ipa: kerberos locator plugin and AD sites - sssd 1.13.x
by Ziomek, M. (Maciej)
Hello everyone,
I would kindly ask whether there are any plans / possibilities to port features introduced in sssd 1.16.3 back to sssd 1.13.x (LTM) ? These features are:
1. Since 1.16.3 the kdcinfo files are generated automatically also for trusted domains in setups that use id_provider=ad and IPA masters in a trust relationship with an AD domain.
2. SSSD Kerberos locator plugin can now process multiple address if SSSD generates more than one.
3. On IPA clients the AD DCs or the AD site which should be used to authenticate users can now be listed in a subdomain section.
These three mentioned features help us a lot but at the same time we are suffering from their lack in 1.13.x ( LTM ).
We are still using systems where version 1.13.x is the only one officially available.
Have a nice day,
Regards
Maciej Ziomek
ING Business Shared Services B.V. z siedzibą w Amsterdamie, Holandia, VAT PL 526-319-58-54, działająca w Polsce w formie oddziału, pod firmą ING Business Shared Services B.V. spółka z ograniczoną odpowiedzialnością Oddział w Polsce z siedzibą w Katowicach, ul. Konduktorska 35, 40-155 Katowice, NIP: 2050005130, wpisana do rejestru przedsiębiorców Krajowego Rejestru Sądowego prowadzonego przez Sąd Rejonowy Katowice-Wschód w Katowicach, VIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem KRS 0000702305.
4 years, 5 months
[sssd PR#558][opened] WIP: Add a test for sss_nss_getgrouplist_timeout and fix invalidating the initgroups cache
by jhrozek
URL: https://github.com/SSSD/sssd/pull/558
Author: jhrozek
Title: #558: WIP: Add a test for sss_nss_getgrouplist_timeout and fix invalidating the initgroups cache
Action: opened
PR body:
"""
This is a WIP on adding tests for the sss_nss_ex interface. I covered only the sss_nss_getgrouplist_timeout function so far.
I'm submitting the PR already in this state to get some feedback if this
coverage is enough and the other functions can be covered similarly or
if there is some issue with this approach.
Also, I found a bug in invalidating the initgroups memory cache, that's
the first of the two patches. Here I'm really not sure if the fix is even
how the issue should be fixed, so I just hacked something up, even without
allocation checks etc.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/558/head:pr558
git checkout pr558
4 years, 5 months