[PATCH] Remove unused constant.
by Michal Židek
This constant is only used in tests, but they define their own
one. No need for re-definitions.
Thanks
Michal
10 years, 9 months
[PATCH] KRB5: Do not send PAC in server mode
by Jakub Hrozek
The krb5 child contacts the PAC responder for any user except for the IPA
native users if the PAC is configured. This works fine for the general
case but the ipa_server_mode is a special one. The PAC responder is there,
but since in the server mode we should be operating as AD provider default,
the PAC shouldn't be analyzed either in this case.
10 years, 9 months
[PATCH] Change order of libraries in linking process.
by Lukas Slebodnik
ehlo,
It seems that some linkers have problem with wrong order of libraries.
This commit only change order.
Attached patch should fix next issue:
Library libsss_crypt.so is used in linking process, but there are
undefined references.
It seems that I changed order of libraries after rewriting link_all_deplibs
patch to use automake variable SSSD_INTERNAL_LTLIBS. I only tested
new patch with patched version of libtool on fedora.
libtool: link: gcc -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Werror-implicit-function-declaration -fno-strict-aliasing -std=gnu99 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -I/usr/include/samba-4.0 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -Wl,-Bsymbolic-functions -Wl,-z -Wl,relro -o .libs/sss_ssh_authorizedkeys src/sss_client/sss_ssh_authorizedkeys-common.o src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_client.o src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.o -lpthread -ltalloc /usr/lib/x86_64-linux-gnu/libpopt.so ./.libs/libsss_crypt.so ./.libs/libsss_debug.so ./.libs/libsss_child.so ./.libs/libsss_util.so -Wl,-rpath -Wl,/usr/lib/x86_64-linux-gnu/sssd
./.libs/libsss_util.so: undefined reference to `sss_base64_decode'
./.libs/libsss_util.so: undefined reference to `s3crypt_gen_salt'
./.libs/libsss_util.so: undefined reference to `sss_base64_encode'
./.libs/libsss_util.so: undefined reference to `s3crypt_sha512'
collect2: error: ld returned 1 exit status
LS
10 years, 9 months
FreeIPA AD Trust improvements, Fedora 19 Test Day, July 25th
by Dmitri Pal
Hello,
The FreeIPA team is happy to welcome you to a Fedora Test Day that is
being held on Thursday, July 25th.
We would like to invite you to take part in testing of the upcoming FreeIPA 3.3
release containing 2 major improvements for easier deployment of FreeIPA Active
Directory Trust feature to existing environments:
1) Use POSIX attributes defined in Active Directory [1]
With previous FreeIPA releases, users coming from Active Directory to FreeIPA
managed machines were always assigned POSIX attributes (UID and GID) by
algorithmic mapping.
However, in some deployments, Active Directory users and groups already have
defined custom POSIX attribute values (UID and GID), which may then be
leveraged on Linux machines via other 3rd party Active Directory integration
solutions. Administrator may choose to keep the values to not disrupt file
ownerships.
With FreeIPA 3.3, FreeIPA Active Directory Trust may be configured to use these
attributes when Active Directory user authenticates to Linux machines.
2) Expose POSIX data on legacy systems without recent SSSD
Administrators may have a deployment of machines which cannot use the recent
SSSD with Active Directory Trust support but would still like to be able to
authenticate with Active Directory user to these machines. This may affect for
example older Linux machines, UNIX machines.
With FreeIPA 3.3, Administrator may configure a compatibility LDAP tree which
will contain identities of the Active Directory users to the legacy systems.
These systems may then leverage standard LDAP authentication in this tree
allowing selected Active Directory users to authenticate.
To read more about the Test Day and suggested tests, see the following link:
https://fedoraproject.org/wiki/Test_Day:2013-07-25_AD_trusts_with_POSIX_a...
Thank you for your help and participation!
The FreeIPA team
[1] http://www.freeipa.org/page/V3/Use_posix_attributes_defined_in_AD
[2] http://www.freeipa.org/page/V3/Serving_legacy_clients_for_trusts
10 years, 9 months
[PATCH] Fix the default FQDN format
by Jakub Hrozek
Commit 52ae806bd17c3c00d70bd1aed437f10f5ae51a1c changed the default FQDN
format by accident to the one we only ever user internally. This patch
fixes the mistake.
10 years, 9 months
[PATCH] IPA: warn if full_name_format is customized in server mode
by Jakub Hrozek
https://fedorahosted.org/sssd/ticket/2009
If the IPA server mode is on and the SSSD is running on the IPA server,
then the server's extdom plugin calls getpwnam_r to read info about trusted
users from the AD server and return them to the clients that called the
extended operation.
The SSSD returns the subdomain users fully-qualified, ie "user@domain"
by default. The format of the fully qualified name is configurable.
However, the extdom plugin returns the user name without the domain
component.
With this patch, when ipa_server_mode is on, warn if the full_name_format
is set to a non-default value. That would prompt the admin to change the
format if he changed it to something exotic.
10 years, 9 months
