sssd-devel May 2017

sssd-devel@lists.fedorahosted.org

9 participants
73 discussions

[sssd PR#246][opened] filter_users and filter_groups stop working properly in v 1.15
by fidencio 10 May '17

10 May '17

URL: https://github.com/SSSD/sssd/pull/246 Author: fidencio Title: #246: filter_users and filter_groups stop working properly in v 1.15 Action: opened PR body: """ This patchset fix the issue reported on https://pagure.io/SSSD/sssd/issue/3362. @pbrezina suggested to do the changes in a new cache_req module, but I'm really not sure whether we want to have NSS specific code (like nss_get_pwent() and nss_get_grent() calls) there. For now I'm leaving this as it was before the nss/cache_req refactoring. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/246/head:pr246 git checkout pr246

4 45

[sssd PR#249][opened] DP: Reduce Data Provider log level noise
by justin-stephenson 09 May '17

09 May '17

URL: https://github.com/SSSD/sssd/pull/249 Author: justin-stephenson Title: #249: DP: Reduce Data Provider log level noise Action: opened PR body: """ Certain operations are not supported with certain providers causing informational Data Provider log messages to be logged as errors or failures. This patch lowers the log level to reduce overall log noise and ensure only critical log messages are logged when a low debug_level value is used. Resolves: https://pagure.io/SSSD/sssd/issue/3287 https://pagure.io/SSSD/sssd/issue/3278 Tested with the LDAP provider changing ``debug_level`` between 7 and 1 then checking for log messages: * Before patch with **debug_level=1** ``` # egrep 'dp_find_method|dp_target_init|Data Provider returned' /var/log/sssd/* [dp_target_init] (0x0020): Target [selinux] is not supported by module [ldap]. [dp_target_init] (0x0020): Target [hostid] is not supported by module [ldap]. [dp_target_init] (0x0020): Target [subdomains] is not supported by module [ldap]. [dp_find_method] (0x0020): Target [subdomains] is not initialized [dp_find_method] (0x0020): Target [subdomains] is not initialized [dp_find_method] (0x0020): Target [subdomains] is not initialized [dp_find_method] (0x0020): Target [subdomains] is not initialized [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.NotSupported] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.NotSupported] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.NotSupported] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.NotSupported] ``` * After patch with **debug_level=1** ``` # egrep 'dp_find_method|dp_target_init|Data Provider returned' /var/log/sssd/* # ``` """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/249/head:pr249 git checkout pr249

5 18

[sssd PR#262][opened] MAN: AD Provider GSSAPI clarification
by justin-stephenson 09 May '17

09 May '17

URL: https://github.com/SSSD/sssd/pull/262 Author: justin-stephenson Title: #262: MAN: AD Provider GSSAPI clarification Action: opened PR body: """ Explicitly state that the AD provider uses Kerberos and GSSAPI for encrypting traffic to avoid attempted custom configurations with SSL/TLS Resolves: https://pagure.io/SSSD/sssd/issue/3377 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/262/head:pr262 git checkout pr262

4 8

[sssd PR#263][opened] KCM: include missing header file
by lslebodn 09 May '17

09 May '17

URL: https://github.com/SSSD/sssd/pull/263 Author: lslebodn Title: #263: KCM: include missing header file Action: opened PR body: """ man 2 readv says that the header file "sys/uio.h" must be included for the functions readv/writev Previously, "sys/uio.h" was included in "sys/socket.h" in glibc. It worked just by a change. But it will be changed in glibc-2.26. https://sourceware.org/bugzilla/show_bug.cgi?id=21426 src/responder/kcm/kcmsrv_cmd.c: In function 'kcm_iovec_op': src/responder/kcm/kcmsrv_cmd.c:75:15: error: implicit declaration of function 'readv'; did you mean 'read'? [-Werror=implicit-function-declaration] src/responder/kcm/kcmsrv_cmd.c:77:15: error: implicit declaration of function 'writev'; did you mean 'write'? [-Werror=implicit-function-declaration] """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/263/head:pr263 git checkout pr263

3 5

[sssd PR#254][opened] Handling of sdap_domain lists in server mode
by mzidek-rh 05 May '17

05 May '17

URL: https://github.com/SSSD/sssd/pull/254 Author: mzidek-rh Title: #254: Handling of sdap_domain lists in server mode Action: opened PR body: """ SERVER_MODE: Update sdap lists for each ad_ctx We use separate AD context for each subdomain in the server mode. Every such context has it's own sdap_domain list witch represents sdap options such as filter and search bases for every domain. However AD context can only fully initialize sdap_domain structure for the same domain for which the whole context was created, which resulted in the other sdap_domain structures to be have automatically detected settings. This can cause problems if user is member of groups from multiple domains. Resolves: https://pagure.io/SSSD/sssd/issue/3381 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/254/head:pr254 git checkout pr254

3 12

[sssd PR#252][opened] PAM: check matching certificates from all domains
by sumit-bose 04 May '17

04 May '17

URL: https://github.com/SSSD/sssd/pull/252 Author: sumit-bose Title: #252: PAM: check matching certificates from all domains Action: opened PR body: """ Although the cache_req lookup found matching in multiple domains only the results from the first domain were used. With this patch the results from all domains are checked. Resolves https://pagure.io/SSSD/sssd/issue/3385 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/252/head:pr252 git checkout pr252

2 7

[sssd PR#258][opened] IFP: Fix name qualification for user groups (1.14 backport)
by jhrozek 04 May '17

04 May '17

URL: https://github.com/SSSD/sssd/pull/258 Author: jhrozek Title: #258: IFP: Fix name qualification for user groups (1.14 backport) Action: opened PR body: """ This PR back-ports patches that fix qualification of user groups coming through the org.freedesktop.sssd.infopipe.GetUserGroups interface in the 1.14 branch. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/258/head:pr258 git checkout pr258

2 5

[sssd PR#257][opened] LDAP/AD: Do not fail in case rfc2307bis_nested_groups_recv() returns ENOENT
by fidencio 03 May '17

03 May '17

URL: https://github.com/SSSD/sssd/pull/257 Author: fidencio Title: #257: LDAP/AD: Do not fail in case rfc2307bis_nested_groups_recv() returns ENOENT Action: opened PR body: """ Commit 25699846 introduced a regression seen when an initgroup lookup is done and there's no nested groups involved. In this scenario the whole lookup fails due to an ENOENT returned by rfc2307bis_nested_groups_recv(), which leads to the user removal from sysdb causing some authentication issues. The problem was caught by the "Allow only single user from domain1" test, part of ad_access_filter tests (present in "client-ad_provider-ad_forest" package) ran and reported by Lukáš Slebodnik. Resolves: https://pagure.io/SSSD/sssd/issue/3331 Signed-off-by: Fabiano Fidêncio <fidencio(a)redhat.com> """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/257/head:pr257 git checkout pr257

3 7

[sssd PR#191][opened] Few spec file fixes
by lslebodn 03 May '17

03 May '17

URL: https://github.com/SSSD/sssd/pull/191 Author: lslebodn Title: #191: Few spec file fixes Action: opened PR body: """ Mostly related to https://pagure.io/SSSD/sssd/issue/3327 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/191/head:pr191 git checkout pr191

2 18

[sssd PR#253][opened] Use the ad_account_can_shortcut function in sssd server mode
by jhrozek 02 May '17

02 May '17

URL: https://github.com/SSSD/sssd/pull/253 Author: jhrozek Title: #253: Use the ad_account_can_shortcut function in sssd server mode Action: opened PR body: """ This is a performance enhancement for SSSD running on an IPA server with IPA-AD trusts. The code is hopefully simple as it mostly just moves code around. To reproduce, you can run: getent passwd $id or: getent group $id Where $id is a UID or a GID of a user or a group coming from a trusted domain that is further down the discovered domains list. Before the patch, SSSD would search all domains. After the patch, SSSD should find out the ID does not belong to that domain and immediatelly abort the request. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/253/head:pr253 git checkout pr253

3 7

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel May 2017