April 2019 - sssd-devel - Fedora mailing-lists

[sssd PR#175][opened] Add module for starting services
by lslebodn 22 Nov '21

22 Nov '21

URL: https://github.com/SSSD/sssd/pull/175 Author: lslebodn Title: #175: Add module for starting services Action: opened PR body: """ This is a WIP version of reducing code duplication in our cwrap integration tests. I am still not sure whether we should also reuse function `create_sssd_fixture`. And if yes; then probably in different nodule then `services` And comments are welcome. BTW I wrote patches few weeks ago; therefore new tests are not converted. I am just sending patches to get some feedback. Site effect of this patches is that tests are cca 20% faster (IIRC) """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/175/head:pr175 git checkout pr175

5 5

[sssd PR#616][opened] become_user: add supplementary groups so ad provider can access keytab
by asheplyakov 28 Jan '21

28 Jan '21

URL: https://github.com/SSSD/sssd/pull/616 Author: asheplyakov Title: #616: become_user: add supplementary groups so ad provider can access keytab Action: opened PR body: """ For security reasons one might want to run providers as a non-privileged user (say, _sssd). However some providers (in particular ad) might need an access to restricted (non world-readable) files (for instance, /etc/krb5.keytab). One of the possible ways to solve the problem is to - add a special group (for instance, _keytab) - set the owner:group of the file in question to root:_keytab - set the permissions of the file in question to 640 - make the _sssd user a member of the _keytab group For this to work become_user should assign supplementary groups, which is what this patch does. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/616/head:pr616 git checkout pr616

5 13

[sssd PR#269][opened] Add support for ActiveDirectory's logonHours restrictions
by NWilson 03 Sep '20

03 Sep '20

URL: https://github.com/SSSD/sssd/pull/269 Author: NWilson Title: #269: Add support for ActiveDirectory's logonHours restrictions Action: opened PR body: """ This is a straightforward patch for denying access to a user when the user is not permitted to access their account due to logonHours restrictions. This matches the default behaviour for domain-joined Windows machines. When outside the logonHours, all types of authentication are denied (password/Kerberos/certificate) - so it is appropriate to put this check inside the PAM "account" rules. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/269/head:pr269 git checkout pr269

9 30

[sssd PR#578][opened] proxy: proxy_child hardening
by amitkumar50 10 Aug '20

10 Aug '20

URL: https://github.com/SSSD/sssd/pull/578 Author: amitkumar50 Title: #578: proxy: proxy_child hardening Action: opened PR body: """ proxy_child will call chdir("/"), umask(022) and reset the environment with clearenv(). The --domain argument to be sanitized. Resolves: https://pagure.io/SSSD/sssd/issue/2689 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/578/head:pr578 git checkout pr578

5 14

[sssd PR#693][opened] SYSDB: Fall back to the MPG result of getgrgid search if the non-MPG search for override doesn't match anything
by jhrozek 24 Mar '20

24 Mar '20

URL: https://github.com/SSSD/sssd/pull/693 Author: jhrozek Title: #693: SYSDB: Fall back to the MPG result of getgrgid search if the non-MPG search for override doesn't match anything Action: opened PR body: """ Commit cf4f5e031ecbdfba0b55a4f69a06175a2e718e67 changed the logic of getgrgid (and getpwnam, so far this patch only touches getgrgid) in the sense that if looking up a GID in a MPG domain, the code checks if the GID was overriden and if yes, it mandates that the overriden GID resolves to a group by falling back to a non-MPG search. This breaks the following use-case: $ ipa idoverrideuser-add --uid=13133 --gidnumber=13133 'Default Trust View' user@domain Most importantly, I'm on the fence about whether the current behaviour is a bug or not. In general, I would have expected that if a primary GID is overriden, you more or less break the MPG model, and then it's fair from SSSD to make sure the GID number resolves to an entry. But apparently our users were relying on the old behaviour where you can set the primary GID with an override and then still resolve the primary group by ID to the user entry. So the patch in the PR is just a quick hack which sort of falls back to using the user entry as the group if the overriden GID doesn't resolve to anything. Should we support this use-case at all? Should we maybe limit it to cases where the UID and GID are the same? """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/693/head:pr693 git checkout pr693

3 8

[sssd PR#596][opened] [CONFDB]:[RFE] Add "enabled" option to domain section
by amitkumar50 24 Mar '20

24 Mar '20

URL: https://github.com/SSSD/sssd/pull/596 Author: amitkumar50 Title: #596: [CONFDB]:[RFE] Add "enabled" option to domain section Action: opened PR body: """ Upstream Request: Instead of enabling domains using the "domains" option in [sssd] section we could have [domain/*] option "enabled". This would allow admins to configure and enable domain in the same snippet file. This Fix would be submitted in 2 patches: Patch-1(This Patch): - Introduces 'enabled' option in domain section - Introduces 'CONFDB_DOMAIN_ENABLED' variable to retrieve enabled value from confdb - Code to call start_service() routine only for domains having enabled=1 Patch-2(Upcoming): - Would remove 'domains' option from sssd section. - Would remove corresponding code to parse 'domains' option - Providing a check that atlest One domain have enabled option set. Resolves: https://pagure.io/SSSD/sssd/issue/3735 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/596/head:pr596 git checkout pr596

7 12

[sssd PR#132][opened] Add "Wants=" to sssd unit and avoid PAC responder to be always running
by fidencio 02 Jan '20

02 Jan '20

URL: https://github.com/SSSD/sssd/pull/132 Author: fidencio Title: #132: Add "Wants=" to sssd unit and avoid PAC responder to be always running Action: opened PR body: """ The first patch changes the current logic of having the services' sockets disabled by default as it adds a "Wants=" to the sssd unit file, making all the services' sockets enabled by the moment sssd service is enabled. The second patch takes advantage of the first patch and avoids running PAC responder in case its socket is active, leaving the service to be socket-activated when needed. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/132/head:pr132 git checkout pr132

3 40

[sssd PR#646][opened] proxy: access provider directly not through be_ctx
by pbrezina 18 Dec '19

18 Dec '19

URL: https://github.com/SSSD/sssd/pull/646 Author: pbrezina Title: #646: proxy: access provider directly not through be_ctx Action: opened PR body: """ See commit message for details. Resolves: https://pagure.io/SSSD/sssd/issue/3812 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/646/head:pr646 git checkout pr646

3 12

[sssd PR#558][opened] WIP: Add a test for sss_nss_getgrouplist_timeout and fix invalidating the initgroups cache
by jhrozek 04 Nov '19

04 Nov '19

URL: https://github.com/SSSD/sssd/pull/558 Author: jhrozek Title: #558: WIP: Add a test for sss_nss_getgrouplist_timeout and fix invalidating the initgroups cache Action: opened PR body: """ This is a WIP on adding tests for the sss_nss_ex interface. I covered only the sss_nss_getgrouplist_timeout function so far. I'm submitting the PR already in this state to get some feedback if this coverage is enough and the other functions can be covered similarly or if there is some issue with this approach. Also, I found a bug in invalidating the initgroups memory cache, that's the first of the two patches. Here I'm really not sure if the fix is even how the issue should be fixed, so I just hacked something up, even without allocation checks etc. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/558/head:pr558 git checkout pr558

3 10

[sssd PR#457][opened] ipa: Removal of umask(0) in selinux_child
by amitkumar50 30 Oct '19

30 Oct '19

URL: https://github.com/SSSD/sssd/pull/457 Author: amitkumar50 Title: #457: ipa: Removal of umask(0) in selinux_child Action: opened PR body: """ Code for calling umask(0) was added to address bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=1186422. Now this bugzilla is fixed, removing the workaround. Resolves: https://pagure.io/SSSD/sssd/issue/3583 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/457/head:pr457 git checkout pr457

11 27

[sssd PR#390][opened] NSS: Add option to disable memcache
by mzidek-rh 21 Oct '19

21 Oct '19

URL: https://github.com/SSSD/sssd/pull/390 Author: mzidek-rh Title: #390: NSS: Add option to disable memcache Action: opened PR body: """ Added option use_memcache to centrally disable memcache for all clients without the need to specify SSS_NSS_USE_MEMCACHE=NO environment variable. Resolves: https://pagure.io/SSSD/sssd/issue/3496 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/390/head:pr390 git checkout pr390

8 106

[sssd PR#546][opened] TESTS: Re-add tests for `kdestroy -A`
by fidencio 23 Sep '19

23 Sep '19

URL: https://github.com/SSSD/sssd/pull/546 Author: fidencio Title: #546: TESTS: Re-add tests for `kdestroy -A` Action: opened PR body: """ This reverts commit 89726be5a05493b7af312f0be9ac5ecb6f1822e1 and also do a few modifications on it in order to ensure we don't have any regression on https://pagure.io/SSSD/sssd/issue/3413 As this patch depends on a krb5 patch applied to the distros we run our internal CI on, I've opened a bug report providing patches for Fedora[0] and Debian[1]. [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1561917 [1]: https://salsa.debian.org/debian/krb5/merge_requests/1 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/546/head:pr546 git checkout pr546

4 27

[sssd PR#560][opened] NSS: close files after mmap
by ChrisKowalczyk 17 Sep '19

17 Sep '19

URL: https://github.com/SSSD/sssd/pull/560 Author: ChrisKowalczyk Title: #560: NSS: close files after mmap Action: opened PR body: """ The files in MC cache folder were initialized by SSSD on startup, and mapped by using mmap function. due to the fact that they weren't closed afterwards, their File descriptors were still marker alive but marked as 'Deleted'. This was noticed by a customer of SUSE, see more details here: https://bugzilla.suse.com/show_bug.cgi?id=1080156 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/560/head:pr560 git checkout pr560

6 12

[sssd PR#807][opened] sudo: do not update last usn value on rules refresh
by pbrezina 30 Aug '19

30 Aug '19

URL: https://github.com/SSSD/sssd/pull/807 Author: pbrezina Title: #807: sudo: do not update last usn value on rules refresh Action: opened PR body: """ Refreshing specific rules may produce a higher usn value that the one that is already remembered if the rules changed on the server. However, there may be another rule that is not being refreshed which usn value is higher then the current value but lower then the value of some of the refreshed rules. If the highest usn value is updated in this case, the rule would not be found be smart refresh. Thus we must not update the usn value during rules refresh. Resolves: https://pagure.io/SSSD/sssd/issue/3996 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/807/head:pr807 git checkout pr807

2 11

[sssd PR#705][opened] KCM: Add configurable quotas
by jhrozek 07 Aug '19

07 Aug '19

URL: https://github.com/SSSD/sssd/pull/705 Author: jhrozek Title: #705: KCM: Add configurable quotas Action: opened PR body: """ This PR adds several patches that let the user configure quotas to store their ccaches. Please see the commit messages, I hope they are verbose enough. One thing that should be pointed out is that the global number of ccaches is explicitly unlimited. Does anyone see an issue with just enforcing the per-UID limits? An upcoming PR(s) would implement warning when the quota is being exceeded and a sssctl command to let the administrator display the quota taken. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/705/head:pr705 git checkout pr705

3 43

[sssd PR#636][opened] failover: tune up default timeouts
by pbrezina 31 Jul '19

31 Jul '19

URL: https://github.com/SSSD/sssd/pull/636 Author: pbrezina Title: #636: failover: tune up default timeouts Action: opened PR body: """ Resolves: https://pagure.io/SSSD/sssd/issue/3217 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/636/head:pr636 git checkout pr636

3 22

[sssd PR#796][opened] ci: enable sssd-ci for 1-16 branch
by pbrezina 16 Jul '19

16 Jul '19

URL: https://github.com/SSSD/sssd/pull/796 Author: pbrezina Title: #796: ci: enable sssd-ci for 1-16 branch Action: opened PR body: """ Fedora 28 is the latest version containing 1.16 so I think it is fine to not run the test against Fedora 29+. Besides this change this patch contains files from master without change. (including PR 793 that is not yet merge) """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/796/head:pr796 git checkout pr796

3 25

[sssd PR#708][opened] TESTS: ldb-tools are required for multihost tests
by mzidek-rh 05 Jul '19

05 Jul '19

URL: https://github.com/SSSD/sssd/pull/708 Author: mzidek-rh Title: #708: TESTS: ldb-tools are required for multihost tests Action: opened PR body: """ Some of the test do use ldbsearch. Resolves: https://pagure.io/SSSD/sssd/issue/3894 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/708/head:pr708 git checkout pr708

2 11

[sssd PR#716][opened] CACHE: SSSD doesn't clear cache entries
by thalman 03 Jul '19

03 Jul '19

URL: https://github.com/SSSD/sssd/pull/716 Author: thalman Title: #716: CACHE: SSSD doesn't clear cache entries Action: opened PR body: """ Once object is in cache it is refreshed when it is expired and requested by the system. Object ID is not checked before refresh, but config parameter ldap_(min|max)_id could be changed by admin. We should check object ID and not refresh objects outside min/max ID interval. Resolves: https://pagure.io/SSSD/sssd/issue/3905 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/716/head:pr716 git checkout pr716

4 14

[sssd PR#677][opened] pcre: port to pcre2
by thalman 03 Jul '19

03 Jul '19

URL: https://github.com/SSSD/sssd/pull/677 Author: thalman Title: #677: pcre: port to pcre2 Action: opened PR body: """ Some distributions want to drop pcre support. Sssd should work with pcre2. With this patch sssd tries to use pcre2 if pcre is not present. Resolves: https://pagure.io/SSSD/sssd/issue/3833 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/677/head:pr677 git checkout pr677

3 33

[sssd PR#724][opened] COMPONENT: util/tev_curl
by alexey-tikhonov 25 Jun '19

25 Jun '19

URL: https://github.com/SSSD/sssd/pull/724 Author: alexey-tikhonov Title: #724: COMPONENT: util/tev_curl Action: opened PR body: """ Fixes double free error in schedule_fd_processing() (prevents deletion of already executed timer) Resolves: https://pagure.io/SSSD/sssd/issue/3917 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/724/head:pr724 git checkout pr724

2 7

[sssd PR#749][opened] TEST: Add a multihost test for not returning / for an empty home dir
by jhrozek 20 Jun '19

20 Jun '19

URL: https://github.com/SSSD/sssd/pull/749 Author: jhrozek Title: #749: TEST: Add a multihost test for not returning / for an empty home dir Action: opened PR body: """ A multihost test for: https://pagure.io/SSSD/sssd/issue/3901 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/749/head:pr749 git checkout pr749

2 11

[sssd PR#782][opened] TESTS: Test changing LDAP password with extended operation and modification
by jhrozek 18 Jun '19

18 Jun '19

URL: https://github.com/SSSD/sssd/pull/782 Author: jhrozek Title: #782: TESTS: Test changing LDAP password with extended operation and modification Action: opened PR body: """ A test for: https://pagure.io/SSSD/sssd/issue/1314 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/782/head:pr782 git checkout pr782

3 14

[sssd PR#766][opened] TESTS: Test kvno correctly displays vesion numbers of principals
by mrniranjan 17 Jun '19

17 Jun '19

URL: https://github.com/SSSD/sssd/pull/766 Author: mrniranjan Title: #766: TESTS: Test kvno correctly displays vesion numbers of principals Action: opened PR body: """ Multihost tests for: https://pagure.io/SSSD/sssd/issue/3757. Signed-off-by: Niranjan M.R <mrniranjan(a)redhat.com> """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/766/head:pr766 git checkout pr766

4 16

[sssd PR#793][opened] ci: improve Jenkinsfile and add Fedora 30
by pbrezina 11 Jun '19

11 Jun '19

URL: https://github.com/SSSD/sssd/pull/793 Author: pbrezina Title: #793: ci: improve Jenkinsfile and add Fedora 30 Action: opened PR body: """ I updated boxes and created box for Fedora 30 which is now in beta. I've been testing it for a week in my local repo and it seems that the infrastructure issues we were hitting are fixed so I will reenable ci from upstream repository and we will see. I made some changes to Jenkinsfile - notably reduce code duplication to minimum and workaroud some issues (like if one distro failed, all distros were marked as failed). I added test-suite.log to archived files and enabled moderate tests to run (intgcheck, distcheck, rpms, ...). Tests now takes around 2 hours per distro. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/793/head:pr793 git checkout pr793

3 9

[sssd PR#709][opened] Regex fails if there's a whitespace before option name
by tdukaric 11 Jun '19

11 Jun '19

URL: https://github.com/SSSD/sssd/pull/709 Author: tdukaric Title: #709: Regex fails if there's a whitespace before option name Action: opened PR body: """ self.OPTCRE.match(line) fails if there's a whitespace before option name, which is valid for SSSD. This change will ignore any whitespace before the option name. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/709/head:pr709 git checkout pr709

5 11

[sssd PR#783][opened] knownhostsproxy: friendly error msg for NXDOMAIN
by branen 28 May '19

28 May '19

URL: https://github.com/SSSD/sssd/pull/783 Author: branen Title: #783: knownhostsproxy: friendly error msg for NXDOMAIN Action: opened PR body: """ This patch writes a brief, familiar error message to stderr when no addresses are able to be resolved for the host specified in argv: ``` (with patch)$ ssh the-void sss_ssh_knownhostsproxy: Could not resolve hostname the-void ssh_exchange_identification: Connection closed by remote host ``` Users accustomed to using SSH in environments where SSSD is not deployed may expect the usual "Could not resolve hostname" error from SSH when a domain name is misspelled or otherwise invalid: ``` (no sssd)$ ssh the-void ssh: Could not resolve hostname the-void: Name or service not known ``` When such users begin using SSH in an SSSD-enabled environment, they may be confused when this familiar and straightforward message is replaced by a new one: ``` (sssd)$ ssh the-void ssh_exchange_identification: Connection closed by remote host ``` If such users aren't aware that the system `ssh_config` is proxying their connection through `sss_ssh_knownhostsproxy`, they may mistakenly conclude that a connection had been made all the way to a remote host and, therefore, that the hostname they specified was valid and able to be resolved. This patch mitigates this opportunity for confusion. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/783/head:pr783 git checkout pr783

5 14

[sssd PR#806][opened] sudo: always use server highest usn for smart refresh
by pbrezina 21 May '19

21 May '19

URL: https://github.com/SSSD/sssd/pull/806 Author: pbrezina Title: #806: sudo: always use server highest usn for smart refresh Action: opened PR body: """ The sudo attributes may not be indexed on the server, therefore if smart refresh filter is run on the server it may first search using the indexed entryusn attribute and run the rest of the filter on non-sudo objects. The number of objects that are filtered may increased dramatically if sudo rules are not changed for a long time (and thus keeping smaller and smaller last sudo usn number). This patch makes sure that highest sudo usn number is always set to the highest server usn number after each refresh. Resolves: https://pagure.io/SSSD/sssd/issue/3997 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/806/head:pr806 git checkout pr806

3 26

[sssd PR#750][opened] Monitor: minor fixes
by alexey-tikhonov 20 May '19

20 May '19

URL: https://github.com/SSSD/sssd/pull/750 Author: alexey-tikhonov Title: #750: Monitor: minor fixes Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/750/head:pr750 git checkout pr750

3 9

[sssd PR#804][opened] PAM: Also cache SSS_PAM_PREAUTH
by jhrozek 20 May '19

20 May '19

URL: https://github.com/SSSD/sssd/pull/804 Author: jhrozek Title: #804: PAM: Also cache SSS_PAM_PREAUTH Action: opened PR body: """ Related: https://pagure.io/SSSD/sssd/issue/3960 Even if cached_auth_timeout was set, the pam responder would still forward the preauthentication requests to the back end. This could trigger unwanted traffic towards the KDCs. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/804/head:pr804 git checkout pr804

2 12

[sssd PR#803][opened] TESTS: ability to run unit tests under valgrind
by alexey-tikhonov 02 May '19

02 May '19

URL: https://github.com/SSSD/sssd/pull/803 Author: alexey-tikhonov Title: #803: TESTS: ability to run unit tests under valgrind Action: opened PR body: """ Adds ability to run unit tests under valgrind with handy makefile targets. Enabled with --enable-valgrind passed to ./configure script. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/803/head:pr803 git checkout pr803

3 21

[sssd PR#808][opened] fix man page reference
by realsobek 30 Apr '19

30 Apr '19

URL: https://github.com/SSSD/sssd/pull/808 Author: realsobek Title: #808: fix man page reference Action: opened PR body: """ Noticed minor typing mistakes. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/808/head:pr808 git checkout pr808

4 7

[sssd PR#805][opened] Fix pidpath in systemd unit
by mikhailnov 30 Apr '19

30 Apr '19

URL: https://github.com/SSSD/sssd/pull/805 Author: mikhailnov Title: #805: Fix pidpath in systemd unit Action: opened PR body: """ Most systems with systemd now use /run instead of /var/run, this fixes setting correct path in systemd service when built with --with-pid-path=/run If --with-pid-path is not defined, than pidpath=$localstatedir/run """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/805/head:pr805 git checkout pr805

4 8

[sssd PR#768][opened] providers/ipa: Changed default service search base
by alexey-tikhonov 30 Apr '19

30 Apr '19

URL: https://github.com/SSSD/sssd/pull/768 Author: alexey-tikhonov Title: #768: providers/ipa: Changed default service search base Action: opened PR body: """ Changed default value of `ldap_service_search_base` config option to `cn=ipservices,cn=accounts,$BASE` to follow FreeIPA change. Resolves: https://pagure.io/SSSD/sssd/issue/3899 I do not like the way I have updated man pages but I didn't figure out better option. Recommendations are welcome. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/768/head:pr768 git checkout pr768

3 10

[sssd PR#541][opened] memberof: keep memberOf attribute for nested member
by pbrezina 08 Apr '19

08 Apr '19

URL: https://github.com/SSSD/sssd/pull/541 Author: pbrezina Title: #541: memberof: keep memberOf attribute for nested member Action: opened PR body: """ If we have a member that is both direct and nested member, memberOf attribute was removed if the direct membership was deleted. 1) user ----------> groupB -> groupC -> groupA / 2) user -> groupA -> groupB -> groupC If we remove user->groupB from 1), we get 2) but groupB was still removed from user memberOf attribute. Resolves: https://pagure.io/SSSD/sssd/issue/3636 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/541/head:pr541 git checkout pr541

3 16

[sssd PR#756][opened] TESTS: Add test case title with @title in docstrings
by mrniranjan 08 Apr '19

08 Apr '19

URL: https://github.com/SSSD/sssd/pull/756 Author: mrniranjan Title: #756: TESTS: Add test case title with @title in docstrings Action: opened PR body: """ Adding test case titles starting with @title. When pytest is run with --junit-xml, the resulting junit file contains test function name as test case name. With the help of [pytest-modifyjunit](https://pagure.io/pytest-modifyjunit) , this plugin replaces test function name with test case title described with @title. sssd qe uses the junit.xml to import the result to Test case management system which tries to match the test case names in junit.xml with the test case title described in tcms. https://paste.fedoraproject.org/paste/dHR218kinyECa1yHiLXGxg is the junit.xml which doesn't contain test case title. https://paste.fedoraproject.org/paste/kVUlc-2mIibW18ILzbyqcg is the junit.xml which contains test case names with as defined in @title. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/756/head:pr756 git checkout pr756

4 26

[sssd PR#800][opened] data_provider_be: got rid of went_offline usage
by alexey-tikhonov 08 Apr '19

08 Apr '19

URL: https://github.com/SSSD/sssd/pull/800 Author: alexey-tikhonov Title: #800: data_provider_be: got rid of went_offline usage Action: opened PR body: """ Got rid of unused anymore `went_offline` variable Resolves: https://pagure.io/SSSD/sssd/issue/3991 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/800/head:pr800 git checkout pr800

3 6

[sssd PR#797][opened] TESTS: fixed regression in cmocka/test_negcache_2.c
by alexey-tikhonov 05 Apr '19

05 Apr '19

URL: https://github.com/SSSD/sssd/pull/797 Author: alexey-tikhonov Title: #797: TESTS: fixed regression in cmocka/test_negcache_2.c Action: opened PR body: """ Fixed regression in test introduced in 2b564f8 (PR 786) Test was relying on hardcoded values of non local users and groups. Test was changed to find those in runtime. Resolves: https://pagure.io/SSSD/sssd/issue/3964 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/797/head:pr797 git checkout pr797

2 8

[sssd PR#799][opened] Backport of configurable prompting to sssd-1-16
by jhrozek 03 Apr '19

03 Apr '19

URL: https://github.com/SSSD/sssd/pull/799 Author: jhrozek Title: #799: Backport of configurable prompting to sssd-1-16 Action: opened PR body: """ The backport was not exactly trivial, so I'm opening a separate PR. The last patch with the test is missing completely at this point, we also would need to backport 657f3b89bca9adfb13f0867c91f1d76845d2d6dd at least partially. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/799/head:pr799 git checkout pr799

2 5

[sssd PR#802][opened] TESTS: two `negcache` tests were merged
by alexey-tikhonov 03 Apr '19

03 Apr '19

URL: https://github.com/SSSD/sssd/pull/802 Author: alexey-tikhonov Title: #802: TESTS: two `negcache` tests were merged Action: opened PR body: """ Resolves: https://pagure.io/SSSD/sssd/issue/3989 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/802/head:pr802 git checkout pr802

3 5

[sssd PR#801][opened] data_provider_be: fixed dereferencing of 'bad' ptr
by alexey-tikhonov 03 Apr '19

03 Apr '19

URL: https://github.com/SSSD/sssd/pull/801 Author: alexey-tikhonov Title: #801: data_provider_be: fixed dereferencing of 'bad' ptr Action: opened PR body: """ In case of failed `dp_req_recv_ptr()` in `be_check_online_done()` function, `reply` ptr was not initialized and its dereferencing was a bug. Resolves: https://pagure.io/SSSD/sssd/issue/3990 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/801/head:pr801 git checkout pr801

3 4

[sssd PR#798][opened] ipa: ipa_getkeytab don't call libnss_sss
by sumit-bose 02 Apr '19

02 Apr '19

URL: https://github.com/SSSD/sssd/pull/798 Author: sumit-bose Title: #798: ipa: ipa_getkeytab don't call libnss_sss Action: opened PR body: """ ipa-getkeytab is a help process which might even get called during the startup of SSSD. Hence it should not try to use any SSSD responder especially not the NSS responder. Typically we call helpers with the environment of the calling SSSD component where then _SSS_LOOPS environment variable is set to 'NO' to skip calls to SSSD in libnss_sss. Since we have to set the KRB5CCNAME environment variable to the ccache with the current TGT for the host principal when calling ipa-getkeytab execle() is used to call ipa_getkeytab which unfortunately replaces the environment of the caller with the one provided in the last argument of the call. To make sure ipa_getkeytab does not call back into SSSD we have to set _SSS_LOOPS=NO here as well. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/798/head:pr798 git checkout pr798

4 8

[sssd PR#790][opened] Lookahead resolving of host names
by thalman 02 Apr '19

02 Apr '19

URL: https://github.com/SSSD/sssd/pull/790 Author: thalman Title: #790: Lookahead resolving of host names Action: opened PR body: """ This is a continuation of issues #3973 and #3974. If krb5_kdcinfo_lookahead is set to certain limit, then resolving of SRV record is stopped once we reach that limit. The krb5_kdcinfo_lookahead option contains two numbers separated by colon (for example 5:2). First number specifies number of primary servers that we will use and write to kdc info file. The second number specifies number of backup servers Resolves: https://pagure.io/SSSD/sssd/issue/3975 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/790/head:pr790 git checkout pr790

3 22

[sssd PR#795][opened] Issue 3964 (sssd-1-16 backport)
by alexey-tikhonov 01 Apr '19

01 Apr '19

URL: https://github.com/SSSD/sssd/pull/795 Author: alexey-tikhonov Title: #795: Issue 3964 (sssd-1-16 backport) Action: opened PR body: """ Set of patches to resolve / related to https://pagure.io/SSSD/sssd/issue/3964 (sssd-1-16 backport) """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/795/head:pr795 git checkout pr795

2 12

[sssd PR#792][opened] PAM: add initial prompting configuration
by sumit-bose 01 Apr '19

01 Apr '19

URL: https://github.com/SSSD/sssd/pull/792 Author: sumit-bose Title: #792: PAM: add initial prompting configuration Action: opened PR body: """ Add new section for sssd.conf to allow more flexible prompting during authentication. Related to https://pagure.io/SSSD/sssd/issue/3264 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/792/head:pr792 git checkout pr792

2 10

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel April 2019