URL: https://github.com/SSSD/sssd/pull/175
Author: lslebodn
Title: #175: Add module for starting services
Action: opened
PR body:
"""
This is a WIP version of reducing code duplication in our cwrap integration tests.
I am still not sure whether we should also reuse function `create_sssd_fixture`.
And if yes; then probably in different nodule then `services`
And comments are welcome.
BTW I wrote patches few weeks ago; therefore new tests are not converted.
I am just sending patches to get some feedback.
Site effect of this patches is that tests are cca 20% faster (IIRC)
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/175/head:pr175
git checkout pr175
URL: https://github.com/SSSD/sssd/pull/844
Author: mastersin
Title: #844: sssd-ad and gpo_child: GPO apply fixes during reading fails
Action: opened
PR body:
"""
Ignore AD GPO errors:
- if SecEdit/GptTmpl.inf is missing
or
- if reading sysvol_gpt_version fails and cached_gpt_version already exists
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/844/head:pr844
git checkout pr844
URL: https://github.com/SSSD/sssd/pull/5245
Author: thalman
Title: #5245: RESOLV: Avoid DNS search to improve fail-over reaction
Action: opened
PR body:
"""
In case of unreachable DNS server or invalid hostname sssd/c-ares tries
to search in multiple domains based on the search directive
in resolv.conf
But the hostnames in config file are fully qualified and this just
extends the time spent with DNS resolution.
This patch set the c-ares library flags to avoid DNS search
Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=1608496
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5245/head:pr5245
git checkout pr5245
URL: https://github.com/SSSD/sssd/pull/616
Author: asheplyakov
Title: #616: become_user: add supplementary groups so ad provider can access keytab
Action: opened
PR body:
"""
For security reasons one might want to run providers as a non-privileged
user (say, _sssd). However some providers (in particular ad) might need
an access to restricted (non world-readable) files (for instance,
/etc/krb5.keytab). One of the possible ways to solve the problem is to
- add a special group (for instance, _keytab)
- set the owner:group of the file in question to root:_keytab
- set the permissions of the file in question to 640
- make the _sssd user a member of the _keytab group
For this to work become_user should assign supplementary groups, which
is what this patch does.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/616/head:pr616
git checkout pr616
URL: https://github.com/SSSD/sssd/pull/5251
Author: pbrezina
Title: #5251: [wip] subdomains: allow to inherit case_sensitive=Preserving
Action: opened
PR body:
"""
The first patch is just man page update to reflect current state.
I think it makes sense to be able to show subdomain names in
their original casing. Patches 2-3 make it work for AD provider.
Patch 4 makes it work for IPA provider. There is apparantely a bug
in winbind, but there is no link the any bugzilla so I do not know
if it was already fixed. The commit is four years old. This patch
requires case_sensitive=Preserving to be set also on the server,
otherwise it does not work. It can be enabled without the server setting
but we need to make nss_cmd_getpwnam_ex (and other _ex commands) to
always return case preserving name. So before I continue the work
I'd like to ask @sumit-bose if we can do it like this.
Resolves:
https://github.com/SSSD/sssd/issues/5250
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5251/head:pr5251
git checkout pr5251
URL: https://github.com/SSSD/sssd/pull/5257
Author: pbrezina
Title: #5257: git-template: add tags to help with release notes automation
Action: opened
PR body:
"""
This commits add information on several tags that should be used
so we are able to generate release notes on each new release
automatically. This will make release notes more thorough and it
will also simplify the process a lot since it take lots of time
to do it manually.
Why I chose `:tag:` format>
1. Using @ notation creates user references in github so I wanted
to use something different.
2. Using a plain text like (Resolves) leads people to create their
own variations (Fixes, Resolves XYZ, ...) which adds additional
burden to maintainers. Using this format makes it less error
prone and easier to parse.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5257/head:pr5257
git checkout pr5257
URL: https://github.com/SSSD/sssd/pull/943
Author: elkoniu
Title: #943: files_ops: Fix cached password remove
Action: opened
PR body:
"""
When SSSD daemon will detect refresh of password (group) file
it will delete all cached users (groups) data.
With this change cached data will be deleted only for non
existing users (groups).
Resolves:
https://pagure.io/SSSD/sssd/issue/3591
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/943/head:pr943
git checkout pr943
URL: https://github.com/SSSD/sssd/pull/5252
Author: deastoe
Title: #5252: Add offline_timeout_max option to control offline interval backoff
Action: opened
PR body:
"""
The offline_timeout period determines the minimum time between
attempts of a data provider to go back online, if it is offline due
to eg. unreachable servers. Each time this check fails there is a
backoff factor applied meaning there can be up to 60 minutes between
these attempts.
Here we introduce the offline_timeout_max option which allows the
the maximum period between attempts to be defined in the configuration,
instead of the default 60 minutes; therefore providing more
flexibility.
Setting offline_timeout_max to 0 disables the backoff functionality.
Additionally fix two issues observed in be_ptask scheduling:
- Backoff is not applied on the first re-schedule operation
- The maximum backoff value (previously hardcoded) might not be reached.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5252/head:pr5252
git checkout pr5252
URL: https://github.com/SSSD/sssd/pull/269
Author: NWilson
Title: #269: Add support for ActiveDirectory's logonHours restrictions
Action: opened
PR body:
"""
This is a straightforward patch for denying access to a user when the user is not permitted to access their account due to logonHours restrictions.
This matches the default behaviour for domain-joined Windows machines. When outside the logonHours, all types of authentication are denied (password/Kerberos/certificate) - so it is appropriate to put this check inside the PAM "account" rules.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/269/head:pr269
git checkout pr269
URL: https://github.com/SSSD/sssd/pull/5253
Author: aborah-sudo
Title: #5253: libdirsrv should be modified to be compatible with new DS
Action: opened
PR body:
"""
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5253/head:pr5253
git checkout pr5253