URL: https://github.com/SSSD/sssd/pull/5529 Author: sumit-bose Title: #5529: AD: read trusted domains from local domain as well Action: opened
PR body: """ Currently SSSD only uses information stored in a domain controller of the forest root domain to get the names of other trusted domains in the forest. Depending on how the forest was created the forest root might not have LDAP objects for all domains in the forest. It looks like a typical case are child domains of other domains in the forest.
As a start SSSD can now include trusted domains stored in the LDAP tree of a local domain controller as well. In a long run it would make sense to allow SSSD to explicitly search for domain by looking up DNS entries and checking a potential domain controller with a CLDAP ping.
Resolves: https://github.com/SSSD/sssd/issues/5528 """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5529/head:pr5529 git checkout pr5529
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: +Bugzilla
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: +branch: sssd-1-16
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
pbrezina commented: """ Is it safe to remove `sdap_domain_remove` call? IIRC there was a reason for it. """
See the full comment at https://github.com/SSSD/sssd/pull/5529#issuecomment-809352974
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: +Changes requested
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
sumit-bose commented: """
Is it safe to remove `sdap_domain_remove` call? IIRC there was a reason for it.
Hi,
I guess you are thinking of the domain-disable feature of FreeIPA which is not related to the code here. However, it might be better to keep the removal since otherwise thanks to offline authentication users from a domain removed from the forest would still be able to log in until SSSD's cache is removed. I'll add `Change Requested`.
bye, Sumit """
See the full comment at https://github.com/SSSD/sssd/pull/5529#issuecomment-810281718
URL: https://github.com/SSSD/sssd/pull/5529 Author: sumit-bose Title: #5529: AD: read trusted domains from local domain as well Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5529/head:pr5529 git checkout pr5529
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
sumit-bose commented: """ Hi,
the latest version does not remove `sdap_domain_remove` anymore.
bye, Sumit """
See the full comment at https://github.com/SSSD/sssd/pull/5529#issuecomment-820184923
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: -Changes requested
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: +Waiting for review
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
pbrezina commented: """ Thank you. Ack. """
See the full comment at https://github.com/SSSD/sssd/pull/5529#issuecomment-821074678
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: +Ready to push
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: -Waiting for review
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
pbrezina commented: """ Hi Sumit, the first commit has wrong debug message, can you fix that please? """
See the full comment at https://github.com/SSSD/sssd/pull/5529#issuecomment-821078020
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: -Accepted
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: +Changes requested
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: -Ready to push
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
pbrezina commented: """ Hi Sumit, the first commit has wrong commit message, can you fix that please? """
See the full comment at https://github.com/SSSD/sssd/pull/5529#issuecomment-821078020
URL: https://github.com/SSSD/sssd/pull/5529 Author: sumit-bose Title: #5529: AD: read trusted domains from local domain as well Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5529/head:pr5529 git checkout pr5529
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
sumit-bose commented: """
Hi Sumit, the first commit has wrong commit message, can you fix that please?
ah, sorry, fixed in the latest version.
bye, Sumit """
See the full comment at https://github.com/SSSD/sssd/pull/5529#issuecomment-821106405
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: +Ready to push
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: -Changes requested
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: -Ready to push
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: +Ready to push
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: -branch: sssd-1-16
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
pbrezina commented: """ Pushed PR: https://github.com/SSSD/sssd/pull/5529
* `master` * 95adf488f94f5968f6cfba9e3bef74c07c02ccff - AD: read trusted domains from local domain as well * 5d65411f1aa16af929ae2271ee4d3d9101728a67 - sss_domain_info: add not_found_counter
"""
See the full comment at https://github.com/SSSD/sssd/pull/5529#issuecomment-821108640
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: +Pushed
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: -Accepted
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
Label: -Ready to push
URL: https://github.com/SSSD/sssd/pull/5529 Author: sumit-bose Title: #5529: AD: read trusted domains from local domain as well Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5529/head:pr5529 git checkout pr5529
URL: https://github.com/SSSD/sssd/pull/5529 Title: #5529: AD: read trusted domains from local domain as well
pbrezina commented: """ There was a conflict in 1.16, please open separate PR. """
See the full comment at https://github.com/SSSD/sssd/pull/5529#issuecomment-821108707
sssd-devel@lists.fedorahosted.org
-
alexey-tikhonov -
pbrezina
-
sumit-bose