[sssd PR#549][opened] Respect ad_site option in GPO resolution
by mzidek-rh
URL: https://github.com/SSSD/sssd/pull/549
Author: mzidek-rh
Title: #549: Respect ad_site option in GPO resolution
Action: opened
PR body:
"""
GPO resolution requires AD site name to work properly.
We ignored the ad_site option to override autodiscovered ad site in the GPO code. This was most serious in a rare case when no AD site was autodiscovered (not evene the Default-First-Site).
Note: I have seen cases where DNS have not returned AD site, but I do not know how to setup DNS to not return the AD side, so to reproduce the issue I commented the autodiscovery in the code, which gave me the same debug logs as the ones I have seen in cases.
Note2: The first patch is just found nitpick. The other two patches can be merged, but I thought it was more readable if done separately.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/549/head:pr549
git checkout pr549
6 years
[sssd PR#544][opened] IPA: Qualify the externalUser sudo attribute
by jhrozek
URL: https://github.com/SSSD/sssd/pull/544
Author: jhrozek
Title: #544: IPA: Qualify the externalUser sudo attribute
Action: opened
PR body:
"""
We broke the externalUser support with the introduction of the fully
qualified attributes, because the provider was saving the data verbatim,
but the sudo responder expects a fully qualified name.
Reproducer:
on the server:
ipa sudocmd-add --desc='For reading log files' /usr/bin/less
ipa sudorule-add readfiles
ipa sudorule-add-user --users=lcluser
ipa sudorule-mod --hostcat=all readfiles
then on the client:
configure sssd with:
id_provider = files
sudo_provider = ipa
ipa_domain = ipa.test
run:
sudo useradd lcluser
sudo passwd lcluser
su - lcluser
sudo -l
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/544/head:pr544
git checkout pr544
6 years
[sssd PR#548][opened] SERVER: Tone down shutdown messages for socket-activated responders
by fidencio
URL: https://github.com/SSSD/sssd/pull/548
Author: fidencio
Title: #548: SERVER: Tone down shutdown messages for socket-activated responders
Action: opened
PR body:
"""
When dealing with socket-activated responders, those may be shut
themselves down after some inactivy period. And that's completely normal
and expected, thus should not be logged as an fatal error.
For the case when the responder is started by the monitor, however, it
still makes sense to keep the code as it is as the responders won't shut
themselves down in any normal scenario.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/548/head:pr548
git checkout pr548
6 years