August 2014 - sssd-devel - Fedora Mailing-Lists

[PATCH] Add systemd-user-sessions dependency to systemd service file.

by Ian Lee

Please see attached patch. Fixes issues when shutting down/restarting.

9 years, 3 months

2
2
0 / 0

gpo design page updated.

by Yassir Elley

The GPO-Based Access Control design page has been updated to reflect the final design. Regards, Yassir.

9 years, 3 months

1
1
0 / 0

[PATCH] IPA: incorrect expansion of group membership when encountering a non-POSIX group

by Pavel Reichl

Hello, please see attached patches. Regards, Pavel Reichl

9 years, 3 months

3
7
0 / 0

[PATCH] SYSDB: Return errno, not ldb error code

by Jakub Hrozek

Hi, for one of my patches I tried to use ldb permissive modification before realising it's not the best approach. At least I found this little bug in the sysdb code.

9 years, 3 months

2
4
0 / 0

[PATCH] IPA: handle searches by SID in apply_subdomain_homedir

by Jakub Hrozek

Hi, the attached patch fixes https://fedorahosted.org/sssd/ticket/2391 To reproduce, request a group by SID, like this: $ python import pysss_nss_idmap pysss_nss_idmap.getnamebysid('S-1-5-21-1104576142-166023250-1132398744-513') {'S-1-5-21-1104576142-166023250-1132398744-513': {'type': 2, 'name': u'domain users(a)win.example.com'}}

9 years, 3 months

3
9
0 / 0

[PATCH] MAN: How much time sssd spends offline

by Michal Židek

This man page change is for sssd-1-11 only. Michal

9 years, 3 months

3
6
0 / 0

[PATCH] SDAP: Deref needn't be treated as critical

by Lukas Slebodnik

ehlo, The command line utility ldapsearch does not set option LDAP_CONTROL_X_DEREF as critical. sssd performes similar ldap search as following command: sh-4.2$ ldapsearch -x -LLL -h 172.17.0.7 \ -b 'cn=ref_grp1,ou=qagroup,dc=example,dc=com' -E '!deref=member:objectClass,cn,userPassword,gidNumber,member,modify Timestamp,modifyTimestamp,uid' \ objectClass,cn,userPassword,gidNumber,member,modifyTimestamp,modifyT imestamp,uid Critical extension is unavailable (12) Additional information: critical control unavailable in context The most important is "exclamation mark" before extensions. It indicates criticality. This caused problem when openldap server was older openldap-2.4.23-34.el6. Dereference is performed successfully if extension is not critical: -E 'deref=member:objectClass ... Resolves: https://fedorahosted.org/sssd/ticket/2383 oneliner is attached. LS

9 years, 3 months

3
13
0 / 0

[PATCH] sudo: work with correct D-Bus iterator

by Pavel Březina

Hi, mmsrubar reported on IRC that recent D-Bus sudo patch broke rules refresh. We were working with invalid iterator there. I apparently sent an old patch to the list, here's the diff that fixes the issue.

9 years, 3 months

2
6
0 / 0

[PATCH] be_get_account_info change level of debug message

by Michal Židek

Regarding ticket https://fedorahosted.org/sssd/ticket/2403 The only thing we should do IMO is to change the level of debug message to reflect the actual content of the message. Other than that, this is not an SSSD bug and I would prefer not to special case nfsnobody or nobody, or any other external daemon specific users. If someone asks for non existing user, we log that the user does not exist and that is correct behaviour. Simple patch is attached (I would personally prefer to put it to master only). Michal

9 years, 3 months

2
2
0 / 0

[PATCHES] SDAP: refactor sdap_access

by Pavel Reichl

Hello, I was struggling with rebasing my patches in the thread "SDAP: Be able to configure sssd to honor openldap account lock to restrict access via ssh key" so I decided to split the patch set into smaller chunks to be able to quickly react on review comments and not to fight with rebasing all the time. Attached patches prepare code for implementing #2364 Patch: 1st) acked by Pavel 2nd) Jakub requsted change: > +static errno_t sdap_get_basedn_user_entry(TALLOC_CTX *mem_ctx, > + struct ldb_message *user_entry, > + const char *username, > + char **_basedn) > +{ > + const char *basedn; > + errno_t ret; > + > + basedn = ldb_msg_find_attr_as_string(user_entry, SYSDB_ORIG_DN, NULL); > + if (basedn == NULL) { > + DEBUG(SSSDBG_CRIT_FAILURE,"Could not find originalDN for user [%s]\n", > + username); > + ret = EINVAL; > + goto done; > + } > + > + *_basedn = talloc_strdup(mem_ctx, basedn); > + if (*_basedn == NULL) { > + DEBUG(SSSDBG_CRIT_FAILURE, > + "Could not allocate memory for originalDN\n"); > + ret = ENOMEM; > + goto done; > + } > Do we need to strdup the basedn here? > 3rd) acked by Pavel 4th) Jakub comment: > This function is misplaced, it immediatelly follows _send() in the code. > _recv() should be the last in the flow. 5th) acked by Pavel I hope attached patches address Jakub's concerns. Regards, Pavel Reichl

9 years, 3 months

3
10
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel August 2014