[PATCH] LDAP: Detect the presence of POSIX attributes
by Jakub Hrozek
Hi,
When the schema is set to AD and ID mapping is used, there is a one-time
check ran when searching for users to detect the presence of POSIX attributes
in LDAP. If this check fails, the search fails as if no entry was found
and returns a special error code.
If the AD identity lookup finds this error code, the GC is disabled for
the next search.
The sdap_server_opts structure is filled every time a client connects to
a server so the posix check boolean is reset to false again on connecting
to the server.
It might be better to move the check to where the rootDSE is retrieved,
but the check depends on several features that are not known to the code
that retrieves the rootDSE (or the connection code for example) such as what
the attribute mappings are or the authentication method that should be used.
Currently this patch only runs the check when users are requested. It
would be trivial to add the same code (about 70 lines) to the group
request as well.
Additionally, I wonder if the absence of POSIX attributes in GC should
be reported louder. Currently there is just MINOR_FAILURE.
We could go as far as report to syslog when a user or a group from
subdomains is requested and the GC was already disabled, but I wanted to
check with the other developers before implementing this.
10 years, 2 months
sssd vs winbind
by Rowland Penny
Hi, there is a bit of a debate going on over on the samba list, about
using sssd or winbind. It is now being said that sssd should not be used
on a file server because sssd cannot do what winbind can do.
So here are the questions:
Just what are the differences between using sssd and winbind.
Can sssd be used on a fileserver and if not, why not.
Oh, and we are talking about an AD domain here.
Thanks
Rowland
10 years, 2 months
[PATCH] NSS: Fix DEBUG formatting of cmdctx->id
by Jakub Hrozek
While looking at another issue I realized that we used a wrong
formatting conversion for UID/GID values - %d. For very large values,
there were sometimes overflows (-1) in the DEBUG logs. The attached
patch converts the format specifier to PRIu32 as the value we print is
uint32_t.
I'm fine with pushing this patch atop Nikolai's patches so that we don't
make him rebase the large patchset again.
10 years, 2 months
[PATCH v1 0/5] NFSv4 rpc.idmapd plugin
by Noam Meltzer
Following the design document:
https://fedorahosted.org/sssd/wiki/DesignDocs/rpc.idmapd%20plugin
You can find in the following 5 patches my implementation.
--
Noam Meltzer
Linux Software Engineer
PRIMARY DATA
P.O. Box 12650, Herzliya Pituach 4673300
9 Hamenofim St. Akerstein Towers, Tower A, 5th fl. Herzliya
Office: +972-77-8981888 | Fax: +972-3-7617140 | Mobile: +972-54-5873843
Email: noam(a)primarydata.com
--
Noam Meltzer (5):
NEW CLIENT: plugin for NFSv4 rpc.idmapd
NFSv4 client: (private) headers from libnfsidmap
NFSv4 client: add to build system
NFSv4 client: man page
NFSv4 client: add to RPM spec
Makefile.am | 21 ++
configure.ac | 10 +
contrib/sssd.spec.in | 8 +
src/conf_macros.m4 | 30 ++
src/external/libnfsidmap.m4 | 17 ++
src/man/Makefile.am | 4 +-
src/man/include/seealso.xml | 4 +
src/man/sss_rpcidmapd.5.xml | 97 +++++++
src/sss_client/common.c | 5 +
src/sss_client/nfs/cfg.h | 68 +++++
src/sss_client/nfs/nfsidmap_internal.h | 70 +++++
src/sss_client/nfs/queue.h | 499 +++++++++++++++++++++++++++++++++
src/sss_client/nfs/sss_nfs_client.c | 490 ++++++++++++++++++++++++++++++++
src/sss_client/sss_cli.h | 2 +
14 files changed, 1324 insertions(+), 1 deletion(-)
create mode 100644 src/external/libnfsidmap.m4
create mode 100644 src/man/sss_rpcidmapd.5.xml
create mode 100644 src/sss_client/nfs/cfg.h
create mode 100644 src/sss_client/nfs/nfsidmap_internal.h
create mode 100644 src/sss_client/nfs/queue.h
create mode 100644 src/sss_client/nfs/sss_nfs_client.c
--
1.8.4.2
10 years, 2 months
[PATCH 4/7] responder: Use SAFEALIGN macros where appropriate.
by Michal Židek
On 11/14/2013 01:14 PM, Lukas Slebodnik wrote:>>From
>> >- ((uint32_t *)body)[0] = num-skipped; /* num results */
>> >- ((uint32_t *)body)[1] = 0; /* reserved */
>> >+ SAFEALIGN_SETMEM_UINT32(body, num - skipped, NULL); /* num
results */
>> >+ SAFEALIGN_SETMEM_UINT32(body + sizeof(uint32_t), 0, NULL); /*
reserved */
> Here is an conflict due to patch "NSS: Set packet length for initgroups"
Resolved.
>
>> >
>> > return EOK;
>> >}
New patch is attached.
Michal
10 years, 2 months
[PATCH] AD: Retry and terminate sdap_id_op if possible
by Jakub Hrozek
Hi,
another smaller issue I found when working on other patches. I quickly
scanned the rest of the code and I think we have a similar issue
elsewhere, so we can either accept this patch or file a ticket and fix
it everywhere.
10 years, 2 months