[sssd PR#247][opened] Subdomain inherit
by mzidek-rh
URL: https://github.com/SSSD/sssd/pull/247
Author: mzidek-rh
Title: #247: Subdomain inherit
Action: opened
PR body:
"""
I tested if the options that work in subdomain inherit also work in trusted domain section in sssd.conf. Most seem to work without any changes in the code except for two. With these two patches only one that does not work remains (I wanted to send patchset that adds all the options, but I got stuck on the option that sets the ldap principal, so I am sending this in the meantime).
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/247/head:pr247
git checkout pr247
5 years, 11 months
[sssd PR#464][opened] SYSDB: Properly handle name/gid override when using domain resolution order
by fidencio
URL: https://github.com/SSSD/sssd/pull/464
Author: fidencio
Title: #464: SYSDB: Properly handle name/gid override when using domain resolution order
Action: opened
PR body:
"""
When using name/gid override together with domain resolution order the
mpg name/gid may be returned instead of the overridden one.
In order to avoid that, let's add a check in case the domain supports
mpg so we can ensure that the originalADname and originalADgidNumber
attributes are the very same as the ones searched and then normally
proceed with the current flow in the code. In case those are not the
same, we *must* follow the code path for the non-mpg domains and then
return the proper values.
Resolves: https://pagure.io/SSSD/sssd/issue/3595
Signed-off-by: Fabiano Fidêncio <fidencio(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/464/head:pr464
git checkout pr464
5 years, 11 months
[sssd PR#511][opened] Do not shutdown KCM/Secrets responders when activities are happening ...
by fidencio
URL: https://github.com/SSSD/sssd/pull/511
Author: fidencio
Title: #511: Do not shutdown KCM/Secrets responders when activities are happening ...
Action: opened
PR body:
"""
Firstly, I'd like to make it **explicit** that this PR is **missing tests**, but I won't write them down till we have an agreement whether the proposed patches do look right/good.
Basically, while trying to reproduce https://pagure.io/SSSD/sssd/issue/3470 I've noticed that both secrets and kcm responders were going down due to the responder_idle_timeout expiring ... even with a lot of activities happening on them.
Does this approach look right? If yes, then, what would be the easiest way to test:
- A responder actually goes down after x seconds;
- Any activity on that responder will make the responder alive for more x seconds;
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/511/head:pr511
git checkout pr511
6 years
[sssd PR#128][opened] Fix group renaming issue when "id_provider = ldap" is set
by fidencio
URL: https://github.com/SSSD/sssd/pull/128
Author: fidencio
Title: #128: Fix group renaming issue when "id_provider = ldap" is set
Action: opened
PR body:
"""
Those two patches fix https://bugzilla.redhat.com/show_bug.cgi?id=1401241
The sssd.conf used in order to reproduce this issue looks like:
```
[sssd]
config_file_version = 2
services = nss, pam
domains = ad.fidencio.lan
[nss]
[pam]
[domain/ad.fidencio.lan]
ad_domain = ad.fidencio.lan
krb5_realm = AD.FIDENCIO.LAN
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
ldap_referrals = false
enumerate = false
id_provider = ldap
#id_provider = ad
auth_provider = krb5
chpass_provider = krb5
access_provider = ldap
ldap_sasl_mech = GSSAPI
ldap_schema = ad
ldap_user_object_class = user
ldap_user_home_directory = unixHomeDirectory
ldap_user_principal = userPrincipalName
ldap_group_object_class = group
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true
```
The reproducer can be found in the bug report.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/128/head:pr128
git checkout pr128
6 years
[sssd PR#378][opened] [RFC] Use GNULIB's compiler warning code
by fidencio
URL: https://github.com/SSSD/sssd/pull/378
Author: fidencio
Title: #378: [RFC] Use GNULIB's compiler warning code
Action: opened
PR body:
"""
This is the 3rd tentative to have this patch reviewed. For more references, please, see: PR #50.
So, I've re-worked those patches a little bit and here is the time difference when running reconfing with the patches:
```
real 0m26.047s
user 0m21.318s
sys 0m4.635s
```
And now without:
```
real 0m25.565s
user 0m20.696s
sys 0m4.433s
```
This patch set is rebased on top of PR #377.
I really would appreciate if someone could review and give their opinion.
The reason this PR was blocked is because this time difference has been considered a "performance issue".
@jhrozek , could you take a look on this?
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/378/head:pr378
git checkout pr378
6 years
[sssd PR#515][opened] sssctl: Showing help even when sssd not configured
by amitkumar50
URL: https://github.com/SSSD/sssd/pull/515
Author: amitkumar50
Title: #515: sssctl: Showing help even when sssd not configured
Action: opened
PR body:
"""
Current Issue:
On a clean and unconfigured system, it's not possible
to use --help.
`# dnf install sssd-tools`
`# sssctl cache-remove --help`
Shows:
[confdb_get_domains] (0x0010): No domains configured, fatal error!
Solution: Donot check for confdb initialization when sssctl 3rd
command line argument passed is '--help'.
Please note when we run 'sssctl --help' on unconfigured system
confdb check is not done and proper o/p is seen.
Also suggest if we have better alternative..
Resolves: https://pagure.io/SSSD/sssd/issue/3634
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/515/head:pr515
git checkout pr515
6 years