On Fri, Jul 23, 2010 at 10:24 AM, Martin Nagy <mnagy(a)redhat.com&gt; wrote: > Hi, > this is (hopefully) my last stab at asynchronous ldap bind. I have > tested it on fedora and it seems to work pretty ok, but I haven't tried > it yet with an older openldap where the asynchronous connections aren't > supported. > > Martin Hi Martin, I just tested your patch against an older openldap and it doesn't work. Is there any chance we can work together to get it fixed? I've got a pretty sizable sssd install base and wouldn't be able to upgrade anytime soon. (from the system running sssd) \rm /var/lib/sss/db/cache_LDAP.ldb; logsave logfile sssd -d 10 (from my client) ssh -l jschroeder servername On the system running git HEAD vanilla, the login worked fine. When applying your patch (git apply; git commit -a) and then running make rpms, the version of sssd did not work. What can I do to help you fix this?

Nack,

I could not perform GSSAPI auth against FreeIPA 2 server: [sssd[be[IDM.LAB.BOS.REDHAT.COM]]] [ldap_sasl_interactive_bind_try] (1): ldap_sasl_bind failed (-6) [Unknown authentication method]

On Mon, 2010-07-26 at 22:26 +0200, Martin Nagy wrote: > On Mon, 2010-07-26 at 16:14 +0200, Jakub Hrozek wrote: >> Nack, > > Thanks for review/testing. > >> I could not perform GSSAPI auth against FreeIPA 2 server: >> >> [sssd[be[IDM.LAB.BOS.REDHAT.COM]]] [ldap_sasl_interactive_bind_try] (1): >> ldap_sasl_bind failed (-6) [Unknown authentication method] > > Fixed, stupid copy&paste error. I also fixed the problem reported by > Jeff (thanks for testing!), which was also a stupid error. I also tested > the patch with openldap-2.3.43 on RHEL5 and fixed one compilation issue > (missing ldap_controls_dup() function). > > Martin Additional fix of a bug found by Jakub off-list (plus one or two cosmetic fixes). Martin

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxPJMgACgkQeiVVYja6o6O8RgCeJunDl0c9EalfVq+6ZV4iGeTC O9IAnA422ZDill1b+Mt2g3izl8JWemfN =KDkQ -----END PGP SIGNATURE-----

On Tue, 2010-07-27 at 14:26 -0400, Stephen Gallagher wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 07/27/2010 11:04 AM, Martin Nagy wrote: > > On Mon, 2010-07-26 at 22:26 +0200, Martin Nagy wrote: > >> On Mon, 2010-07-26 at 16:14 +0200, Jakub Hrozek wrote: > >>> Nack, > >> > >> Thanks for review/testing. > >> > >>> I could not perform GSSAPI auth against FreeIPA 2 server: > >>> > >>> [sssd[be[IDM.LAB.BOS.REDHAT.COM]]] [ldap_sasl_interactive_bind_try] (1): > >>> ldap_sasl_bind failed (-6) [Unknown authentication method] > >> > >> Fixed, stupid copy&paste error. I also fixed the problem reported by > >> Jeff (thanks for testing!), which was also a stupid error. I also tested > >> the patch with openldap-2.3.43 on RHEL5 and fixed one compilation issue > >> (missing ldap_controls_dup() function). > >> > >> Martin > > > > Additional fix of a bug found by Jakub off-list (plus one or two > > cosmetic fixes). > > > > Martin > > Nack. > > I added a few review comments here: > https://fedorahosted.org/reviewboard/r/74/ Ah, sorry, I still didn't have time to add the comments you wanted and make a new patch. However, I've created a design document [1] as you asked off-list. It still is not complete, especially in regards to the guard/spy, I'm planning on completing that tomorrow. Martin [1] https://fedorahosted.org/sssd/wiki/DesignDocs/AsyncLdapConnections

On 07/30/2010 05:33 PM, Martin Nagy wrote: > OK, here it is, and the design document was updated now with a diagram > explaining the guard/spy :) The attached patch is just a rebased version of Martin's on top of the recent Makefile changes. Also, I don't have any more review comments.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkx/rA4ACgkQeiVVYja6o6PnqQCfXAa4MvASOC5MZpwl1i91X5y8 fssAnAzHvNlgP4aMBCBFToGea+ROY/t8 =QZAu -----END PGP SIGNATURE-----