April 2015 - sssd-devel - Fedora Mailing-Lists

[PATCH] MAN: Clarify how are GPO mappings called in GPO editor

by Jakub Hrozek

Improving the documentation makes it easier to recognize what the admin needs to allow for certain service mappings.

9 years

2
2
0 / 0

[PATCH] LDAP: Set sdap handle as explicitly connected in LDAP auth

by Jakub Hrozek

Hi, to reproduce, set up an ldaps:// server (TLS won't reproduce the bug) and configure the client as: [domain/default] id_provider = proxy proxy_lib_name = files auth_provider = ldap ldap_uri = ldaps://openldap.example.com ldap_user_search_base = ou=People,dc=example,dc=com ldap_group_search_base = ou=People,dc=example,dc=com ldap_search_base = dc=example,dc=com ldap_tls_reqcert = demand ldap_tls_cacertdir = /etc/openldap/cacerts ldap_schema = rfc2307bis ldap_user_object_class = inetOrgPerson debug_level = 9 timeout = 30000 Before the patch you'll get an error saying you're not connected. I think the proper solution would be to change the LDAP provider to mark the connection as connected automatically, but there is logic in sdap_async_connection that should be changed as well and the code around whether to use TLS or not is a bit complex. Also, I would prefer to make sdap_handle opaque outside the low-level code.

9 years

2
2
0 / 0

[PATCHES] SPEC: Few cosmetic changes

by Lukas Slebodnik

ehlo, simple patches attached LS

9 years

2
2
0 / 0

[PATCH] enumeration: fix talloc context

by Pavel Březina

https://fedorahosted.org/sssd/ticket/2611

9 years

3
6
0 / 0

[PATCH] GPO: Check return value of ad_gpo_store_policy_settings

by Lukas Slebodnik

ehlo, simple patch is attached. It fixes warning from clang static analyzer. LS

9 years

3
6
0 / 0

[PATCH] CLIENT: Clear errno with enabled sss-default-nss-plugin

by Lukas Slebodnik

ehlo, Although errno was cleared in function sss_nss_make_request some sss glic functions set errno with value of output argument errnop. Steps to reproduce are described in attached patch. LS

9 years

3
2
0 / 0

[PATCH] LDAP: drop lockout option from ldap_access_order

by Pavel Reichl

Hello please see attached patch. The need for this patch was discussed in thread: SDAP: Lock out ssh keys when account naturally expires This patch implements point number 3. >> I would prefer if we didn't add a new option as well, but since we >> released >> a version that only supported the lockout and not any other semantics, >> I don't think we can get away with just changing the functionality. A >> minor version can break functionality. But a major version can >> >> So I propose the following: >> 1) Add a new value for ldap_access_order called "ppolicy" that would >> evaluate the pwdAccountLockedTime fully, including the new >> functionality in this patchset >> 2) In 1.12, deprecate the "lockout" option and log a warning that it >> will be removed in future relase and users should migrate to "ppolicy" >> option >> 3) In master (1.13), remove the "lockout" ldap_access_order value Thanks!

9 years

3
24
0 / 0

[PATCH] KRB5: Unify prototype and definition

by Lukas Slebodnik

ehlo, simple patch is attached. LS

9 years

3
2
0 / 0

[PATCH] SSH: Ignore the default_domain_suffix

by Jakub Hrozek

Honza, can you review, please? To reproduce, just set default_domain_suffix on an IPA trust client to the AD domain value in the [sssd] section: [sssd] services = nss, pac, sudo, pam, ssh domains = linux.test config_file_version = 2 default_domain_suffix = ad.example.com Then request a host: sss_ssh_knownhostsproxy ipa1.linux.test btw default_domain_suffix is already ignored for the autofs responder.

9 years

3
3
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel April 2015