Re: [SSSD] git push failes for me
by Jeff Schroeder
for real this time
2011/2/8 Jeff Schroeder <jeffschroeder(a)computer.org>:
> looping in sssd-devel.
>
> Reference bug: https://bugzilla.redhat.com/show_bug.cgi?id=675007
>
> Милош, what is your username in git? I'm pretty sure I can manually
> clear your entry with ldbedit for now.
>
> 2011/2/8 Olav Vitters <olav(a)vitters.nl>:
>> On Tue, Feb 08, 2011 at 10:15:51PM +0100, Милош Поповић wrote:
>>> I am coordinator of Serbian translation, but for the last days I can not
>>> send any files to Git. Here is the error message:
>>
>> We (gnome sysadmins) made a change to the infrastructure (switched to
>> sssd). This remembers which permissions you have within GNOME (meaning:
>> git account). Unfortunately there is a bug in that where it sometimes
>> corrupts its cache. As a result, it doesn't remember that you're allowed
>> to commit to git :-(
>>
>> CC'ing gnome-infrastructure for latest update
>>
>> Quoting full for gnome-infrastructure:
>>
>>> milos@PotrChkO ~/.prevodi/gbrainy/po $ git push
>>> Counting objects: 13, done.
>>> Delta compression using up to 2 threads.
>>> Compressing objects: 100% (8/8), done.
>>> Writing objects: 100% (8/8), 1.10 KiB, done.
>>> Total 8 (delta 6), reused 0 (delta 0)
>>> error: insufficient permission for adding an object to repository
>>> database ./objects
>>>
>>> fatal: failed to write object
>>> error: unpack failed: unpack-objects abnormal exit
>>> To ssh://mpopovic@git.gnome.org/git/gbrainy
>>> ! [remote rejected] master -> master (n/a (unpacker error))
>>> error: failed to push some refs to
>>> 'ssh://mpopovic@git.gnome.org/git/gbrainy'
>>
>> --
>> Regards,
>> Olav
>> _______________________________________________
>> gnome-infrastructure mailing list
>> gnome-infrastructure(a)gnome.org
>> http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
>
>
>
> --
> Jeff Schroeder
>
> Don't drink and derive, alcohol and analysis don't mix.
> http://www.digitalprognosis.com
>
--
Jeff Schroeder
Don't drink and derive, alcohol and analysis don't mix.
http://www.digitalprognosis.com
13 years, 2 months
[PATCH] Be extra careful when closing our nss sockets
by Simo Sorce
This patch address bz670511/trac790
Makes sure there is less chance a broken application, on fork, closes
the socket under our feet and reuses the same fd for other purposes, and
then complains if we close with the socket.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
13 years, 2 months
[PATCH] Only print "no matching service rule" when appropriate
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We were printing "no matching service rule" on all successful requests.
This is obviously wrong.
Thanks, Gowrishankar for catching this.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1MTS0ACgkQeiVVYja6o6MWLgCggvbGEtXO+SG5JOd4v2JT9n6I
AZUAn3q1+2nGJcU0PalX6fM75QUV3TmN
=sa1O
-----END PGP SIGNATURE-----
13 years, 2 months
[PATCHES] Performance improvements for the LDAP cleanup task
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Patch 0001: I discovered that the cleanup task was not contained in a
transaction, so if there were multiple expired entries, it would take a
long time (and perform many disc writes) to remove them.
Patch 0002: While investigating the above, I also realized that the
dataExpireTimestamp attribute (which we use as the primary search
expression for expired entries) wasn't listed as an indexed attribute.
This means that searches over a large sysdb database (e.g. one with
enumerate = true) was significantly slower than it should be. This patch
adds dataExpireTimestamp as an indexed attribute.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1CuooACgkQeiVVYja6o6O3IgCfaJyKVwabr7mYZjt5tHH+bx/i
zroAoKptTdlTpYtQu4EZYUjWsQcn4ay9
=LRic
-----END PGP SIGNATURE-----
13 years, 2 months
[PATCHES] sss_obfuscate fixes
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Patch 0001: Make the domain argument mandatory in sss_obfuscate
It doesn't make sense to set a "default" domain. We should require
that the domain always be specified.
Patch 0002: Gracefully handle permission errors in sss_obfuscate
Don't show a traceback if not run as root.
Replaces patch from "Fixing traceback call messages for sss_obfuscate
command"
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1IeKMACgkQeiVVYja6o6NGLwCfXQnzdZcNYvonvRVG0kd7zx+X
+2oAoKyjeNQs/xmy94PXVb1ZIzqAz+Hh
=QCB3
-----END PGP SIGNATURE-----
13 years, 2 months
Config problem or bug(?) with sssd and Windows AD 2008
by Patrick Grieshaber
Hello folks,
first let me say that the sssd project is great and I am lucky that this
project is available for CentOS/Redhat through the EPEL repo :-).
I've installed version sssd-1.2.1-27.el5.x86_64 and I want to be able to
fetch user infos plus enable login through AD 2008 - but I fail..
sssd.conf:
[domain/example.com]
enumerate = false
id_provider = ldap
chpass_provider = krb5
ldap_uri = ldap://dc1.example.com, ldap://dc2.example.com
ldap_search_base = dc=example,dc=com
tls_reqcert = demand
ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
ldap_tls_cacertdir = /etc/pki/tls/certs
ldap_default_bind_dn = CN=serviceuser,DC=example,DC=com
ldap_default_authtok_type = password
ldap_default_authtok = serviceuserpassword
ldap_user_name = sAMAccountName
ldap_search_base = OU=IT,DC=example,DC=com
ldap_pwd_policy = none
ldap_user_object_class = person
ldap_schema = rfc2307bis
ldap_user_principal = userPrincipalName
ldap_user_uid_number = sAMAccountName
ldap_user_gid_number = sAMAccountName
ldap_user_uuid = sAMAccountName
ldap_user_fullname = displayName
# kerberos config
auth_provider = krb5
krb5_kdcip = dc1.example.com
krb5_realm = EXAMPLE.COM
krb5_changepw_principle = kadmin/changepw
krb5_ccachedir = /tmp
krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX
krb5_auth_timeout = 15
For debugging reasons I run: sssd -d9
Here the output if I attempt: su - myuser(a)example.com
...snip...
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_get_generic_send]
(6): calling ldap_search_ext with
[(&(sAMAccountName=myuser)(objectclass=person))][OU=IT,DC=example,DC=com].
...snip...
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_process_result]
(8): Trace: sh[0x8f876c0], connected[1], ops[0x8f87500], ldap[0x8f876f0]
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_process_result]
(8): Trace: ldap_result found nothing!
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_process_result]
(8): Trace: sh[0x8f876c0], connected[1], ops[0x8f87500], ldap[0x8f876f0]
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_parse_entry] (9):
OriginalDN: [CN=my,OU=IT,DC=example,DC=com].
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_process_result]
(8): Trace: sh[0x8f876c0], connected[1], ops[0x8f87500], ldap[0x8f876f0]
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_get_generic_done]
(6): Search result: Success(0),
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_get_users_process]
(6): Search for users, returned 1 results.
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_process_result]
(8): Trace: sh[0x8f876c0], connected[1], ops[(nil)], ldap[0x8f876f0]
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_process_result]
(8): Trace: ldap_result found nothing!
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [ldb] (9): start ldb
transaction (nesting: 0)
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_save_user_send]
(9): Save user
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_save_user_send]
(1): no uid provided for [myuser] in domain [example.com].
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_save_users_process]
(2): Failed to store user 0. Ignoring.
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [ldb] (9): commit ldb
transaction (nesting: 0)
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [sdap_get_users_done]
(9): Saving 1 Users - Done
(Tue Oct 5 09:16:45 2010) [sssd[be[example.com]]] [acctinfo_callback] (4):
Request processed. Returned 0,0,Success
And su outputs: su: user myuser(a)example.com does not exist
What is wrong? I do the mapping of a uid/gid... any help is appreciated!
Thank you,
pat
--
Patrick Grieshaber
Mobile: +41 (0)79 215 63 79
Xing: xing.com/profile/Patrick_Grieshaber
Skype: patrickgrieshaber
GPG Key Fingerprint
0252 0C05 410E C345
1AC7 7530 98ED B18E
62CB CF04
13 years, 2 months
[PATCH]Sanitize search filters for nested group lookups
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Marcus discovered while doing some AD testing that we were throwing
errors dealing with nested groups where the group name has parentheses
in it. It turned out that I missed two places where we needed to
sanitize search filters.
Attached patch fixes https://fedorahosted.org/sssd/ticket/785
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1G+bMACgkQeiVVYja6o6NYOgCdFpDIFZuDM9SHYL5bVPZwGMrJ
kDEAn1H0wp1pAV7CW+mqup4hDOgAFPZp
=CsJY
-----END PGP SIGNATURE-----
13 years, 2 months