1:58 p.m.
URL: https://github.com/SSSD/sssd/pull/519
Author: justin-stephenson
Title: #519: DEBUG: Print simple access provider allow and deny lists
Action: opened
PR body:
"""
Prior to this PR, debug level 9 logs do not print the simple allow and deny user or group
lists that are checked against during simple access checks when `access_provider =
simple`
These debug statements helped to solve a downstream customer case where
`simple_allow_users` was not working as expected, the administrator discovered when they
saw the usernames printed in the logs that the `simple_allow_users` list was coming from a
**/etc/sssd/conf.d/alternate.conf** file which was overriding what they set in
**/etc/sssd/sssd.conf**.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/519/head:pr519
git checkout pr519
1:58 p.m.
New subject: [sssd PR#519][comment] DEBUG: Print simple access provider allow and deny lists
URL: https://github.com/SSSD/sssd/pull/519
Title: #519: DEBUG: Print simple access provider allow and deny lists
centos-ci commented:
"""
Can one of the admins verify this patch?
"""
See the full comment at https://github.com/SSSD/sssd/pull/519#issuecomment-366542761
1:58 p.m.
New subject: [sssd PR#519][comment] DEBUG: Print simple access provider allow and deny lists
URL: https://github.com/SSSD/sssd/pull/519
Title: #519: DEBUG: Print simple access provider allow and deny lists
centos-ci commented:
"""
Can one of the admins verify this patch?
"""
See the full comment at https://github.com/SSSD/sssd/pull/519#issuecomment-366542762
2:52 a.m.
New subject: [sssd PR#519][comment] DEBUG: Print simple access provider allow and deny lists
URL: https://github.com/SSSD/sssd/pull/519
Title: #519: DEBUG: Print simple access provider allow and deny lists
sumit-bose commented:
"""
ok to test
"""
See the full comment at https://github.com/SSSD/sssd/pull/519#issuecomment-366623797
5:18 a.m.
New subject: [sssd PR#519][comment] DEBUG: Print simple access provider allow and deny lists
URL: https://github.com/SSSD/sssd/pull/519
Title: #519: DEBUG: Print simple access provider allow and deny lists
pbrezina commented:
"""
I think using highest debug level `SSSDBG_TRACE_ALL` would be better so we do not swamp
the logs with information easily obtainable from a configuration file. Otherwise its an
ack. Thank you Justin.
"""
See the full comment at https://github.com/SSSD/sssd/pull/519#issuecomment-367650206
6:14 a.m.
New subject: [sssd PR#519][comment] DEBUG: Print simple access provider allow and deny lists
URL: https://github.com/SSSD/sssd/pull/519
Title: #519: DEBUG: Print simple access provider allow and deny lists
jhrozek commented:
"""
btw for debugging purposes I wonder if it was also a good idea to read and print the lists
in `sssm_simple_access_init`. I think confdb already contains the merged values, so just
reading each list with `confdb_get_string` and printing the value would be easy. I guess
there the message level could be higher (CONF_SETTINGS?).
I agree that the message with stepping through the list should be less verbose, because
I've seen some strange configurations where the admins were even hitting the libini
line limit with their ACLs..
"""
See the full comment at https://github.com/SSSD/sssd/pull/519#issuecomment-367662518
6:14 a.m.
New subject: [sssd PR#519][+Changes requested] DEBUG: Print simple access provider allow and deny lists
URL: https://github.com/SSSD/sssd/pull/519
Title: #519: DEBUG: Print simple access provider allow and deny lists
Label: +Changes requested
1:08 p.m.
New subject: [sssd PR#519][synchronized] DEBUG: Print simple access provider allow and deny lists
URL: https://github.com/SSSD/sssd/pull/519
Author: justin-stephenson
Title: #519: DEBUG: Print simple access provider allow and deny lists
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/519/head:pr519
git checkout pr519
1:09 p.m.
New subject: [sssd PR#519][comment] DEBUG: Print simple access provider allow and deny lists
URL: https://github.com/SSSD/sssd/pull/519
Title: #519: DEBUG: Print simple access provider allow and deny lists
justin-stephenson commented:
"""
PR updated with changes suggested, please review.
"""
See the full comment at https://github.com/SSSD/sssd/pull/519#issuecomment-368991183
3:21 p.m.
New subject: [sssd PR#519][+Accepted] DEBUG: Print simple access provider allow and deny lists
URL: https://github.com/SSSD/sssd/pull/519
Title: #519: DEBUG: Print simple access provider allow and deny lists
Label: +Accepted
3:22 p.m.
New subject: [sssd PR#519][comment] DEBUG: Print simple access provider allow and deny lists
URL: https://github.com/SSSD/sssd/pull/519
Title: #519: DEBUG: Print simple access provider allow and deny lists
jhrozek commented:
"""
ACK, CI http://vm-031.${ABC}/logs/job/86/34/summary.html
"""
See the full comment at https://github.com/SSSD/sssd/pull/519#issuecomment-372449692
5:24 a.m.
New subject: [sssd PR#519][comment] DEBUG: Print simple access provider allow and deny lists
URL: https://github.com/SSSD/sssd/pull/519
Title: #519: DEBUG: Print simple access provider allow and deny lists
jhrozek commented:
"""
I fixed a trivial const warning in the code and pushed the patch to master:
e32e17d04c796b37bc3f4cde58106d54ffa2b6d1
"""
See the full comment at https://github.com/SSSD/sssd/pull/519#issuecomment-372617221
5:24 a.m.
New subject: [sssd PR#519][closed] DEBUG: Print simple access provider allow and deny lists
URL: https://github.com/SSSD/sssd/pull/519
Author: justin-stephenson
Title: #519: DEBUG: Print simple access provider allow and deny lists
Action: closed
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/519/head:pr519
git checkout pr519
5:24 a.m.
New subject: [sssd PR#519][+Pushed] DEBUG: Print simple access provider allow and deny lists
URL: https://github.com/SSSD/sssd/pull/519
Title: #519: DEBUG: Print simple access provider allow and deny lists
Label: +Pushed
2233
days inactive
2256
days old
sssd-devel@lists.fedorahosted.org
13 comments
5 participants
participants (5)
-
centos-ci -
jhrozek
-
justin-stephenson
-
pbrezina
-
sumit-bose