sssd-devel March 2012

sssd-devel@lists.fedorahosted.org

21 participants
80 discussions

Start a nNew thread

[PATCH] AUTOFS: fix copy-and-paste bug in the autofs client
by Jakub Hrozek 26 Mar '12

26 Mar '12

I found this while working on the Coverity bug. This bug could potentially cause a segfault.

3 2

[PATCH] LDAP: Fix memory leaks in synchronous_tls_setup
by Stephen Gallagher 26 Mar '12

26 Mar '12

We were never freeing "result" if it was allocated by ldap_result(). We were also not freeing "errmsg" if it was allocated but ldap_parse_result() returned an error. Also disambiguate error messages from ldap_parse_result() and error messages from sss_ldap_get_diagnostic_msg() since they use differing memory-management functions.

2 2

[PATCH] Add idmap library
by Sumit Bose 26 Mar '12

26 Mar '12

Hi, this patch adds a library to map a Windows SID to a Unix uid or gid. My current plan is to used it for AD trusts on the client and the server side, this is why the interface allows different kind of memory allocators. bye, Sumit

3 10

Problem in sssd and libsss_autofs
by Marco Pizzoli 26 Mar '12

26 Mar '12

Hi guys, I would like to report this packaging(?) problem. As you can see in the following output, there's not a dependency between the rpm libsss_autofs and sssd. I hope to be of help. Marco [root@myhostname ~]# rpm -qa|grep sss libsss_sudo-1.8.0-6.fc16.x86_64 sssd-1.8.0-6.fc16.x86_64 libsss_autofs-1.8.0-6.fc16.x86_64 sssd-client-1.8.0-6.fc16.x86_64 [root@ myhostname ~]# yum update sssd Loaded plugins: langpacks, presto, refresh-packagekit updates/metalink | 24 kB 00:00 updates | 4.5 kB 00:00 updates/primary_db | 5.6 MB 00:11 updates/group_gz | 431 kB 00:00 updates-testing/metalink | 20 kB 00:00 updates-testing | 4.5 kB 00:00 updates-testing/primary_db | 1.1 MB 00:01 updates-testing/group_gz | 431 kB 00:02 Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package sssd.x86_64 0:1.8.0-6.fc16 will be updated ---> Package sssd.x86_64 0:1.8.1-8.fc16 will be an update --> Processing Dependency: sssd-client(x86-64) = 1.8.1-8.fc16 for package: sssd-1.8.1-8.fc16.x86_64 --> Processing Dependency: libipa_hbac(x86-64) = 1.8.1-8.fc16 for package: sssd-1.8.1-8.fc16.x86_64 --> Running transaction check ---> Package libipa_hbac.x86_64 0:1.8.0-6.fc16 will be updated --> Processing Dependency: libipa_hbac = 1.8.0-6.fc16 for package: libipa_hbac-python-1.8.0-6.fc16.x86_64 ---> Package libipa_hbac.x86_64 0:1.8.1-8.fc16 will be an update ---> Package sssd-client.x86_64 0:1.8.0-6.fc16 will be updated ---> Package sssd-client.x86_64 0:1.8.1-8.fc16 will be an update --> Running transaction check ---> Package libipa_hbac-python.x86_64 0:1.8.0-6.fc16 will be updated ---> Package libipa_hbac-python.x86_64 0:1.8.1-8.fc16 will be an update --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================== Package Arch Version Repository Size ============================================================================================================================================== Updating: sssd x86_64 1.8.1-8.fc16 updates-testing 1.8 M Updating for dependencies: libipa_hbac x86_64 1.8.1-8.fc16 updates-testing 45 k libipa_hbac-python x86_64 1.8.1-8.fc16 updates-testing 40 k sssd-client x86_64 1.8.1-8.fc16 updates-testing 75 k Transaction Summary ============================================================================================================================================== Upgrade 4 Packages Total download size: 1.9 M Is this ok [y/N]: y Downloading Packages: Setting up and reading Presto delta metadata updates-testing/prestodelta | 176 kB 00:01 Processing delta metadata Package(s) data still to download: 1.9 M (1/4): libipa_hbac-1.8.1-8.fc16.x86_64.rpm | 45 kB 00:00 (2/4): libipa_hbac-python-1.8.1-8.fc16.x86_64.rpm | 40 kB 00:00 (3/4): sssd-1.8.1-8.fc16.x86_64.rpm | 1.8 MB 00:06 (4/4): sssd-client-1.8.1-8.fc16.x86_64.rpm | 75 kB 00:00 ---------------------------------------------------------------------------------------------------------------------------------------------- Total 180 kB/s | 1.9 MB 00:11 Running Transaction Check Running Transaction Test *Transaction Check Error:* * file /usr/lib64/sssd/modules/libsss_autofs.so from install of sssd-1.8.1-8.fc16.x86_64 conflicts with file from package libsss_autofs-1.8.0-6.fc16.x86_64* Error Summary ------------- [root@ myhostname ~]# yum update sssd libsss_autofs Loaded plugins: langpacks, presto, refresh-packagekit Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package libsss_autofs.x86_64 0:1.8.0-6.fc16 will be updated ---> Package libsss_autofs.x86_64 0:1.8.1-8.fc16 will be an update ---> Package sssd.x86_64 0:1.8.0-6.fc16 will be updated ---> Package sssd.x86_64 0:1.8.1-8.fc16 will be an update --> Processing Dependency: sssd-client(x86-64) = 1.8.1-8.fc16 for package: sssd-1.8.1-8.fc16.x86_64 --> Processing Dependency: libipa_hbac(x86-64) = 1.8.1-8.fc16 for package: sssd-1.8.1-8.fc16.x86_64 --> Running transaction check ---> Package libipa_hbac.x86_64 0:1.8.0-6.fc16 will be updated --> Processing Dependency: libipa_hbac = 1.8.0-6.fc16 for package: libipa_hbac-python-1.8.0-6.fc16.x86_64 ---> Package libipa_hbac.x86_64 0:1.8.1-8.fc16 will be an update ---> Package sssd-client.x86_64 0:1.8.0-6.fc16 will be updated ---> Package sssd-client.x86_64 0:1.8.1-8.fc16 will be an update --> Running transaction check ---> Package libipa_hbac-python.x86_64 0:1.8.0-6.fc16 will be updated ---> Package libipa_hbac-python.x86_64 0:1.8.1-8.fc16 will be an update --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================== Package Arch Version Repository Size ============================================================================================================================================== Updating: libsss_autofs x86_64 1.8.1-8.fc16 updates-testing 48 k sssd x86_64 1.8.1-8.fc16 updates-testing 1.8 M Updating for dependencies: libipa_hbac x86_64 1.8.1-8.fc16 updates-testing 45 k libipa_hbac-python x86_64 1.8.1-8.fc16 updates-testing 40 k sssd-client x86_64 1.8.1-8.fc16 updates-testing 75 k Transaction Summary ============================================================================================================================================== Upgrade 5 Packages Total size: 2.0 M Total download size: 48 k Is this ok [y/N]: y Downloading Packages: Setting up and reading Presto delta metadata libsss_autofs-1.8.1-8.fc16.x86_64.rpm | 48 kB 00:00 Running Transaction Check Running Transaction Test Transaction Test Succeeded Running Transaction Updating : libipa_hbac-1.8.1-8.fc16.x86_64 1/10 Updating : sssd-client-1.8.1-8.fc16.x86_64 2/10 Updating : sssd-1.8.1-8.fc16.x86_64 3/10 Updating : libipa_hbac-python-1.8.1-8.fc16.x86_64 4/10 Updating : libsss_autofs-1.8.1-8.fc16.x86_64 5/10 Cleanup : sssd-1.8.0-6.fc16.x86_64 6/10 Cleanup : libipa_hbac-python-1.8.0-6.fc16.x86_64 7/10 Cleanup : libipa_hbac-1.8.0-6.fc16.x86_64 8/10 Cleanup : sssd-client-1.8.0-6.fc16.x86_64 9/10 Cleanup : libsss_autofs-1.8.0-6.fc16.x86_64 10/10 Updated: libsss_autofs.x86_64 0:1.8.1-8.fc16 sssd.x86_64 0:1.8.1-8.fc16 Dependency Updated: libipa_hbac.x86_64 0:1.8.1-8.fc16 libipa_hbac-python.x86_64 0:1.8.1-8.fc16 sssd-client.x86_64 0:1.8.1-8.fc16 Complete!

2 2

Active Directory integration issues
by Rolf Loudon 22 Mar '12

22 Mar '12

Hello I've installed sssd 1.5 on an ubuntu 11.10 server. I've followed the howto at https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate%2… I wish to use SASL as the authentication to the AD KDC. I add the computer account to the domain and test it as described with kinit -k -t /etc/krb5.keytab host/myhostname.domain.name(a)REALM.NAME then ldapsearch -h ad.kdc -b "dc=domainpart1,dc=domainpart2,dc=domainpart3" -Y GSSAPI cn=someuser and that all works fine. When I use this setup within sssd there are a two main issues. Firstly the logs tell me that the principal is not found in the KDC database. But when I inspect it using ADSI Edit I see the SPN and UPN values that I expect to see and that match the principal it says it cannot find. Likewise these principals can be seen from klist -kte /etc/krb5/keytab (though it doesn't complain about not finding anything in the key tab) I can get round that issue temporarily by specifying the principal name using ldap_sasl_authid. I'd still like to know what is wrong in that instance. Secondly the ldap_search_base strangely affects the authentication and the user lookup. I don't know if the searching is subtree or not. I can't see a parameter to make this explicit. If I set ldap_search_base (or ldap_user_search_base) to dc=domainpart1,dc=domainpart2,dc=domainpart3 then I get errors about ldap_sasl_interactive_bind_s failing. however if I set the ldap_search_base to cn=users,dc=domainpart1,dc=domainpart2,dc=domainpart3 then those errors go away and the lookup is done. The problem is that the users do not live in cn=users,dc=domainpart1,dc=domainpart2,dc=domainpart3 they are in an OU elsewhere. They can be found via a subtree search (as per the ldapsearch example above) if the search base is set to higher up the tree at just the domain components specification. But if I set the search base that way, then the sasl bind fails. Using both ldap_search_base and ldap_user_search_base makes no difference. Is there are way to separately define where the ldap_sasl_bind looks (unless I misunderstand it needs to look for the computer account, which is in cn=computers,dc=... which is also not within cn=users,dc=... so its still confusing me) so that the search base can be set so the user lookup will work. I can successfully lookup the user if I use a simple bind with ldap_default_bind_dn and ldap_default_authtok rather than sasl. And can show that the ldap_search_base affects this lookup in the above way. Really appreciate any pointers to these two problems. many thanks r.

3 8

socket.docx (sssd-devel@lists.fedorahosted.org)
by arun scaria (Google Docs) 22 Mar '12

22 Mar '12

I've shared an item with you: socket.docx https://docs.google.com/document/d/1x-vu_9ycbvVkY7Z3b9mkA5z_SY2jtxbDgGbBQ11… It's not an attachment -- it's stored online at Google Docs. To open this document, just click the link above.

1 0

[PATCH] Save alias of the service primary name, too
by Jakub Hrozek 21 Mar '12

21 Mar '12

After the recent changes to sysdb_attrs_get_aliases() we stopped saving the lowercased alias of the primary name. Services are a different beast than the rest of the entries, because with everything else the nss responder only uses the alias to match the entry. With services, we also need to print the aliases. The attached patch changes the behaviour so that all aliases are saved lowercased in an insensitive domain, including the primary name, but when returning the service, the alias that matches the primary name is filtered out. Because all aliases are lowercased now, I also removed the sss_get_cased_name() call, it is no longer needed.

3 2

PATCH] NSS: Look for services with correct case when cache is updated
by Jakub Hrozek 21 Mar '12

21 Mar '12

https://fedorahosted.org/sssd/ticket/1259

3 4

[PATCH] LDAP: Add better error logging when ldap_result() fails
by Stephen Gallagher 21 Mar '12

21 Mar '12

This should help us diagnose issues with ldap_result() returning -1. The only catch is that it relies on the openldap libraries setting the error code properly, which they do not always do.* * As part of my tests, I reverted the openldap libraries to the 2.4.29 release that was broken with SSSD, causing ldap_result to return -1 all the time. The LDAP_OPT_RESULT_CODE in that case was LDAP_SUCCESS.

2 2

[PATCH] Start SSSD earlier and stop it later (SYSV)
by Stephen Gallagher 21 Mar '12

21 Mar '12

SSSD needs to be started before NFS-related processes or they will mount with the username 'nobody' if they would have otherwise used LDAP accounts. Fixes https://fedorahosted.org/sssd/ticket/1273

2 3

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel March 2012