[PATCH v2 0/2] man page for NFSv4 client
by Noam Meltzer
This is patch v2 for the NFSv4 client manpage (rpc.idmapd sss plugin), following
rmainz code review.
Noam Meltzer (2):
NFSv4 client: man page
NFSv4 client: man page - add to RPM spec
contrib/sssd.spec.in | 1 +
src/man/Makefile.am | 4 +-
src/man/include/seealso.xml | 4 ++
src/man/sss_rpcidmapd.5.xml | 132 ++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 140 insertions(+), 1 deletion(-)
create mode 100644 src/man/sss_rpcidmapd.5.xml
--
1.9.3
9 years, 6 months
sss_cache flush ssh hosts list.
by William
Hi,
I have been working on sssd being able to flush hosts from it's cache.
Here is an initial patch to add the options to the cli of sss_cache.
I have noticed that there are some methods already in src/db/sysdb_ssh.c
like sysdb_update_ssh_known_host_expire: Does that seem like the right
function to call to expire a host?
Advice is appreciated.
--
William Brown <william(a)firstyear.id.au>
9 years, 6 months
[sssd][patch] SYSDB: sysdb_getnetgr returns ENOENT
by Pavel Reichl
Hello,
attached patch is the first of many to solve
https://fedorahosted.org/sssd/ticket/1991
"The return codes of various sysdb operations differ. Some search
operations would return ENOENT if they don't find a matching object some
would return EOK but an empty result list."
I think it would be best if in case that no results were found both
ENOENT value and 'properly' empty list were returned.
Thank for opinions or/and review.
Pavel Reichl
9 years, 6 months
[PATCH] SPEC: Drop rhel5 conditions in spec file.
by Lukas Slebodnik
ehlo,
In theory, it could be possible to build current master without samba
on rhel5, but the spec file would be very complicated.
It is better to simplify spec file.
Patch is attached.
1 file changed, 43 deletions(-) :-)
LS
9 years, 6 months
[PATCH] CI: Consider libcmocka-devel always present
by Nikolai Kondrashov
Hi everyone,
This patch fixes incorrect assumption of cmocka missing from RHEL6 by CI and
correspondingly enables coverage percentage check there.
It requires "CI: Allow disabling distro-(in)dependent tests" as it is, but can
be rebased, if necessary.
Nick
9 years, 6 months
Patch to fix incorrect PAM return code when user enters invalid credentials
by John Koelndorfer
Hey folks,
Some quick background on this small patch I prepared. I run sssd on my
desktop (and servers) to authenticate against a Samba 4 DC. I found
that when I attempted to log in via KDM and misentered my password, I
got an error about the authentication system failing. Similarly, `su`
would return an error message I was not familar with: "Failure setting
user credentials".
After some inspection of the sssd sources, I found that per
http://pubs.opengroup.org/onlinepubs/8329799/pam_sm_authenticate.htm,
sssd's PAM module is returning the wrong error code when a user
entered bad credentials. PAM_CRED_ERR is being returned instead of
PAM_AUTH_ERR.
Applying the attached patch and recompliing sssd brought back the more
familiar "Authentication failure" when su'ing with a bad password. KDM
also doesn't freak out when I enter an incorrect password.
If you have any questions about the patch, please be sure to include
me in the reply as I'm not on the sssd-devel list.
Thanks for sssd, it has been awesome!
9 years, 6 months
[PATCH] CI: Allow disabling distro-(in)dependent tests
by Nikolai Kondrashov
Hi everyone,
As CI mock builds are taking a god-awful long time sometimes and Clang doesn't
help it either, I've implemented support for running distro-dependent and
distro-independent tests separately and set up CI to run distro-independent
tests only once, on a separate host. This cut execution time roughly in half.
I'll be working on reducing mock build times to reduce it further.
Here is an example of a separated job:
http://sssd-ci.duckdns.org/logs-test/job/0/11/summary.html
Please find the patch attached.
Nick
9 years, 6 months
[PATCH] Ignore referrals when ldap_referrals=false
by Jakub Hrozek
Hi,
with the current SSSD code, an LDAP search that results in a referral
fails completely with EIO and usually sends the whole backend to
offline mode. I think this is too strict and if the admin chose to
ignore referrals, we should just skip these results.
John Hodrien in particular was hit by us treating referrals as fatal in
environment where he needs to restrict the search scope by using custom
LDAP search bases.
Also, in cases where Global Catalog support is disabled or GC not available
and a group contains a user from a trusted domain, trying to search for
this DN yields a referral.
Attached is a patch that ignores referrals when the admin set
ldap_referrals=false in the config file.
Given the sdap async code is quite old and I don't remember all the
use-cases, I CC-ed Stephen directly to get some advice. Is there any
risk in ignoring referrals?
9 years, 7 months
[PATCH] AUTOCONF: Update detection of libnfsidmap
by Lukas Slebodnik
ehlo,
There were used two variables with_nfs_idmap and with_nfs,
it cuased problems with detection of nfsidmap.h and thus some parts were
ignored in configure time.
patch is attached.
LS
9 years, 7 months
[PATCH] AD: Ignore all errors if gpo is in permissive mode.
by Lukas Slebodnik
ehlo,
If there is a problem with GPO configuration on AD, then function
ad_gpo_access_done set error to the request and authentication was rejected
with pam system error. It should not happen in permissive mode.
Patch is attached. I can modify debug messages or add some logging to the
syslog. Any suggestion is welcomed.
LS
9 years, 7 months