[PATCH] Always update cached upn if enterprise principals are used
by Sumit Bose
Hi,
this patch should fix https://fedorahosted.org/sssd/ticket/1921 . IF
enterprise principals are used the principal returned duing the kinit
process will most certainly look different then the one we guess or read
from LDAP attributes. This means we should always update our cache with
the new value so the e.g. we can properly parse the credential cache.
Initially I have seen validation failures, but currently I cannot
reproduce them anymore.
bye,
Sumit
10 years, 11 months
[PATCH] Fix segfault in DYNDNS
by Ondrej Kos
Hi,
While I was testing the patches for AD range retrieval disable otpion,
the SSSD started segfaulting in my test environment. The cause was
missing variable in DEBUG macro call.
Attached patch fixes this issue.
Ondra
--
Ondrej Kos
Associate Software Engineer
Identity Management
Red Hat Czech
10 years, 11 months
[PATCH] Fixes compilation without selinux.
by Lukas Slebodnik
ehlo,
Compilation fail if ./configure is called with arguments
--with-selinux --with-semanage and selinux header files are not
installed. We didn't not catch this in fedora, because krb5-devel depends on
libselinux-devel, but other distribution can package it differently.
And API from selinux.h is not used in file ipa_selinux.c
LS
10 years, 11 months
the full_name_format default value
by Jakub Hrozek
Hi Stef and the list,
I was about to close SSSD upstream ticket #1917 but I wanted to check if
we're all on the same page. Sorry for copying the whole devel list, but
I know there's already been quite some discussions about how to handle
the fully qualified names properly.
Turns out that the fqname format actually is user@domain already, but for
AD domains, the realmd sets it to "domain\user", in particular, sets the
"full_name_format" param to "%2$s\%1$s". I think the whole confusion came
from the fact that the re_expression default in SSSD that parses the
input is different in AD/IPA and the other providers, while the output
full_name_format is currently always the same, so the realmd sets it on
its own.
With the recent fixes for discovering the NeBIOS name dynamically (#1468)
and allowing the NetBIOS name in the fq format (#1648), I believe the right
thing now would for realmd to stop setting the "full_name_format" parameter
altogether and name the domain according to the AD domain name (rhbz#960270).
Then the users could simply rely on the default user@domain fqdn output
and set the short\name themselves if needed.
Does it all make sense? Can I simply close #1917 as worksforme? Would
you prefer an upstream or rhbz bug against realmd to stop setting
"full_name_format=%2$s\%1$s" ?
10 years, 11 months
[PATCH] Re-add a useful DEBUG message
by Jakub Hrozek
In commit 46222e5191473f9a46aec581273eb2eef22e23be we removed a very
similar DEBUG message while moving the whole piece of code to the idmap
library. But it turned out that the DEBUG message was useful while
testing the functionality, so this patch adds it back.
While I'm not really fond of a test relying on a presence of a DEBUG
message, I don't see a problem in re-adding it either.
10 years, 11 months
