[sssd PR#175][opened] Add module for starting services
by lslebodn
URL: https://github.com/SSSD/sssd/pull/175
Author: lslebodn
Title: #175: Add module for starting services
Action: opened
PR body:
"""
This is a WIP version of reducing code duplication in our cwrap integration tests.
I am still not sure whether we should also reuse function `create_sssd_fixture`.
And if yes; then probably in different nodule then `services`
And comments are welcome.
BTW I wrote patches few weeks ago; therefore new tests are not converted.
I am just sending patches to get some feedback.
Site effect of this patches is that tests are cca 20% faster (IIRC)
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/175/head:pr175
git checkout pr175
2 years
[sssd PR#269][opened] Add support for ActiveDirectory's logonHours restrictions
by NWilson
URL: https://github.com/SSSD/sssd/pull/269
Author: NWilson
Title: #269: Add support for ActiveDirectory's logonHours restrictions
Action: opened
PR body:
"""
This is a straightforward patch for denying access to a user when the user is not permitted to access their account due to logonHours restrictions.
This matches the default behaviour for domain-joined Windows machines. When outside the logonHours, all types of authentication are denied (password/Kerberos/certificate) - so it is appropriate to put this check inside the PAM "account" rules.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/269/head:pr269
git checkout pr269
3 years, 3 months
[sssd PR#132][opened] Add "Wants=" to sssd unit and avoid PAC responder to be always running
by fidencio
URL: https://github.com/SSSD/sssd/pull/132
Author: fidencio
Title: #132: Add "Wants=" to sssd unit and avoid PAC responder to be always running
Action: opened
PR body:
"""
The first patch changes the current logic of having the services' sockets disabled by default as it adds a "Wants=" to the sssd unit file, making all the services' sockets enabled by the moment sssd service is enabled.
The second patch takes advantage of the first patch and avoids running PAC responder in case its socket is active, leaving the service to be socket-activated when needed.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/132/head:pr132
git checkout pr132
3 years, 11 months
[sssd PR#413][opened] mmap_cache: add SID and type to struct sss_mc_rec
by sumit-bose
URL: https://github.com/SSSD/sssd/pull/413
Author: sumit-bose
Title: #413: mmap_cache: add SID and type to struct sss_mc_rec
Action: opened
PR body:
"""
This patchset updates the memory cache by adding some new members to struct
sss_mc_rec. One is the addition of a hash value for SID based lookup which will
be added in later patches.
The other is a new record type and a member indicating the type. The new type
is a link record which links an alias name, e.g. an UPN, to the original record
of the related user or group object.
Besides aliases this link record will be used in case in-sensitive setups. E.g.
if getpwnam() returns the name of an AD users as Administrator(a)ad.domain bit
some applications or users use administrator(a)ad.domain for lookups the memory
cache is currently never used because there is no entry with the hash of
'administrator(a)ad.domain'. With this patch the original data record is created
as before with the hash for 'Administrator(a)ad.domain' and a link record is
create with the hash of 'administrator(a)ad.domain'. Now both lookups can be
handled by the memory cache. If now another application uses
ADMINISTRATOR(a)AD.DOMAIN for lookups the first request will go to the NSS
responder but upcoming requests can use the memory cache as well because a link
record for ADMINISTRATOR(a)AD.DOMAIN is created.
The last patch in this series adds some additional data to the user and group
lookup requests, the short name, the domain name, the short domain name and the
SID. Those are needed to be able to support SID based lookups in the memory
cache and allow applications to not depend on the name format returned by
getpw{nam|uid}. Upcoming patches for libsss_nss_idmap will make those
additional values available to applications I added them already here to keep
the memory cache related changes in one PR. Application which will benefit here
are the interfaces SSSD provides e.g. to Samba related applications like SSSD's
version of libwbclient but also IPA plugins like extdom and slapi-nis.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/413/head:pr413
git checkout pr413
5 years, 1 month