URL: https://github.com/SSSD/sssd/pull/103 Author: pbrezina Title: #103: sudo: do not store usn if no rules are found Action: opened
PR body: """ When ldap doesn't contain any sudorule during the initial full refresh, usn is set to 1 instead of remaining unset and we are trying to search modifyTimestamp>=1 during smart refresh which doesn't return any result on openldap servers.
How to test: Run sssd with no rules in ldap. Without the patch, full refresh stores usn=1 and smart refresh run search usn>=1. With this patch no usn is stored and smart refresh run generic request without usn part.
Resolves: https://fedorahosted.org/sssd/ticket/3257 """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/103/head:pr103 git checkout pr103
URL: https://github.com/SSSD/sssd/pull/103 Title: #103: sudo: do not store usn if no rules are found
lslebodn commented: """ Jakub reviewed https://fedorahosted.org/sssd/ticket/2970 and overlooked such small issue. :-) we should let him to review it one more time """
See the full comment at https://github.com/SSSD/sssd/pull/103#issuecomment-264887362
URL: https://github.com/SSSD/sssd/pull/103 Title: #103: sudo: do not store usn if no rules are found
lslebodn commented: """ There is a simple domain config with case_preserving ``` [domain/LDAP] id_provider = ldap ldap_uri = ldap://$SERVER ldap_search_base = $DS_BASE_DN ldap_tls_cacert = /etc/openldap/certs/cacert.asc case_sensitive = preserving ``` Then you will add a service entry to LDAP server ``` dn: cn=Svc1,ou=Services,$DS_BASE_DN objectClass: ipService cn: Svc1_Alias ipServicePort: 1234 ipServiceProtocol: Tcp ``` and then try to run few getent commands for service * getent services SVC1 | grep Svc1 # passed * getent services svc1_alias | grep Svc1 # passed * getent services 1234/TCP # failed """
See the full comment at https://github.com/SSSD/sssd/pull/103#issuecomment-264888745
URL: https://github.com/SSSD/sssd/pull/103 Title: #103: sudo: do not store usn if no rules are found
lslebodn commented: """ There is a simple domain config with case_preserving ``` [domain/LDAP] id_provider = ldap ldap_uri = ldap://$SERVER ldap_search_base = $DS_BASE_DN ldap_tls_cacert = /etc/openldap/certs/cacert.asc case_sensitive = preserving ``` Then you will add a service entry to LDAP server ``` dn: cn=Svc1,ou=Services,$DS_BASE_DN objectClass: ipService cn: Svc1_Alias ipServicePort: 1234 ipServiceProtocol: Tcp ``` and then try to run few getent commands for service * getent services SVC1 | grep Svc1 # passed * getent services svc1_alias | grep Svc1 # passed * getent services 1234/TCP # failed """
See the full comment at https://github.com/SSSD/sssd/pull/103#issuecomment-264888745
URL: https://github.com/SSSD/sssd/pull/103 Title: #103: sudo: do not store usn if no rules are found
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/103 Title: #103: sudo: do not store usn if no rules are found
jhrozek commented: """ ACK, thanks for the patch. I will push it once full CI finishes. """
See the full comment at https://github.com/SSSD/sssd/pull/103#issuecomment-265726131
URL: https://github.com/SSSD/sssd/pull/103 Title: #103: sudo: do not store usn if no rules are found
jhrozek commented: """ CI: http://sssd-ci.duckdns.org/logs/job/58/31/summary.html
The rawhide failure is unrelated.. """
See the full comment at https://github.com/SSSD/sssd/pull/103#issuecomment-265775078
URL: https://github.com/SSSD/sssd/pull/103 Author: pbrezina Title: #103: sudo: do not store usn if no rules are found Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/103/head:pr103 git checkout pr103
URL: https://github.com/SSSD/sssd/pull/103 Title: #103: sudo: do not store usn if no rules are found
jhrozek commented: """ master: 46703740e83a66909974a5ee8d47df6a6e5076e7 sssd-1-14: 76e97affaa05ce45709efd59d120595c5992aa21 sssd-1-13: 4e25db79aa514e044449c8ad4482c45b24e7a3d4
"""
See the full comment at https://github.com/SSSD/sssd/pull/103#issuecomment-265777376
URL: https://github.com/SSSD/sssd/pull/103 Title: #103: sudo: do not store usn if no rules are found
Label: +Pushed
URL: https://github.com/SSSD/sssd/pull/103 Title: #103: sudo: do not store usn if no rules are found
Label: -Accepted
sssd-devel@lists.fedorahosted.org