Hi,
I've pushed quite a couple of patches to the sssd-1-9 branch lately as part of work on RHEL-6.5. I think it would be nice to use that as basis of 1.9.6 upstream release.
Is there anything that the users or developers would like to include in the 1.9.6 ? There are some mmap patches on the list that need pushing to 1.9 but apart from them, I think this is pretty much it.
Here is a list of tickets 1.9.6 would fix in the 1.9 branch:
* Enabling enumeration causes sssd_be process to utilize 100% of the CPU https://fedorahosted.org/sssd/ticket/1893 * SSSD doesn't display warning for last grace login. https://fedorahosted.org/sssd/ticket/1890 * [RFE] support autoconfiguring SUDO with ipa provider and compat tree https://fedorahosted.org/sssd/ticket/1733 * SUDO is not working for users from trusted AD domain https://fedorahosted.org/sssd/ticket/1912 * getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality https://fedorahosted.org/sssd/ticket/1823 * [RFE] Add support for suppressing group members https://fedorahosted.org/sssd/ticket/1376 * If previous SRV query failed, the next try might not be retried in some cases https://fedorahosted.org/sssd/ticket/1886 * [abrt] sssd-1.10.0-4.fc19.beta1: get_server_status: Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) https://fedorahosted.org/sssd/ticket/1947 * sssd_be goes to 99% CPU and causes significant login delays when client is under load https://fedorahosted.org/sssd/ticket/1806 * sudoHost mismatch response is incorrect sometimes https://fedorahosted.org/sssd/ticket/1693 * sssd fails to resolve hosts/services once the network is up https://fedorahosted.org/sssd/ticket/1933 * cyclic group memberships may not work depending on order of operations https://fedorahosted.org/sssd/ticket/1846 * sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs https://fedorahosted.org/sssd/ticket/2031 * sssd_be crashing with nested ldap groups contain a dangling member https://fedorahosted.org/sssd/ticket/1932 * sss_cache -N/-n should invalidate the hash table in sssd_nss https://fedorahosted.org/sssd/ticket/1759 * SSSD filter out ldap user/group if uid/gid is zero https://fedorahosted.org/sssd/ticket/2005 * SSSD service randomly dies https://fedorahosted.org/sssd/ticket/1980 * SYSV init script should use @sbindir@ https://fedorahosted.org/sssd/ticket/1986 * Enhance sssd init script so that it would source a configuration https://fedorahosted.org/sssd/ticket/1959 * SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable https://fedorahosted.org/sssd/ticket/1966 * resolv-tests failing with memory leak https://fedorahosted.org/sssd/ticket/1899 * sssd_nss terminated with segmentation fault https://fedorahosted.org/sssd/ticket/2018 * unite periodic refresh API https://fedorahosted.org/sssd/ticket/1891 * [RFE] Add a task to the SSSD to periodically refresh cached entries https://fedorahosted.org/sssd/ticket/1713 * passwd returns "Authentication token manipulation error" when entering wrong current password https://fedorahosted.org/sssd/ticket/2029 * Cannot change expired password of an AD user https://fedorahosted.org/sssd/ticket/1827
And here is a complete log of what's currently planned for 1.9.6 (git log --oneline sssd-1_9_5..sssd-1-9):
658e275 print hint about password complexity when new password is rejected f4f0a4c ldap, krb5: More descriptive msg on chpass failure. 261bc18 providers: refresh expired netgroups edbafc2 back end: add refresh expired records periodic task f47934c back end: periodical refresh of expired records API 651ab87 back end: periodic task API 4fda997 mmap_cache: Check if slot and name_ptr are not invalid. 560e2b4 resolv-tests failing with memory leak 8d4485d Set default DNS resolution timeout to 6 seconds. 1e50573 Lower timeout to contact DNS server 7a45875 Add a commit template 230e4e4 init script: source /etc/sysconfig/sssd 60d3b25 Configure SYSV init scripts properly 4a3ad2f Handle too many results from getnetgr. 67771f6 Do not call sss_cmd_done in function check_cache. 5d762a9 MAN: Clarify the min_id/max_id limits further 3678074 NSS: Clear cached netgroups if a request comes in from the sss_cache 845deed NSS: allow removing entries from netgroup hash table f081ea9 LDAP: Fix crash when processing nested groups c487f42 sudo: print better debug message when a rule has multiple cn values a810814 sudo: skip rule on error instead of failing completely e4c8fd0 Every time use permissive control in function memberof_mod. 26df163 Always set port status to neutral when resetting service. ec7fbcd sudo responder: use different callback for oob refresh e7769aa IPA: Do not download or store the member attribute of host groups ab4c050 failover: if expanded server is marked as neutral, invoke srv collapse 5ecdadb collapse_srv_lookup may free the server, make it clear from the API 5e0f0c4 failover: set state->out when meta server remains in SRV_RESOLVE_ERROR 868bf88 Add ignore_group_members option. c13eb93 Adding option to disable retrieving large AD groups. 200d054 Removing unused functions. 2aaa41c sudo responder: use fully qualified name for subdomain users 96db69c SUDO: IPA provider ac77faa Display the last grace warning, too 3896c82 Only try to relink ghost users if we're not enumerating
On (18/08/13 22:07), Jakub Hrozek wrote:
Hi,
I've pushed quite a couple of patches to the sssd-1-9 branch lately as part of work on RHEL-6.5. I think it would be nice to use that as basis of 1.9.6 upstream release.
Is there anything that the users or developers would like to include in the 1.9.6 ? There are some mmap patches on the list that need pushing to 1.9 but apart from them, I think this is pretty much it.
Here is a list of tickets 1.9.6 would fix in the 1.9 branch:
- Enabling enumeration causes sssd_be process to utilize 100% of the CPU
https://fedorahosted.org/sssd/ticket/1893
- SSSD doesn't display warning for last grace login.
https://fedorahosted.org/sssd/ticket/1890
- [RFE] support autoconfiguring SUDO with ipa provider and compat tree
https://fedorahosted.org/sssd/ticket/1733
- SUDO is not working for users from trusted AD domain
https://fedorahosted.org/sssd/ticket/1912
- getgrnam / getgrgid for large user groups is too slow due to range retrieval
functionality https://fedorahosted.org/sssd/ticket/1823
- [RFE] Add support for suppressing group members
https://fedorahosted.org/sssd/ticket/1376
- If previous SRV query failed, the next try might not be retried in some cases
https://fedorahosted.org/sssd/ticket/1886
- [abrt] sssd-1.10.0-4.fc19.beta1: get_server_status: Process
/usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) https://fedorahosted.org/sssd/ticket/1947
- sssd_be goes to 99% CPU and causes significant login delays when client
is under load https://fedorahosted.org/sssd/ticket/1806
- sudoHost mismatch response is incorrect sometimes
https://fedorahosted.org/sssd/ticket/1693
- sssd fails to resolve hosts/services once the network is up
https://fedorahosted.org/sssd/ticket/1933
- cyclic group memberships may not work depending on order of operations
https://fedorahosted.org/sssd/ticket/1846
- sssd fails instead of skipping when a sudo ldap filter returns entries
with multiple CNs https://fedorahosted.org/sssd/ticket/2031
- sssd_be crashing with nested ldap groups contain a dangling member
https://fedorahosted.org/sssd/ticket/1932
- sss_cache -N/-n should invalidate the hash table in sssd_nss
https://fedorahosted.org/sssd/ticket/1759
- SSSD filter out ldap user/group if uid/gid is zero
https://fedorahosted.org/sssd/ticket/2005
- SSSD service randomly dies
https://fedorahosted.org/sssd/ticket/1980
- SYSV init script should use @sbindir@
https://fedorahosted.org/sssd/ticket/1986
- Enhance sssd init script so that it would source a configuration
https://fedorahosted.org/sssd/ticket/1959
- SSSD failover doesn't work if the first DNS server in resolv.conf is
unavailable https://fedorahosted.org/sssd/ticket/1966
- resolv-tests failing with memory leak
https://fedorahosted.org/sssd/ticket/1899
- sssd_nss terminated with segmentation fault
https://fedorahosted.org/sssd/ticket/2018
- unite periodic refresh API
https://fedorahosted.org/sssd/ticket/1891
- [RFE] Add a task to the SSSD to periodically refresh cached entries
https://fedorahosted.org/sssd/ticket/1713
- passwd returns "Authentication token manipulation error" when entering
wrong current password https://fedorahosted.org/sssd/ticket/2029
- Cannot change expired password of an AD user
https://fedorahosted.org/sssd/ticket/1827
And here is a complete log of what's currently planned for 1.9.6 (git log --oneline sssd-1_9_5..sssd-1-9):
658e275 print hint about password complexity when new password is rejected f4f0a4c ldap, krb5: More descriptive msg on chpass failure. 261bc18 providers: refresh expired netgroups edbafc2 back end: add refresh expired records periodic task f47934c back end: periodical refresh of expired records API 651ab87 back end: periodic task API 4fda997 mmap_cache: Check if slot and name_ptr are not invalid. 560e2b4 resolv-tests failing with memory leak 8d4485d Set default DNS resolution timeout to 6 seconds. 1e50573 Lower timeout to contact DNS server 7a45875 Add a commit template 230e4e4 init script: source /etc/sysconfig/sssd 60d3b25 Configure SYSV init scripts properly 4a3ad2f Handle too many results from getnetgr. 67771f6 Do not call sss_cmd_done in function check_cache. 5d762a9 MAN: Clarify the min_id/max_id limits further 3678074 NSS: Clear cached netgroups if a request comes in from the sss_cache 845deed NSS: allow removing entries from netgroup hash table f081ea9 LDAP: Fix crash when processing nested groups c487f42 sudo: print better debug message when a rule has multiple cn values a810814 sudo: skip rule on error instead of failing completely e4c8fd0 Every time use permissive control in function memberof_mod. 26df163 Always set port status to neutral when resetting service. ec7fbcd sudo responder: use different callback for oob refresh e7769aa IPA: Do not download or store the member attribute of host groups ab4c050 failover: if expanded server is marked as neutral, invoke srv collapse 5ecdadb collapse_srv_lookup may free the server, make it clear from the API 5e0f0c4 failover: set state->out when meta server remains in SRV_RESOLVE_ERROR 868bf88 Add ignore_group_members option. c13eb93 Adding option to disable retrieving large AD groups. 200d054 Removing unused functions. 2aaa41c sudo responder: use fully qualified name for subdomain users 96db69c SUDO: IPA provider ac77faa Display the last grace warning, too 3896c82 Only try to relink ghost users if we're not enumerating
We should wait at least a week. There are some possible bug fixes suitable for 1.9 branch
LS
On Mon, Aug 19, 2013 at 06:27:01AM +0200, Lukas Slebodnik wrote:
On (18/08/13 22:07), Jakub Hrozek wrote:
Hi,
I've pushed quite a couple of patches to the sssd-1-9 branch lately as part of work on RHEL-6.5. I think it would be nice to use that as basis of 1.9.6 upstream release.
Is there anything that the users or developers would like to include in the 1.9.6 ? There are some mmap patches on the list that need pushing to 1.9 but apart from them, I think this is pretty much it.
Here is a list of tickets 1.9.6 would fix in the 1.9 branch:
- Enabling enumeration causes sssd_be process to utilize 100% of the CPU
https://fedorahosted.org/sssd/ticket/1893
- SSSD doesn't display warning for last grace login.
https://fedorahosted.org/sssd/ticket/1890
- [RFE] support autoconfiguring SUDO with ipa provider and compat tree
https://fedorahosted.org/sssd/ticket/1733
- SUDO is not working for users from trusted AD domain
https://fedorahosted.org/sssd/ticket/1912
- getgrnam / getgrgid for large user groups is too slow due to range retrieval
functionality https://fedorahosted.org/sssd/ticket/1823
- [RFE] Add support for suppressing group members
https://fedorahosted.org/sssd/ticket/1376
- If previous SRV query failed, the next try might not be retried in some cases
https://fedorahosted.org/sssd/ticket/1886
- [abrt] sssd-1.10.0-4.fc19.beta1: get_server_status: Process
/usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) https://fedorahosted.org/sssd/ticket/1947
- sssd_be goes to 99% CPU and causes significant login delays when client
is under load https://fedorahosted.org/sssd/ticket/1806
- sudoHost mismatch response is incorrect sometimes
https://fedorahosted.org/sssd/ticket/1693
- sssd fails to resolve hosts/services once the network is up
https://fedorahosted.org/sssd/ticket/1933
- cyclic group memberships may not work depending on order of operations
https://fedorahosted.org/sssd/ticket/1846
- sssd fails instead of skipping when a sudo ldap filter returns entries
with multiple CNs https://fedorahosted.org/sssd/ticket/2031
- sssd_be crashing with nested ldap groups contain a dangling member
https://fedorahosted.org/sssd/ticket/1932
- sss_cache -N/-n should invalidate the hash table in sssd_nss
https://fedorahosted.org/sssd/ticket/1759
- SSSD filter out ldap user/group if uid/gid is zero
https://fedorahosted.org/sssd/ticket/2005
- SSSD service randomly dies
https://fedorahosted.org/sssd/ticket/1980
- SYSV init script should use @sbindir@
https://fedorahosted.org/sssd/ticket/1986
- Enhance sssd init script so that it would source a configuration
https://fedorahosted.org/sssd/ticket/1959
- SSSD failover doesn't work if the first DNS server in resolv.conf is
unavailable https://fedorahosted.org/sssd/ticket/1966
- resolv-tests failing with memory leak
https://fedorahosted.org/sssd/ticket/1899
- sssd_nss terminated with segmentation fault
https://fedorahosted.org/sssd/ticket/2018
- unite periodic refresh API
https://fedorahosted.org/sssd/ticket/1891
- [RFE] Add a task to the SSSD to periodically refresh cached entries
https://fedorahosted.org/sssd/ticket/1713
- passwd returns "Authentication token manipulation error" when entering
wrong current password https://fedorahosted.org/sssd/ticket/2029
- Cannot change expired password of an AD user
https://fedorahosted.org/sssd/ticket/1827
And here is a complete log of what's currently planned for 1.9.6 (git log --oneline sssd-1_9_5..sssd-1-9):
658e275 print hint about password complexity when new password is rejected f4f0a4c ldap, krb5: More descriptive msg on chpass failure. 261bc18 providers: refresh expired netgroups edbafc2 back end: add refresh expired records periodic task f47934c back end: periodical refresh of expired records API 651ab87 back end: periodic task API 4fda997 mmap_cache: Check if slot and name_ptr are not invalid. 560e2b4 resolv-tests failing with memory leak 8d4485d Set default DNS resolution timeout to 6 seconds. 1e50573 Lower timeout to contact DNS server 7a45875 Add a commit template 230e4e4 init script: source /etc/sysconfig/sssd 60d3b25 Configure SYSV init scripts properly 4a3ad2f Handle too many results from getnetgr. 67771f6 Do not call sss_cmd_done in function check_cache. 5d762a9 MAN: Clarify the min_id/max_id limits further 3678074 NSS: Clear cached netgroups if a request comes in from the sss_cache 845deed NSS: allow removing entries from netgroup hash table f081ea9 LDAP: Fix crash when processing nested groups c487f42 sudo: print better debug message when a rule has multiple cn values a810814 sudo: skip rule on error instead of failing completely e4c8fd0 Every time use permissive control in function memberof_mod. 26df163 Always set port status to neutral when resetting service. ec7fbcd sudo responder: use different callback for oob refresh e7769aa IPA: Do not download or store the member attribute of host groups ab4c050 failover: if expanded server is marked as neutral, invoke srv collapse 5ecdadb collapse_srv_lookup may free the server, make it clear from the API 5e0f0c4 failover: set state->out when meta server remains in SRV_RESOLVE_ERROR 868bf88 Add ignore_group_members option. c13eb93 Adding option to disable retrieving large AD groups. 200d054 Removing unused functions. 2aaa41c sudo responder: use fully qualified name for subdomain users 96db69c SUDO: IPA provider ac77faa Display the last grace warning, too 3896c82 Only try to relink ghost users if we're not enumerating
We should wait at least a week. There are some possible bug fixes suitable for 1.9 branch
LS
Hi,
I think all the bugs are resolved now and also the BSD build time support is in. Once we push Michal's memcache recovery patch, I think we can release.
See: $ git log --oneline sssd-1_9_5..sssd-1-9 for a full list of planned changes.
So -- last call for patches that you'd like to see included in 1.9.6!
sssd-devel@lists.fedorahosted.org