[PATCH] SYSDB: Do not try to modify ts cache for unsupported DNs
by Lukas Slebodnik
ehlo,
There are some false positive debug messages when you try
to invalidate automount entries.
sh# sss_cache -A --debug=0x00f0
[sss_cache] [sysdb_set_cache_entry_attr] (0x0080): ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)]
[sss_cache] [sysdb_set_entry_attr] (0x0080): Cannot set ts attrs for name=auto.share1,cn=autofsmaps,cn=custom,cn=LDAP,cn=sysdb
[sss_cache] [sysdb_set_cache_entry_attr] (0x0080): ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)]
[sss_cache] [sysdb_set_entry_attr] (0x0080): Cannot set ts attrs for name=auto.share2,cn=autofsmaps,cn=custom,cn=LDAP,cn=sysdb
[sss_cache] [sysdb_set_cache_entry_attr] (0x0080): ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)]
[sss_cache] [sysdb_set_entry_attr] (0x0080): Cannot set ts attrs for name=auto.home,cn=autofsmaps,cn=custom,cn=LDAP,cn=sysdb
Only users and groups have timestamp data in separate cache.
It caused false positive warnings for autofs, netgroup ...
And I bet such messages are also in domain log file.
LS
7 years, 9 months
IPA: enable enterprise principals if server supports them
by Sumit Bose
Hi,
this patch set should solve https://fedorahosted.org/sssd/ticket/3018
by looking up the additional UPN suffixes on the IPA server. If some
were found, enterprise principals are enabled if they are not explicitly
disabled in sssd.conf.
The first patch read the attributes. The second and third patch store
the found suffixes in the cached object of the corresponding domain. So
far this is not strictly needed but maybe it might be handy at some
later time if this data is around. The fourth and fifth patch just add
some getter-calls because some internal data is needed to allow the
sub-domain provider to modify the configuration of the auth provider.
Finally the sixth patch sets the enterprise principal option to true if
there are UPN suffixes and enterprise principals are not explicitly
disabled in sssd.conf.
bye,
Sumit
7 years, 9 months
[PATCH] sdap: Fix ldap_rfc_2307_fallback_to_local_users
by Michal Židek
Hi,
see the attached simple patch for ticket:
https://fedorahosted.org/sssd/ticket/3045
The patch is missing a CI test. I will add
one (hopefully later tomorrow) after I take
a look at one bugzilla which has currently
higher priority.
If someone writes a test for this until then,
I will gladly review it :)
The reproducer is simple:
1. have ldap with RFC2307 schema with group
that contains user from /etc/passwd (for example
local_user)
2. run 'id local_user'
3. the ldap group should be among the displayed groups
Michal
7 years, 9 months