Changed the prefix to sss_cli_ so it is more clear those functions are not nss specific. Simo. -- Simo Sorce * Red Hat, Inc * New York

3 10

[PATCH] Fix memberof module with newer library versions
by Simo Sorce 11 Feb '11

11 Feb '11

At some point the libldb library changed how modules are loaded. This patch makes the memberof module work with the new registration methods. Simo. -- Simo Sorce * Red Hat, Inc * New York

3 6

[PATCH] Make 'make check' look nice again
by Sumit Bose 11 Feb '11

11 Feb '11

Hi, while Simo's recent patch fixed the build and the tests this patch adds a more cosmetic optimization to 'make check' with recent libldb version. bye, Sumit

2 2

[PATCH] Fix cleanup transaction
by Stephen Gallagher 11 Feb '11

11 Feb '11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Without setting in_transaction=true, if the sysdb operations threw an error, we wouldn't cancel the transaction. Coverity bug 10568 - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1UPewACgkQeiVVYja6o6Oo3ACdE2f1KrdVtDbSQ52SzzqS4N+e D+gAoI+W3dvMaEIV5+RwVUfH+wE15BV9 =RGlZ -----END PGP SIGNATURE-----

2 2

[PATCH] Clear up -Wunused-but-set-variable warnings
by Stephen Gallagher 11 Feb '11

11 Feb '11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Some new warnings appeared in gcc 4.6.0. This patch fixes them. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1UPagACgkQeiVVYja6o6PecACggO3SfqrReP0XTBLT7bZnWxdH sGYAn3F4N6GynI9TundwSf4El+YOh6Cz =PwCL -----END PGP SIGNATURE-----

2 2

[PATCH] Disable cache cleanup in 1.2.x
by Stephen Gallagher 11 Feb '11

11 Feb '11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There are several problems with how we determine what entries to purge from the cache during the cleanup task in 1.2.x. Rather than expend the energy trying to track them down, it makes sense to disable the cleanup task by default. The only purpose of the cache cleanup is to keep disk usage down, but there should be no issue with disabling it. It's possible that there may be groups with no members hanging around, but this is not harmful. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1SzPwACgkQeiVVYja6o6MFBQCdHKjPc/Zoa3hbA61tsyMs56AX b5MAoJgn1xqO4x2SthCPpV7LtEraIROT =/VhA -----END PGP SIGNATURE-----

2 4

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel February 2011