[PATCH] build: add missing Requires to pkgconfig file
by Jan Engelhardt
ini_comment.h uses simplebuffer.h, therefore must Require
basicobjects which provides that. Similarly, ini_valueobj.h uses
ref_array.h and must therefore Require ref_array.
---
ini/ini_config.pc.in | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ini/ini_config.pc.in b/ini/ini_config.pc.in
index 600d39a..66af169 100644
--- a/ini/ini_config.pc.in
+++ b/ini/ini_config.pc.in
@@ -6,6 +6,7 @@ includedir=@includedir@
Name: ini_config
Description: Library to process config files in INI format into a libcollection data structure
Version: @INI_CONFIG_VERSION@
-Libs: -L${libdir} -lini_config -lcollection
+Requires: basicobjects ref_array collection
+Libs: -L${libdir} -lini_config
Cflags: -I${includedir}
URL: http://fedorahosted.org/sssd/
--
1.8.4
10 years, 3 months
[Patch] Typo fixed in negcache.c module
by Pallavi Jha
Hi,
The typo "int sss_ncache_reset_permanent(struct sss_nc_ctx *ctx)" is
corrected to "int sss_ncache_reset_permanent(struct sss_nc_ctx *ctx)".
Please review the attached patch.
Thanks!
10 years, 3 months
[PATCHES] Heimdal Support
by Benjamin Franzke
Hi list,
I've tried to use sssd with heimdal, there were some fixes to be done.
Are you intrested in reviewing and integrating them?
They are available at: https://git.bnfr.net/sssd/log/?h=heimdal-1
Note: They are on top of other build fixes i've send to the list (but thats
visible in the log).
This compiles without warnings and passes all make tests.
Actually i've added alternatives for deprecated (in terms of heimdal)
kerberos functions to avoid warnings there.
I've tested this in a samba 4 environment (with the sssd-ad module).
Regards, Ben
10 years, 3 months
Announcing SSSD 1.11.3
by Jakub Hrozek
=== SSSD 1.11.3 ===
The SSSD team is proud to announce the release of version 1.11.3 of
the System Security Services Daemon.
As always, the source is available from https://fedorahosted.org/sssd
RPM packages will be made available for Fedora 19, 20 and rawhide shortly.
== Feedback ==
Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
== Highlights ==
* This release mostly focuses on bug fixes, especially in the AD provider
* The AD provider is able to resolve group memberships for groups with
Global and Universal scope
* The initgroups (get groups for user) operation for users from trusted
AD domains was made more reliable by reading the required tokenGroups
attribute from LDAP instead of Global Catalog
* A new option ad_enable_gc was added to the AD provider. This option
allows the administrator to force SSSD to talk to LDAP port only and never
try the Global Catalog
* The AD provider is now able to leverage the tokenGroups attribute even
when POSIX attributes are used, providing better performance during logins.
* A memory leak in the NSS responder that affected long-lived clients that
requested netgroup data was fixed
== Documentation Changes ==
* A new option ldap_group_type was added to LDAP, IPA and AD providers
* A new option ad_enable_gc was added to the AD provider
== Tickets Fixed ==
https://fedorahosted.org/sssd/ticket/1568
[RFE] AD Provider should use tokenGroups with non-ID-mapping
https://fedorahosted.org/sssd/ticket/2077
[RFE] If originalDN is not available during LDAP auth, the SSSD should look it up
https://fedorahosted.org/sssd/ticket/2132
Improve detection of the right domain when processing group with members from several domains
https://fedorahosted.org/sssd/ticket/2133
sss_idmap: add API to free objects allocated by the library
https://fedorahosted.org/sssd/ticket/2137
SSSD fails to fetch netgroup information with setnetgrent failed error
https://fedorahosted.org/sssd/ticket/2138
Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"
https://fedorahosted.org/sssd/ticket/2145
Push patch to bump version-info of libsss_idmap
https://fedorahosted.org/sssd/ticket/2146
sssd can't retrieve auto.master when using the "default_domain_suffix" option in
https://fedorahosted.org/sssd/ticket/2147
sssd_be crashes on manually adding a cleartext password to ldap_default_authtok
https://fedorahosted.org/sssd/ticket/2148
Individual group search returned multiple results in GC lookups
https://fedorahosted.org/sssd/ticket/2154
Incorrect mention of access_filter in sssd-ad manpage
https://fedorahosted.org/sssd/ticket/2156
Non descriptive error message when sssd.conf is missing completely
https://fedorahosted.org/sssd/ticket/2157
sssd_be segfaults if empty grop is resolved using ad_matching_rule
https://fedorahosted.org/sssd/ticket/2161
tokenGroups do not work reliable with Global Catalog
https://fedorahosted.org/sssd/ticket/2165
Update Gentoo init script
https://fedorahosted.org/sssd/ticket/2168
If SSSD starts offline, subdomains list is never read.
https://fedorahosted.org/sssd/ticket/2170
sssd_nss grows memory footprint when netgroups are requested
https://fedorahosted.org/sssd/ticket/2173
sssd_be crashes occasionally
https://fedorahosted.org/sssd/ticket/2178
AD groups with domain-local scope should be filtered out for trusted domains
== Detailed Changelog ==
Aron Parsons (1):
* do not use default_domain_suffix with autofs
Jakub Hrozek (14):
* Updating the version for the 1.11.3 release
* Initialize sid_str to NULL to avoid freeing random data
* LDAP: Split out a request to search for a user w/o saving
* LDAP: Search for original DN during auth if it's missing
* AD: Fix a typo in the man page
* LDAP: Initialize user count for AD matching rule
* SUBDOMAINS: Reuse cached results if DP is offline
* AD: Refresh subdomain data structures on startup
* IPA: Refresh subdomain data structures on startup
* IPA: Call ipa_ad_subdom_refresh when server mode is initialized
* AD: Add a utility function to create list of connections
* AD: Add a new option to turn off GC lookups
* AD: Enable fallback to LDAP of trusted domain
* Updating translations for the 1.11.3 release
Jan Engelhardt (1):
* build: fix ordering of linker flags
Lukas Slebodnik (7):
* NSS: Set packet length for initgroups
* LDAP: Prevent from using uninitialized sdap_options
* SYSDB: Skip malformed netgroup attribute.
* SYSDB: Sanitize filter before sysdb_search_groups
* SYSDB: Sanitize filter before removing ghost attrs
* NSS: Fix memory leak in sss_setnetgrent
* AUTOTOOLS: krb5 1.12 is also supported krb5 libs
Markos Chandras (2):
* sysv/gentoo: Use xdm if possible
* sysv/gentoo: Send debug output to a file instead of stderr
Pavel Březina (11):
* idmap: add API to free allocated SIDs
* free idmapped SIDs correctly
* free idmapped dom SIDs correctly
* free idmapped smb SIDs correctly
* free idmapped binary SIDs correctly
* pac: fix double free
* pac: fix potential memory leaks
* failover: check dns_domain if primary servers lookup failed
* ad: refactor tokengroups initgroups
* ad: use tokengroups even when id mapping is disabled
* Bump sss_idmap version to 3:0:3
Pavel Reichl (3):
* monitor: Specific error message for missing sssd.conf
* SSSD: Improved domain detection
* SSSD: Unit test - sss_ldap_dn_in_search_bases
Sumit Bose (10):
* AD: use LDAP for group lookups
* sss_cache: initialize names member of sss_domain_info
* sss_cache: fix case-sensitivity issue
* Add sysdb_attrs_add_lc_name_alias
* Use sysdb_attrs_add_lc_name_alias to add case-insensitive alias
* Use lower-case name for case-insensitive searches
* Add new option ldap_group_type
* Add sysdb_attrs_get_int32_t
* AD: filter domain local groups for trusted/sub domains
* AD: cross-domain membership fix
10 years, 4 months
German po4a translation
by Chris Leick
Hi,
please find attached the german po4a translation of sssd.
While translating, I've found some bugs in the english text. They are
marked in the po file with »FIXME«.
Kind regards,
Chris
10 years, 4 months
[PATCH] Add an option to disable GC lookups
by Jakub Hrozek
Hi,
we're debating what is the right approach to GC lookups by default, but
for the 1.11.3 release, we should offer an option to fall back from GC
to LDAP. The attached patches do that.
[PATCH 1/3] AD: Add a utility function to create list of connections
ad_id.c and ad_access.c used the same block of code. With the upcoming
option to disable GC lookups, we should unify the code in a function to
avoid breaking one of the code paths.
Defaulting to GC for access provider is safe, as you can see in
ad_access.c we retry on any denial against the GC to make sure we don't
miss an attribute from LDAP.
[PATCH 2/3] AD: Add a new option to turn off GC lookups
Adds the option.
[PATCH 3/3] AD: Enable fallback to LDAP of trusted domain
Since we have the LDAP port of a trusted AD GC always available now, we
can always perform a fallback.
I'm fine with leaving the patch out of 1.11.3 if the other developers
think we should stricly limit ourselves to what we've agreed on.
10 years, 4 months
[PATCHES] Fixes for sss_cache
by Sumit Bose
Hi,
Steeve found some issues when testing sss_cache with sub-domain users.
This was originally fixed in https://fedorahosted.org/sssd/ticket/1741
but I guess recent changes have broken it again.
I have tested the patches with users and groups. It would be nice is
someone with a suitable environment can test them for the other object
types as well.
bye,
Sumit
10 years, 4 months
