[sssd PR#249][opened] DP: Reduce Data Provider log level noise
by justin-stephenson
URL: https://github.com/SSSD/sssd/pull/249
Author: justin-stephenson
Title: #249: DP: Reduce Data Provider log level noise
Action: opened
PR body:
"""
Certain operations are not supported with certain providers
causing informational Data Provider log messages to be logged as
errors or failures. This patch lowers the log level to reduce overall
log noise and ensure only critical log messages are logged when
a low debug_level value is used.
Resolves:
https://pagure.io/SSSD/sssd/issue/3287
https://pagure.io/SSSD/sssd/issue/3278
Tested with the LDAP provider changing ``debug_level``
between 7 and 1 then checking for log messages:
* Before patch with **debug_level=1**
```
# egrep 'dp_find_method|dp_target_init|Data Provider returned' /var/log/sssd/*
[dp_target_init] (0x0020): Target [selinux] is not supported by module [ldap].
[dp_target_init] (0x0020): Target [hostid] is not supported by module [ldap].
[dp_target_init] (0x0020): Target [subdomains] is not supported by module [ldap].
[dp_find_method] (0x0020): Target [subdomains] is not initialized
[dp_find_method] (0x0020): Target [subdomains] is not initialized
[dp_find_method] (0x0020): Target [subdomains] is not initialized
[dp_find_method] (0x0020): Target [subdomains] is not initialized
[sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.NotSupported]
[sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.NotSupported]
[sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.NotSupported]
[sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.NotSupported]
```
* After patch with **debug_level=1**
```
# egrep 'dp_find_method|dp_target_init|Data Provider returned' /var/log/sssd/*
#
```
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/249/head:pr249
git checkout pr249
6 years, 11 months
[sssd PR#263][opened] KCM: include missing header file
by lslebodn
URL: https://github.com/SSSD/sssd/pull/263
Author: lslebodn
Title: #263: KCM: include missing header file
Action: opened
PR body:
"""
man 2 readv says that the header file "sys/uio.h" must be included
for the functions readv/writev
Previously, "sys/uio.h" was included in "sys/socket.h" in glibc.
It worked just by a change. But it will be changed in glibc-2.26.
https://sourceware.org/bugzilla/show_bug.cgi?id=21426
src/responder/kcm/kcmsrv_cmd.c: In function 'kcm_iovec_op':
src/responder/kcm/kcmsrv_cmd.c:75:15: error: implicit declaration of function
'readv'; did you mean 'read'? [-Werror=implicit-function-declaration]
src/responder/kcm/kcmsrv_cmd.c:77:15: error: implicit declaration of function
'writev'; did you mean 'write'? [-Werror=implicit-function-declaration]
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/263/head:pr263
git checkout pr263
6 years, 11 months
[sssd PR#254][opened] Handling of sdap_domain lists in server mode
by mzidek-rh
URL: https://github.com/SSSD/sssd/pull/254
Author: mzidek-rh
Title: #254: Handling of sdap_domain lists in server mode
Action: opened
PR body:
"""
SERVER_MODE: Update sdap lists for each ad_ctx
We use separate AD context for each subdomain in the server mode.
Every such context has it's own sdap_domain list witch represents
sdap options such as filter and search bases for every domain.
However AD context can only fully initialize sdap_domain structure
for the same domain for which the whole context was created, which
resulted in the other sdap_domain structures to be have automatically
detected settings. This can cause problems if user is member of
groups from multiple domains.
Resolves:
https://pagure.io/SSSD/sssd/issue/3381
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/254/head:pr254
git checkout pr254
6 years, 11 months
[sssd PR#257][opened] LDAP/AD: Do not fail in case rfc2307bis_nested_groups_recv() returns ENOENT
by fidencio
URL: https://github.com/SSSD/sssd/pull/257
Author: fidencio
Title: #257: LDAP/AD: Do not fail in case rfc2307bis_nested_groups_recv() returns ENOENT
Action: opened
PR body:
"""
Commit 25699846 introduced a regression seen when an initgroup lookup is
done and there's no nested groups involved.
In this scenario the whole lookup fails due to an ENOENT returned by
rfc2307bis_nested_groups_recv(), which leads to the user removal from
sysdb causing some authentication issues.
The problem was caught by the "Allow only single user from domain1"
test, part of ad_access_filter tests (present in
"client-ad_provider-ad_forest" package) ran and reported by Lukáš
Slebodnik.
Resolves:
https://pagure.io/SSSD/sssd/issue/3331
Signed-off-by: Fabiano Fidêncio <fidencio(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/257/head:pr257
git checkout pr257
6 years, 11 months
[sssd PR#253][opened] Use the ad_account_can_shortcut function in sssd server mode
by jhrozek
URL: https://github.com/SSSD/sssd/pull/253
Author: jhrozek
Title: #253: Use the ad_account_can_shortcut function in sssd server mode
Action: opened
PR body:
"""
This is a performance enhancement for SSSD running on an IPA server with
IPA-AD trusts.
The code is hopefully simple as it mostly just moves code around. To
reproduce, you can run:
getent passwd $id
or:
getent group $id
Where $id is a UID or a GID of a user or a group coming from a trusted
domain that is further down the discovered domains list. Before the patch,
SSSD would search all domains. After the patch, SSSD should find out the
ID does not belong to that domain and immediatelly abort the request.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/253/head:pr253
git checkout pr253
6 years, 11 months