sssd-devel April 2015

sssd-devel@lists.fedorahosted.org

16 participants
59 discussions

Start a nNew thread

[PATCH] MAN: Clarify how are GPO mappings called in GPO editor
by Jakub Hrozek 13 Apr '15

13 Apr '15

Improving the documentation makes it easier to recognize what the admin needs to allow for certain service mappings.

2 2

[PATCH] LDAP: Set sdap handle as explicitly connected in LDAP auth
by Jakub Hrozek 08 Apr '15

08 Apr '15

Hi, to reproduce, set up an ldaps:// server (TLS won't reproduce the bug) and configure the client as: [domain/default] id_provider = proxy proxy_lib_name = files auth_provider = ldap ldap_uri = ldaps://openldap.example.com ldap_user_search_base = ou=People,dc=example,dc=com ldap_group_search_base = ou=People,dc=example,dc=com ldap_search_base = dc=example,dc=com ldap_tls_reqcert = demand ldap_tls_cacertdir = /etc/openldap/cacerts ldap_schema = rfc2307bis ldap_user_object_class = inetOrgPerson debug_level = 9 timeout = 30000 Before the patch you'll get an error saying you're not connected. I think the proper solution would be to change the LDAP provider to mark the connection as connected automatically, but there is logic in sdap_async_connection that should be changed as well and the code around whether to use TLS or not is a bit complex. Also, I would prefer to make sdap_handle opaque outside the low-level code.

2 2

[PATCHES] SPEC: Few cosmetic changes
by Lukas Slebodnik 08 Apr '15

08 Apr '15

ehlo, simple patches attached LS

2 2

[PATCH] enumeration: fix talloc context
by Pavel Březina 08 Apr '15

08 Apr '15

https://fedorahosted.org/sssd/ticket/2611

3 6

[PATCH] GPO: Check return value of ad_gpo_store_policy_settings
by Lukas Slebodnik 08 Apr '15

08 Apr '15

ehlo, simple patch is attached. It fixes warning from clang static analyzer. LS

3 6

[PATCH] CLIENT: Clear errno with enabled sss-default-nss-plugin
by Lukas Slebodnik 07 Apr '15

07 Apr '15

ehlo, Although errno was cleared in function sss_nss_make_request some sss glic functions set errno with value of output argument errnop. Steps to reproduce are described in attached patch. LS

3 2

[PATCH] LDAP: drop lockout option from ldap_access_order
by Pavel Reichl 02 Apr '15

02 Apr '15

Hello please see attached patch. The need for this patch was discussed in thread: SDAP: Lock out ssh keys when account naturally expires This patch implements point number 3. >> I would prefer if we didn't add a new option as well, but since we >> released >> a version that only supported the lockout and not any other semantics, >> I don't think we can get away with just changing the functionality. A >> minor version can break functionality. But a major version can >> >> So I propose the following: >> 1) Add a new value for ldap_access_order called "ppolicy" that would >> evaluate the pwdAccountLockedTime fully, including the new >> functionality in this patchset >> 2) In 1.12, deprecate the "lockout" option and log a warning that it >> will be removed in future relase and users should migrate to "ppolicy" >> option >> 3) In master (1.13), remove the "lockout" ldap_access_order value Thanks!

3 24

[PATCH] KRB5: Unify prototype and definition
by Lukas Slebodnik 01 Apr '15

01 Apr '15

ehlo, simple patch is attached. LS

3 2

[PATCH] SSH: Ignore the default_domain_suffix
by Jakub Hrozek 01 Apr '15

01 Apr '15

Honza, can you review, please? To reproduce, just set default_domain_suffix on an IPA trust client to the AD domain value in the [sssd] section: [sssd] services = nss, pac, sudo, pam, ssh domains = linux.test config_file_version = 2 default_domain_suffix = ad.example.com Then request a host: sss_ssh_knownhostsproxy ipa1.linux.test btw default_domain_suffix is already ignored for the autofs responder.

3 3

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel April 2015