Hi, this is (hopefully) my last stab at asynchronous ldap bind. I have tested it on fedora and it seems to work pretty ok, but I haven't tried it yet with an older openldap where the asynchronous connections aren't supported.
Martin
On Fri, Jul 23, 2010 at 10:24 AM, Martin Nagy mnagy@redhat.com wrote:
Hi, this is (hopefully) my last stab at asynchronous ldap bind. I have tested it on fedora and it seems to work pretty ok, but I haven't tried it yet with an older openldap where the asynchronous connections aren't supported.
Martin
Hi Martin,
I just tested your patch against an older openldap and it doesn't work. Is there any chance we can work together to get it fixed? I've got a pretty sizable sssd install base and wouldn't be able to upgrade anytime soon.
(from the system running sssd) \rm /var/lib/sss/db/cache_LDAP.ldb; logsave logfile sssd -d 10 (from my client) ssh -l jschroeder servername
On the system running git HEAD vanilla, the login worked fine. When applying your patch (git apply; git commit -a) and then running make rpms, the version of sssd did not work.
What can I do to help you fix this?
On Fri, Jul 23, 2010 at 1:03 PM, Jeff Schroeder jeffschroeder@computer.org wrote:
On Fri, Jul 23, 2010 at 10:24 AM, Martin Nagy mnagy@redhat.com wrote:
Hi, this is (hopefully) my last stab at asynchronous ldap bind. I have tested it on fedora and it seems to work pretty ok, but I haven't tried it yet with an older openldap where the asynchronous connections aren't supported.
Martin
Hi Martin,
I just tested your patch against an older openldap and it doesn't work. Is there any chance we can work together to get it fixed? I've got a pretty sizable sssd install base and wouldn't be able to upgrade anytime soon.
(from the system running sssd) \rm /var/lib/sss/db/cache_LDAP.ldb; logsave logfile sssd -d 10 (from my client) ssh -l jschroeder servername
On the system running git HEAD vanilla, the login worked fine. When applying your patch (git apply; git commit -a) and then running make rpms, the version of sssd did not work.
What can I do to help you fix this?
Forgot to include the url with the logs: http://www.digitalprognosis.com/sssd/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/23/2010 07:24 PM, Martin Nagy wrote:
Hi, this is (hopefully) my last stab at asynchronous ldap bind. I have tested it on fedora and it seems to work pretty ok, but I haven't tried it yet with an older openldap where the asynchronous connections aren't supported.
Martin
Nack,
I could not perform GSSAPI auth against FreeIPA 2 server:
[sssd[be[IDM.LAB.BOS.REDHAT.COM]]] [ldap_sasl_interactive_bind_try] (1): ldap_sasl_bind failed (-6) [Unknown authentication method]
On Mon, 2010-07-26 at 16:14 +0200, Jakub Hrozek wrote:
Nack,
Thanks for review/testing.
I could not perform GSSAPI auth against FreeIPA 2 server:
[sssd[be[IDM.LAB.BOS.REDHAT.COM]]] [ldap_sasl_interactive_bind_try] (1): ldap_sasl_bind failed (-6) [Unknown authentication method]
Fixed, stupid copy&paste error. I also fixed the problem reported by Jeff (thanks for testing!), which was also a stupid error. I also tested the patch with openldap-2.3.43 on RHEL5 and fixed one compilation issue (missing ldap_controls_dup() function).
Martin
On Mon, 2010-07-26 at 22:26 +0200, Martin Nagy wrote:
On Mon, 2010-07-26 at 16:14 +0200, Jakub Hrozek wrote:
Nack,
Thanks for review/testing.
I could not perform GSSAPI auth against FreeIPA 2 server:
[sssd[be[IDM.LAB.BOS.REDHAT.COM]]] [ldap_sasl_interactive_bind_try] (1): ldap_sasl_bind failed (-6) [Unknown authentication method]
Fixed, stupid copy&paste error. I also fixed the problem reported by Jeff (thanks for testing!), which was also a stupid error. I also tested the patch with openldap-2.3.43 on RHEL5 and fixed one compilation issue (missing ldap_controls_dup() function).
Martin
Additional fix of a bug found by Jakub off-list (plus one or two cosmetic fixes).
Martin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/27/2010 11:04 AM, Martin Nagy wrote:
On Mon, 2010-07-26 at 22:26 +0200, Martin Nagy wrote:
On Mon, 2010-07-26 at 16:14 +0200, Jakub Hrozek wrote:
Nack,
Thanks for review/testing.
I could not perform GSSAPI auth against FreeIPA 2 server:
[sssd[be[IDM.LAB.BOS.REDHAT.COM]]] [ldap_sasl_interactive_bind_try] (1): ldap_sasl_bind failed (-6) [Unknown authentication method]
Fixed, stupid copy&paste error. I also fixed the problem reported by Jeff (thanks for testing!), which was also a stupid error. I also tested the patch with openldap-2.3.43 on RHEL5 and fixed one compilation issue (missing ldap_controls_dup() function).
Martin
Additional fix of a bug found by Jakub off-list (plus one or two cosmetic fixes).
Martin
Nack.
I added a few review comments here: https://fedorahosted.org/reviewboard/r/74/
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
On Tue, 2010-07-27 at 14:26 -0400, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/27/2010 11:04 AM, Martin Nagy wrote:
On Mon, 2010-07-26 at 22:26 +0200, Martin Nagy wrote:
On Mon, 2010-07-26 at 16:14 +0200, Jakub Hrozek wrote:
Nack,
Thanks for review/testing.
I could not perform GSSAPI auth against FreeIPA 2 server:
[sssd[be[IDM.LAB.BOS.REDHAT.COM]]] [ldap_sasl_interactive_bind_try] (1): ldap_sasl_bind failed (-6) [Unknown authentication method]
Fixed, stupid copy&paste error. I also fixed the problem reported by Jeff (thanks for testing!), which was also a stupid error. I also tested the patch with openldap-2.3.43 on RHEL5 and fixed one compilation issue (missing ldap_controls_dup() function).
Martin
Additional fix of a bug found by Jakub off-list (plus one or two cosmetic fixes).
Martin
Nack.
I added a few review comments here: https://fedorahosted.org/reviewboard/r/74/
Ah, sorry, I still didn't have time to add the comments you wanted and make a new patch. However, I've created a design document [1] as you asked off-list. It still is not complete, especially in regards to the guard/spy, I'm planning on completing that tomorrow.
Martin
[1] https://fedorahosted.org/sssd/wiki/DesignDocs/AsyncLdapConnections
On Thu, 2010-07-29 at 18:35 +0200, Martin Nagy wrote:
On Tue, 2010-07-27 at 14:26 -0400, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/27/2010 11:04 AM, Martin Nagy wrote:
On Mon, 2010-07-26 at 22:26 +0200, Martin Nagy wrote:
On Mon, 2010-07-26 at 16:14 +0200, Jakub Hrozek wrote:
Nack,
Thanks for review/testing.
I could not perform GSSAPI auth against FreeIPA 2 server:
[sssd[be[IDM.LAB.BOS.REDHAT.COM]]] [ldap_sasl_interactive_bind_try] (1): ldap_sasl_bind failed (-6) [Unknown authentication method]
Fixed, stupid copy&paste error. I also fixed the problem reported by Jeff (thanks for testing!), which was also a stupid error. I also tested the patch with openldap-2.3.43 on RHEL5 and fixed one compilation issue (missing ldap_controls_dup() function).
Martin
Additional fix of a bug found by Jakub off-list (plus one or two cosmetic fixes).
Martin
Nack.
I added a few review comments here: https://fedorahosted.org/reviewboard/r/74/
Ah, sorry, I still didn't have time to add the comments you wanted and make a new patch. However, I've created a design document [1] as you asked off-list. It still is not complete, especially in regards to the guard/spy, I'm planning on completing that tomorrow.
Martin [1] https://fedorahosted.org/sssd/wiki/DesignDocs/AsyncLdapConnections
OK, here it is, and the design document was updated now with a diagram explaining the guard/spy :)
Martin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/30/2010 05:33 PM, Martin Nagy wrote:
OK, here it is, and the design document was updated now with a diagram explaining the guard/spy :)
The attached patch is just a rebased version of Martin's on top of the recent Makefile changes.
Also, I don't have any more review comments.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/23/2010 01:46 PM, Jakub Hrozek wrote:
On 07/30/2010 05:33 PM, Martin Nagy wrote:
OK, here it is, and the design document was updated now with a diagram explaining the guard/spy :)
The attached patch is just a rebased version of Martin's on top of the recent Makefile changes.
Also, I don't have any more review comments.
I don't either. Ack.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 09/02/2010 09:52 AM, Stephen Gallagher wrote:
On 08/23/2010 01:46 PM, Jakub Hrozek wrote:
On 07/30/2010 05:33 PM, Martin Nagy wrote:
OK, here it is, and the design document was updated now with a diagram explaining the guard/spy :)
The attached patch is just a rebased version of Martin's on top of the recent Makefile changes.
Also, I don't have any more review comments.
I don't either. Ack.
Pushed to master.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
sssd-devel@lists.fedorahosted.org