Timeline


and

10/12/13:

22:21 InternalsDocs edited by preichl
(diff)
22:09 InternalsDocs edited by preichl
(diff)
21:59 InternalsDocs edited by preichl
(diff)
21:55 InternalsDocs edited by preichl
(diff)
21:47 InternalsDocs edited by preichl
(diff)
21:26 InternalsDocs edited by preichl
(diff)
21:20 InternalsDocs edited by preichl
(diff)
21:13 InternalsDocs edited by preichl
(diff)
21:12 InternalsDocs edited by preichl
(diff)
20:45 InternalsDocs edited by preichl
(diff)
20:38 InternalsDocs edited by preichl
(diff)
20:32 InternalsDocs edited by preichl
(diff)
20:16 InternalsDocs edited by preichl
(diff)
20:06 InternalsDocs edited by preichl
(diff)
19:48 InternalsDocs edited by preichl
(diff)
19:32 InternalsDocs edited by preichl
(diff)
19:28 InternalsDocs edited by preichl
(diff)
19:07 InternalsDocs edited by preichl
(diff)
09:34 InternalsDocs edited by preichl
(diff)
09:17 10.jpg attached to InternalsDocs by preichl
09:17 9.jpg attached to InternalsDocs by preichl
09:17 8.jpg attached to InternalsDocs by preichl
09:16 7.jpg attached to InternalsDocs by preichl
09:16 6.jpg attached to InternalsDocs by preichl
09:16 5.jpg attached to InternalsDocs by preichl
09:16 4.jpg attached to InternalsDocs by preichl
09:16 3.jpg attached to InternalsDocs by preichl
09:16 2.jpg attached to InternalsDocs by preichl
09:15 1.jpg attached to InternalsDocs by preichl
08:55 InternalsDocs edited by preichl
(diff)
08:53 InternalsDocs edited by preichl
(diff)
08:05 1000000000000528000003FCB8CBEF0F.jpg attached to InternalsDocs by preichl

10/11/13:

19:51 InternalsDocs edited by preichl
(diff)
16:19 InternalsDocs edited by preichl
(diff)
15:32 InternalsDocs edited by preichl
(diff)
15:01 InternalsDocs edited by preichl
(diff)
11:28 InternalsDocs edited by preichl
(diff)
11:07 InternalsDocs edited by preichl
(diff)
11:04 InternalsDocs edited by preichl
(diff)
09:40 DesignDocs/AccountsService edited by mvo
(diff)
09:05 InternalsDocs edited by preichl
(diff)
08:47 InternalsDocs edited by preichl
(diff)
08:01 Changeset [34cd785] by Jakub Hrozek <jhrozek@…>
sssd-1-11INI: Disable line-wrapping functionality Supporting the latest INI release brought an incompatible change. Lines beginning with a whitespace were treated as continuation of the previous line. This patch reverts to ignoring the whitespace as we did previously so that the existing configurations keep working.
07:59 Changeset [f322968] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14INI: Disable line-wrapping functionality Supporting the latest INI release brought an incompatible change. Lines beginning with a whitespace were treated as continuation of the previous line. This patch reverts to ignoring the whitespace as we did previously so that the existing configurations keep working.
07:59 Changeset [65a8e6e] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14MAN: Fix refsect-id The refsect id was copied from sssd.conf(5) and was wrong. Fixing the refsect might help us if we ever generate other formats from XML and certainly wouldn't hurt.
02:43 Ticket #2119 (Double parsing failes for a complex file) created by dpal
See ini_parse_ut.c If you add the attached file to the list of files in …

10/10/13:

18:08 InternalsDocs edited by preichl
(diff)
17:59 Ticket #2116 (SID looksups are not handled if noexist_delete flag is set) closed by jhrozek
fixed: * master: f244195582ec804f1022341e2e3394754e31b36a * sssd-1-11: …
17:59 Changeset [9f1883ac] by Jakub Hrozek <jhrozek@…>
sssd-1-11LDAP: handle SID requests if noexist_delete is set Fixes https://fedorahosted.org/sssd/ticket/2116
17:58 Changeset [f244195] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14LDAP: handle SID requests if noexist_delete is set Fixes https://fedorahosted.org/sssd/ticket/2116
17:58 Changeset [46967fe0] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14krb5: fix warning may be used uninitialized
17:58 InternalsDocs edited by preichl
(diff)
17:38 InternalsDocs edited by preichl
(diff)
17:25 InternalsDocs edited by preichl
(diff)
17:24 InternalsDocs edited by preichl
(diff)
17:18 InternalsDocs edited by preichl
(diff)
17:11 InternalsDocs edited by preichl
(diff)
17:10 InternalsDocs created by preichl
13:54 DesignDocs/AccountsService edited by stefw
Added more questions (diff)
13:51 DesignDocs/AccountsService edited by stefw
Add list of deficiencies (diff)
09:49 Ticket #2071 (Ccache directory creation leads to unexpected results) closed by jhrozek
fixed: * master: 047ed117f80c0fcc7710d930123af4f21233c369 * sssd-1-11: …
09:13 Ticket #2118 ([RFE] Consider enabling the line wrapping functionality) created by jhrozek
Lines beginning with a whitespace were treated as continuation of the …
08:39 Ticket #2117 ([RFE] SID-Mapping: Store non-POSIX users in cache if they have a SID) created by sbose
If the POSIX IDs are managed externally, e.g. by AD, not all available …

10/09/13:

20:38 Ticket #2116 (SID looksups are not handled if noexist_delete flag is set) created by sbose
Since it is not clear if a SID belongs to a user or a group we currently …
11:44 Ticket #2115 (Offline logins with krb5 keyring cache do not produce placeholder cache) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Fedora): …
09:49 Ticket #2114 (refresh_expired_interval man page doc is not clear) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …

10/08/13:

08:11 Ticket #2113 (Enable canonicalization by default for trusted AD domains) created by jhrozek
The krb5_canonicalize for trusted AD domains is false by default. We …

10/07/13:

16:42 DesignDocs/TestCoverage edited by jhrozek
(diff)
14:17 Changeset [24f62f9] by Jakub Hrozek <jhrozek@…>
sssd-1-11MAN: Clarify debug level documentation Originally, we planned to deprecate the decimal values for the debug levels, but that has proven to be too difficult for most users to understand. Instead, we will document both the simple decimal and complex bitmask values and recommend the use of the decimal values.
14:17 Changeset [968928fc] by Jakub Hrozek <jhrozek@…>
sssd-1-11MAN: Reflow debug_levels.xml Many lines in debug_levels.xml violated our line-length conventsions. This patch provides no functional changes, it simply brings those lines into compliance.
14:14 Ticket #2110 (Processing miltivalue strings does not return last token) closed by jhrozek
fixed: ding-libs master: 8a743dcaa04b7b1f9708dd8001aca807357779d3
14:13 Changeset [80a9c39] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14MAN: Clarify debug level documentation Originally, we planned to deprecate the decimal values for the debug levels, but that has proven to be too difficult for most users to understand. Instead, we will document both the simple decimal and complex bitmask values and recommend the use of the decimal values.
14:13 Changeset [06ba148a] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14MAN: Reflow debug_levels.xml Many lines in debug_levels.xml violated our line-length conventsions. This patch provides no functional changes, it simply brings those lines into compliance.
08:58 Changeset [9d45ab1a] by Jakub Hrozek <jhrozek@…>
sssd-1-11krb5: Remove ability to create public directories Setting up public directories is the job of the admin, and current sssd syntax can't express the actual intention of the admin with regrads to which parts of the path should be public or private. Resolves: https://fedorahosted.org/sssd/ticket/2071
08:58 Changeset [a8d269b] by Jakub Hrozek <jhrozek@…>
sssd-1-11krb5: Fix unit tests
08:57 Changeset [047ed11] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14krb5: Remove ability to create public directories Setting up public directories is the job of the admin, and current sssd syntax can't express the actual intention of the admin with regrads to which parts of the path should be public or private. Resolves: https://fedorahosted.org/sssd/ticket/2071
08:57 Changeset [5b5bc56] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14krb5: Fix unit tests
08:45 Ticket #2112 (Coverity reported potential NULL dereference) created by jhrozek
Coverity reported the following path in krb5_child.c: […] Line 944 …

10/05/13:

20:44 Ticket #2107 (Description of the parse flags use is missing in header file) closed by jhrozek
fixed
00:37 Ticket #394 (Use variable to control verbosity for things in common directory) closed by dpal
fixed: This actually have been implemented quite some time ago. Closing.
00:32 Ticket #748 (Coverity: Errors in the ref-array UNIT tests) closed by dpal
fixed: Current Coverity and clang scans do not show any issues. Closing as fixed.
00:28 Ticket #574 ([Collection] potential NULL dereferences) closed by dpal
fixed: I reran latest clang scan. Seems like patches have been applied.

10/04/13:

23:42 Ticket #1544 (Provide a patch to for SSSD to leverage new INI API) closed by dpal
fixed: This has been done. Closing the ticket.
23:31 Ticket #2111 (Add more unit tests for the array processing) created by dpal
Issue #2110 showed that there problems with string array processing. But …
15:42 Changeset [4e344645] by Jakub Hrozek <jhrozek@…>
sssd-1-11AD: properly intitialize GC from ad_server option
15:38 Changeset [9a9a813] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14AD: properly intitialize GC from ad_server option
15:30 Changeset [9cd1cc7] by Jakub Hrozek <jhrozek@…>
sssd-1-11SYSDB: Fix incorrect DEBUG message A bad comparison resulted in the sysdb_sudo_check_time() function always printing a debug message saying that the time matched. Resolves: Coverity Issue #12031
15:24 Changeset [5ac292b] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14SYSDB: Fix incorrect DEBUG message A bad comparison resulted in the sysdb_sudo_check_time() function always printing a debug message saying that the time matched. Resolves: Coverity Issue #12031
03:25 Ticket #2109 (line with multiple tokens not being parsed correctly) closed by dpal
duplicate: Ah, I filed it too. See #2110.
03:19 Ticket #2110 (Processing miltivalue strings does not return last token) created by dpal
Lists like key = value1, value2, value3 are not processed properly by …

10/03/13:

23:17 Ticket #2109 (line with multiple tokens not being parsed correctly) created by yelley
[MySection?] MyParam? = a, b, c For the ini file above, …
16:23 Ticket #2108 ([RFE] Support C/C++ style comments in INI file parsing) created by dpal
Right now parser does not support /* */ and style comments. Only ; and …
10:37 Ticket #2089 (ldap_sudorule_object_class default is sudoRule insted of sudoRole) closed by jhrozek
worksforme: Closing due to inactivity again.

10/02/13:

21:48 Ticket #2107 (Description of the parse flags use is missing in header file) created by dpal
see ding-libs/ini/ini_configobj.h […]
21:44 Ticket #2106 ([RFE] Add ability to convert input ini file from UTF 16/32 to UTF8 during ...) created by dpal
Right now parser assumes UTF8 encoding but file can be encoded …
16:35 Ticket #2105 (Do not show 'Could not add new domain' error messages if ...) created by sbose
There is a missleading set of debug messages […] if ldap_id_mapping …
16:31 Ticket #2104 (AD provider should fall back the LDAP if Global Catalog is not reachable) created by sbose
Currently the AD provider goes offline if the Global Catalog cannot be …
14:48 DesignDocs/DBusResponder edited by jhrozek
(diff)
14:43 DesignDocs/DBusResponder edited by jhrozek
(diff)
14:39 DesignDocs/DBusResponder created by jhrozek

10/01/13:

19:28 Ticket #2100 (sudo responder does not support specifying just one of ...) closed by jhrozek
fixed: * master: d1f3610aefcb634f212d4c099fac102b3e4dee59 * sssd-1-11: …
19:27 Changeset [df30563] by Jakub Hrozek <jhrozek@…>
sssd-1-11sudo: improve time restrictions debug messages
19:27 Changeset [9f3e9e9] by Jakub Hrozek <jhrozek@…>
sssd-1-11sudo: allow specifying only one time restriction https://fedorahosted.org/sssd/ticket/2100
19:14 Changeset [d1f3610] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14sudo: allow specifying only one time restriction https://fedorahosted.org/sssd/ticket/2100
19:14 Changeset [55fdd0d] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14sudo: improve time restrictions debug messages
08:56 Releases/Notes-1.11.1 edited by jhrozek
Note about new build dep on Ubuntu (diff)

09/27/13:

19:58 WikiStart edited by jhrozek
include 1.11.1 (diff)
19:56 Milestone SSSD 1.11.1 completed
19:55 Documentation edited by jhrozek
(diff)
19:53 Releases/Notes-1.11.1 edited by jhrozek
1.11.1 release notes (diff)
19:45 Releases edited by jhrozek
Include the 1.11.1 release (diff)
19:39 Changeset [3aaf74d] by Jakub Hrozek <jhrozek@…>
sssd-1-11Updating the version for the 1.11.2 release
19:17 Changeset [9727162] by Jakub Hrozek <jhrozek@…>
sssd-1-11Updating the translations for the 1.11.1 release
16:13 Ticket #2089 (ldap_sudorule_object_class default is sudoRule insted of sudoRole) reopened by tothandor
I was busy. Sorry for not reacting. On CentOS 6.4, if I don't set …
14:09 Ticket #2070 (The present sssd-ad is unable to pull RFC2307 attributes from all domains ...) closed by jhrozek
fixed: * master: * 4343b618051d295cbb1a805a85feb117a91c6945 * …
14:00 Changeset [2a413fb] by Jakub Hrozek <jhrozek@…>
sssd-1-11AD: talk to GC first even for local domain objects Related: https://fedorahosted.org/sssd/ticket/2070 Since we are recommending to configure the POSIX attributes so that they are replicated to the Global Catalog, we can start connecting to the GC by default even for local users. If the object is not matches in the GC, there is a possibility to fall back to LDAP.
14:00 Changeset [4b96f0c] by Jakub Hrozek <jhrozek@…>
sssd-1-11MAN: Document that POSIX attributes must be replicated to GC Currently the AD provider relies on the presence of the POSIX attributes in the Global Catalog. This patch mentiones the fact in the sssd-ad(5) manual page.
14:00 Changeset [85a5643] by Jakub Hrozek <jhrozek@…>
sssd-1-11LDAP: Require ID numbers when ID mapping is off Related: https://fedorahosted.org/sssd/ticket/2070 When searching for users and groups without the use of ID mapping, make sure the UIDs and GIDs are included in the search. This will make the SSSD seemigly "miss" entries when searching in Global Catalog in the scenario where the POSIX attributes are not replicated to the GC.
14:00 Changeset [7830aea] by Jakub Hrozek <jhrozek@…>
sssd-1-11LDAP: Allow searching subdomain during RFC2307bis initgroups Related: https://fedorahosted.org/sssd/ticket/2070 Until now, the POSIX-compliant initgroups would only be able to search the parent domain. Since we want to allow using POSIX attributes from AD subdomains as well, we should allow searching a custom sdap_domain.
13:52 Changeset [4343b61] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14MAN: Document that POSIX attributes must be replicated to GC Currently the AD provider relies on the presence of the POSIX attributes in the Global Catalog. This patch mentiones the fact in the sssd-ad(5) manual page.
13:52 Changeset [d3e1d88] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14LDAP: Require ID numbers when ID mapping is off Related: https://fedorahosted.org/sssd/ticket/2070 When searching for users and groups without the use of ID mapping, make sure the UIDs and GIDs are included in the search. This will make the SSSD seemigly "miss" entries when searching in Global Catalog in the scenario where the POSIX attributes are not replicated to the GC.
13:52 Changeset [1b870ff] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14LDAP: Allow searching subdomain during RFC2307bis initgroups Related: https://fedorahosted.org/sssd/ticket/2070 Until now, the POSIX-compliant initgroups would only be able to search the parent domain. Since we want to allow using POSIX attributes from AD subdomains as well, we should allow searching a custom sdap_domain.
13:52 Changeset [c2aeea3] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14AD: talk to GC first even for local domain objects Related: https://fedorahosted.org/sssd/ticket/2070 Since we are recommending to configure the POSIX attributes so that they are replicated to the Global Catalog, we can start connecting to the GC by default even for local users. If the object is not matches in the GC, there is a possibility to fall back to LDAP.
12:17 Releases/Notes-1.11.1 created by jhrozek
11:31 Changeset [3ebad26] by Jakub Hrozek <jhrozek@…>
sssd-1-11KRB5: Return ERR_NETWORK_IO when trusted AD server can't be resolved
11:31 Changeset [3725fc8] by Jakub Hrozek <jhrozek@…>
sssd-1-11KRB5: Use the correct domain when authenticating with cached password
10:51 Changeset [2db23c67] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14KRB5: Return ERR_NETWORK_IO when trusted AD server can't be resolved
10:51 Changeset [e2f37d44] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14KRB5: Use the correct domain when authenticating with cached password
10:37 Ticket #2095 (libiniconfig doesn't trim trailing whitespace) closed by jhrozek
fixed: Fixed in ding-libs master: 7a2eb259b2e22ce5e2395fbf578b5fef57667489
09:47 Ticket #2103 (carefully re-check patches for #2066) created by pbrezina
There were few things that wasn't entirely clear during review of #2066
08:49 Ticket #2080 (When in IPA server mode, SSSD should map trusted forest subdomains to root ...) closed by jhrozek
fixed: This was fixed with the same fixes as #2093.
08:41 Ticket #2093 (sssd should write capaths for IPA trusted forests' subdomains) closed by jhrozek
fixed: * master * ce29aa8998332fd3c2e4e4b81e7302d41c461893 * …
08:39 Changeset [a091e5b] by Jakub Hrozek <jhrozek@…>
sssd-1-11IPA: store forest name for forest member domains In order to fix https://fedorahosted.org/sssd/ticket/2093 the name of the forest must be known for a member domain of the forest.
08:39 Changeset [0ee14e8] by Jakub Hrozek <jhrozek@…>
sssd-1-11ipa_server_mode: write capaths to krb5 include file If there are member domains in a trusted forest which are DNS-wise not proper children of the forest root the IPA KDC needs some help to determine the right authentication path. In general this should be done internally by the IPA KDC but this works requires more effort than letting sssd write the needed data to the include file for krb5.conf. If this functionality is available for the IPA KDC this patch might be removed from the sssd tree. Fixes https://fedorahosted.org/sssd/ticket/2093
08:39 Changeset [2ad3336] by Jakub Hrozek <jhrozek@…>
sssd-1-11Do not return DP_ERR_FATAL in case of success
08:33 Changeset [c5711b0] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14IPA: store forest name for forest member domains In order to fix https://fedorahosted.org/sssd/ticket/2093 the name of the forest must be known for a member domain of the forest.
08:33 Changeset [bbd43fb] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14ipa_server_mode: write capaths to krb5 include file If there are member domains in a trusted forest which are DNS-wise not proper children of the forest root the IPA KDC needs some help to determine the right authentication path. In general this should be done internally by the IPA KDC but this works requires more effort than letting sssd write the needed data to the include file for krb5.conf. If this functionality is available for the IPA KDC this patch might be removed from the sssd tree. Fixes https://fedorahosted.org/sssd/ticket/2093
08:33 Changeset [ce29aa8] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14Do not return DP_ERR_FATAL in case of success

09/26/13:

20:31 Ticket #2079 (SSSD subdomains provider does not resolve SRV records correctly when DNS ...) closed by jhrozek
fixed: * master: 82d248c7e7d61dba7065a1a744823bc06c1b5b96 * sssd-1-11: …
20:31 Changeset [419cbf2] by Jakub Hrozek <jhrozek@…>
sssd-1-11IPA: Ignore dns_discovery_domain in server mode https://fedorahosted.org/sssd/ticket/2079 If the dns_discovery_domain is set in the server mode, then the current failover code will use it to discover the AD servers as well. This patch resets the discovery domain unless the admin configured SRV resolution for IPA servers manually. In the case he did, we try to warn him that service discovery of AD servers will most likely fail.
20:27 Changeset [82d248c] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14IPA: Ignore dns_discovery_domain in server mode https://fedorahosted.org/sssd/ticket/2079 If the dns_discovery_domain is set in the server mode, then the current failover code will use it to discover the AD servers as well. This patch resets the discovery domain unless the admin configured SRV resolution for IPA servers manually. In the case he did, we try to warn him that service discovery of AD servers will most likely fail.
19:18 Ticket #2066 (ad: invalid handling of Domain Users group for subdomain user) closed by jhrozek
fixed: * master: * 7d3b27b0b2137cbc26da20d93bdcf332b123be19 * …
19:15 Changeset [0784d1b] by Jakub Hrozek <jhrozek@…>
sssd-1-11util: add get_domains_head() This function will return head of the domain list. Resolves: https://fedorahosted.org/sssd/ticket/2066
19:15 Changeset [98cbf23] by Jakub Hrozek <jhrozek@…>
sssd-1-11sysdb: get_sysdb_grouplist() can return either names or dn We need to work with distinguish names when processing cross-domain membership, because groups and users may be stored in different sysdb tree. Resolves: https://fedorahosted.org/sssd/ticket/2066
19:15 Changeset [15ef8f1] by Jakub Hrozek <jhrozek@…>
sssd-1-11sysdb: sysdb_update_members can take either name or dn We need to work with distinguish names when processing cross-domain membership, because groups and users may be stored in different sysdb tree. Resolves: https://fedorahosted.org/sssd/ticket/2066
19:15 Changeset [27a2608] by Jakub Hrozek <jhrozek@…>
sssd-1-11ad: store group in correct tree on initgroups via tokenGroups If tokenGroups contains group from different domain than user's, we stored it under the user's domain tree in sysdb. This patch changes it so we store it under group's domain tree. Resolves: https://fedorahosted.org/sssd/ticket/2066
19:11 Changeset [9cc6602] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14sysdb: get_sysdb_grouplist() can return either names or dn We need to work with distinguish names when processing cross-domain membership, because groups and users may be stored in different sysdb tree. Resolves: https://fedorahosted.org/sssd/ticket/2066
19:11 Changeset [6ff294a] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14sysdb: sysdb_update_members can take either name or dn We need to work with distinguish names when processing cross-domain membership, because groups and users may be stored in different sysdb tree. Resolves: https://fedorahosted.org/sssd/ticket/2066
19:11 Changeset [7d3b27b] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14ad: store group in correct tree on initgroups via tokenGroups If tokenGroups contains group from different domain than user's, we stored it under the user's domain tree in sysdb. This patch changes it so we store it under group's domain tree. Resolves: https://fedorahosted.org/sssd/ticket/2066
19:11 Changeset [cf1a8af] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14util: add get_domains_head() This function will return head of the domain list. Resolves: https://fedorahosted.org/sssd/ticket/2066
12:04 Changeset [b22b7fe] by Jakub Hrozek <jhrozek@…>
sssd-1-11KRB5: Fix bad comparison
12:03 Changeset [6a848dd] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14KRB5: Fix bad comparison
11:23 Ticket #2102 (disable midpoint refresh for netgroups if ptask refresh is enabled) created by pbrezina
If periodical refresh of expired netgroups is enabled, we should disable …
10:04 Ticket #2101 (Use idrange of forest root if there is none for a member domain and type ...) created by sbose
While discussing FreeIPA ticket …
09:25 Ticket #2100 (sudo responder does not support specifying just one of ...) created by jhrozek
Nikolai found out that sudo-ldap allows specifying just one of the two …

09/25/13:

23:30 Ticket #2089 (ldap_sudorule_object_class default is sudoRule insted of sudoRole) closed by jhrozek
invalid: No response for a week, closing. Please reopen if you see a bug.
12:12 Ticket #2094 (find uid tests fail) closed by jhrozek
fixed: * master: e33d1454676021db27fd1f1d52bb3d79c7171d01 Internal-only fix. …
12:08 Changeset [b5020bc] by Jakub Hrozek <jhrozek@…>
sssd-1-11krb5: Be more lenient on failures for old ccache Fix a check for an error return code that can be returned when the ccache is not found. Even in case of other errors still do not fail authentication but allow it to proceed using a new ccache file if necessary. Related: https://fedorahosted.org/sssd/ticket/2053
12:07 Changeset [8c84440] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14krb5: Be more lenient on failures for old ccache Fix a check for an error return code that can be returned when the ccache is not found. Even in case of other errors still do not fail authentication but allow it to proceed using a new ccache file if necessary. Related: https://fedorahosted.org/sssd/ticket/2053
12:07 Changeset [e33d145] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14util: Allways fall back to old find_uid method systemd-login still fails with su/sudo login shells, so always fall back for now. Resolves: https://fedorahosted.org/sssd/ticket/2094
10:34 Ticket #2099 ([RFE] Read and use SSH keys stored in Active Directory) created by mkosek
Add support SSH key management in Active Directory and use the SSH keys in …
09:26 Ticket #2090 (getpwuid and getgrgid do not use the negative cache) closed by jhrozek
fixed: * master: * 0929629fd69df6e83f9986707b2a6462e0e273d0 * …
09:26 Changeset [20b158b] by Jakub Hrozek <jhrozek@…>
sssd-1-11NSS: Set UID and GID to negative cache after searching all domains https://fedorahosted.org/sssd/ticket/2090 Previously, when searching by UID or GID, the negative cache will only work in case the UID was searched for using fully qualified names.
09:26 Changeset [a0b107d] by Jakub Hrozek <jhrozek@…>
sssd-1-11NSS: Failure to store entry negative cache should not be fatal The only effect the failure to store a result to negative cache might have would be a slower lookup next time.
09:21 Changeset [0929629] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14NSS: Set UID and GID to negative cache after searching all domains https://fedorahosted.org/sssd/ticket/2090 Previously, when searching by UID or GID, the negative cache will only work in case the UID was searched for using fully qualified names.
09:21 Changeset [d82e648] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14NSS: Failure to store entry negative cache should not be fatal The only effect the failure to store a result to negative cache might have would be a slower lookup next time.

09/24/13:

13:23 Ticket #2098 (Enable warning missing-declarations) created by lslebodn
"gcc -Wmissing-declarations" warns if a global function is defined without …
13:15 Changeset [8894423] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14Include right header file Public selinux functions are defined in file src/tools/selinux.c (selinux_file_context, reset_selinux_file_context, set_seuser, del_seuser), but wrong header file was included "util/util.h" All declarations are in header file "tools/tools_util.h". This patch include right header file.
13:15 Changeset [5cd4414] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14Include header file in implementation module. Declarations of public functions was in header files, but header files was not included in implementation file.
13:10 Ticket #2091 (Document that server side password policies always takes precedence) closed by jhrozek
fixed: * master: 56ed2be9a95cb5713ef72c4933e362a36dc7a607 * sssd-1-11: …
13:10 Ticket #2087 (The multicast check is wrong in the sudo source code getting the host info) closed by jhrozek
fixed: * master: 6982b488e03b8e29e186f0c54cf5f80438cceadd * sssd-1-11: …
13:10 Changeset [a9b2c8f] by Jakub Hrozek <jhrozek@…>
sssd-1-11Convert IN_MULTICAST parameter to host order https://fedorahosted.org/sssd/ticket/2087 IN_MULTICAST accepts address in the host order, but network order was supplied.
13:10 Changeset [539fdce] by Jakub Hrozek <jhrozek@…>
sssd-1-11man: server side password policies always takes precedence https://fedorahosted.org/sssd/ticket/2091
13:08 Changeset [6982b48] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14Convert IN_MULTICAST parameter to host order https://fedorahosted.org/sssd/ticket/2087 IN_MULTICAST accepts address in the host order, but network order was supplied.
13:08 Changeset [56ed2be] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14man: server side password policies always takes precedence https://fedorahosted.org/sssd/ticket/2091
12:27 Ticket #2097 (Build library libsss_test_common in test phase) created by lslebodn
Although static library libsss_test_common is used only in tests, it is …

09/23/13:

15:13 Changeset [94162ba] by Jakub Hrozek <jhrozek@…>
sssd-1-9Check slot validity before MC_SLOT_TO_PTR. resolves: https://fedorahosted.org/sssd/ticket/2049
15:12 Changeset [ceb0aad] by Jakub Hrozek <jhrozek@…>
sssd-1-10Check slot validity before MC_SLOT_TO_PTR. resolves: https://fedorahosted.org/sssd/ticket/2049
15:11 Changeset [f1dba8ec] by Jakub Hrozek <jhrozek@…>
sssd-1-11Check slot validity before MC_SLOT_TO_PTR. resolves: https://fedorahosted.org/sssd/ticket/2049
15:04 Changeset [581de96] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14mmap_cache: Use two chains for hash collision. struct sss_mc_rec had two hash members (hash1 and hash2) but only one next member. This was a big problem in case of higher probability of hash collision. structure sss_mc_rec will have two next members (next1, next2) with this patch. next1 is related to hash1 and next2 is related to hash1. Iterating over chains is changed, because we need to choose right next pointer. Right next pointer will be chosen after comparing record hashes. This behaviour is wrapped in function sss_mc_next_slot_with_hash. Adding new record to chain is also changed. The situation is very similar to iterating. We need to choose right next pointer (next1 or next2). Right next pointer will be chosen after comparing record hashes. Adding reference to next slot is wrapped in function sss_mc_chain_slot_to_record_with_hash Size of structure sss_mc_rec was increased from 32 bytes to 40 bytes. Resolves: https://fedorahosted.org/sssd/ticket/2049
15:04 Changeset [b2c1b99] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14Revert "mmap_cache: Skip records which doesn't have same hash" This reverts commit 4662725ffef62b3b2502481438effa7c8fef9f80.
15:02 Ticket #2060 (Cached credentials aren't working with sssd-ad UPN logins) closed by jhrozek
fixed: * master: * b9dadaa81c2d08fc6857442d557a145c45a93b52 * …
15:01 Changeset [6a9ef2c] by Jakub Hrozek <jhrozek@…>
sssd-1-11krb5: save canonical upn to sysdb If the returned TGT contains a different user principal name (upn) than used in the request, i.e. the upn was canonicalized, we currently save it to sysdb into the same attribute where the upn coming from an LDAP server is stored as well. This means the canonical upn might be overwritten when the user data is re-read from the LDAP server. To avoid this this patch add a new attribute to sysdb where the canonical upn is stored and makes sure it is used when available. Fixes https://fedorahosted.org/sssd/ticket/2060
15:01 Changeset [3be9a74d] by Jakub Hrozek <jhrozek@…>
sssd-1-11krb5: do not expand enterprise principals is offline Expanding a principle to an enterprise principal only makes sense if there is a KDC available which can process it. If we are offline the plain principal should be used, e.g. to create an expired ccache. Fixes https://fedorahosted.org/sssd/ticket/2060
15:00 Changeset [b9dadaa] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14krb5: do not expand enterprise principals is offline Expanding a principle to an enterprise principal only makes sense if there is a KDC available which can process it. If we are offline the plain principal should be used, e.g. to create an expired ccache. Fixes https://fedorahosted.org/sssd/ticket/2060
15:00 Changeset [764aa04] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14krb5: save canonical upn to sysdb If the returned TGT contains a different user principal name (upn) than used in the request, i.e. the upn was canonicalized, we currently save it to sysdb into the same attribute where the upn coming from an LDAP server is stored as well. This means the canonical upn might be overwritten when the user data is re-read from the LDAP server. To avoid this this patch add a new attribute to sysdb where the canonical upn is stored and makes sure it is used when available. Fixes https://fedorahosted.org/sssd/ticket/2060
09:38 Ticket #2096 (If POSIX IDs are managed by AD the PAC responder must call the ID provider ...) created by sbose
Since the PAC does not contain any information about POSIX UIDs and GIDs …
08:48 Ticket #2095 (libiniconfig doesn't trim trailing whitespace) created by jhrozek
libiniconfig used to trim trailing whitespace of values, but recent …

09/22/13:

09:41 Changeset [d2f47465] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14Check return values of setenv and unsetenv
09:36 Ticket #2075 (sssd fails to retrieve netgroups with multiple CN attributes) closed by jhrozek
fixed: * master: a8e7d395b4aab4e7a236aebf162a844ae51cc7db * sssd-1-11: …
09:34 Ticket #2067 (Carry on if detecting the flat name fails) closed by jhrozek
fixed: * master: 09b915007009b3e7a0942630fae132a6c534e349 * sssd-1-11: …
09:30 Changeset [9b4fccf] by Jakub Hrozek <jhrozek@…>
sssd-1-11LDAP: Use primary cn to search netgroup Resolves: https://fedorahosted.org/sssd/ticket/2075
09:30 Changeset [e5f1c41] by Jakub Hrozek <jhrozek@…>
sssd-1-11AD: Failure to get flat name is not fatal https://fedorahosted.org/sssd/ticket/2067 Some AD or AD-like servers do not contain the netlogon attribute in the master domain name. Instead of failing completely, we should just abort the master domain request and carry on. The only functionality we miss would be getting users by domain flat name.

09/20/13:

18:52 Changeset [09b9150] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14AD: Failure to get flat name is not fatal https://fedorahosted.org/sssd/ticket/2067 Some AD or AD-like servers do not contain the netlogon attribute in the master domain name. Instead of failing completely, we should just abort the master domain request and carry on. The only functionality we miss would be getting users by domain flat name.
18:52 Changeset [a8e7d39] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14LDAP: Use primary cn to search netgroup Resolves: https://fedorahosted.org/sssd/ticket/2075
18:52 Changeset [4865dcbe] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14RESPONDER: Use right function prototype Protype of function sss_ncache_check_netgr was different than definition of function sss_ncache_check_netgr. We did not catch it, because header file "responder/common/negcache.h" was not included in implementation file "responder/common/negcache.c"
18:36 Ticket #2085 (man sssd-sudo: improve description of necessary configuration) closed by jhrozek
fixed: * master - 6835cbe127490f99b5b28ddf133924d905cf78fd * sssd-1-11 - …
18:28 Changeset [5ba03a1] by Jakub Hrozek <jhrozek@…>
sssd-1-11man: improve sssd-sudo manual page Resolves: https://fedorahosted.org/sssd/ticket/2085
18:28 Changeset [1a874ba] by Jakub Hrozek <jhrozek@…>
sssd-1-11sdap_domain_add: remove too strict consistency check The check worked for simple setups but fails e.g. in environment with trusts.
18:13 Changeset [794bfc6] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14sdap_domain_add: remove too strict consistency check The check worked for simple setups but fails e.g. in environment with trusts.
18:13 Changeset [6835cbe] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14man: improve sssd-sudo manual page Resolves: https://fedorahosted.org/sssd/ticket/2085
18:13 Changeset [7b58d63] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14MAN: Fix provider man page subtitle
18:13 Changeset [9dc153a] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14LDAP: Deprecate ldap_{user,group}_search_filter
14:04 Ticket #2094 (find uid tests fail) created by simo
Since the systemd-login patches have been added the tests fail in su/sudo …

09/19/13:

18:40 Ticket #2093 (sssd should write capaths for IPA trusted forests' subdomains) created by abbra
When IPA ticket #3909 is resolved, IPA LDAP will have information about …
14:53 Ticket #2092 (Group lookup is not returned immediately after service startup) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …
10:54 Ticket #2091 (Document that server side password policies always takes precedence) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …

09/18/13:

17:28 Ticket #2068 (Initial enumeration in the AD provider does not work) closed by jhrozek
fixed
17:15 Changeset [287e03ae] by Jakub Hrozek <jhrozek@…>
sssd-1-11AD: async request to retrieve master domain info Adds a reusable async request to download the master domain info.
17:15 Changeset [55403f5] by Jakub Hrozek <jhrozek@…>
sssd-1-11LDAP: sdap_id_setup_tasks accepts a custom enum request AD provider will override the default with its own.
17:15 Changeset [86809d5] by Jakub Hrozek <jhrozek@…>
sssd-1-11AD: Download master domain info when enumerating https://fedorahosted.org/sssd/ticket/2068 With the current design, downloading master domain data was tied to subdomains refresh, triggered by responders. But because enumeration is a background task that can't be triggered on its own, we can't rely on responders to download the master domain data and we need to check the master domain on each enumeration request.
17:06 Changeset [7480279] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14AD: Download master domain info when enumerating https://fedorahosted.org/sssd/ticket/2068 With the current design, downloading master domain data was tied to subdomains refresh, triggered by responders. But because enumeration is a background task that can't be triggered on its own, we can't rely on responders to download the master domain data and we need to check the master domain on each enumeration request.
17:06 Changeset [31ad608] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14AD: async request to retrieve master domain info Adds a reusable async request to download the master domain info.
17:06 Changeset [21f749c] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14LDAP: sdap_id_setup_tasks accepts a custom enum request AD provider will override the default with its own.
16:56 Changeset [d683782] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14BE: Log domain name to journald if available If the SSSD is compiled with journald support, then all sss_log() statements will include a new field called "SSSD_DOMAIN" that includes the domain name. Filtering only messages from the single domain is then as easy as: # journalctl SSSD_DOMAIN=foo.example.com
16:56 Changeset [77c0d1f] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14Add journald support
15:47 Ticket #2090 (getpwuid and getgrgid do not use the negative cache) created by jhrozek
There is a bug in the NSS responder that bypasses the negative cache in …

09/17/13:

17:49 Changeset [fd0ef16] by Jakub Hrozek <jhrozek@…>
sssd-1-11KRB5: Call umask before mkstemp in the krb5 child code
17:42 Changeset [11a0445] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14KRB5: Call umask before mkstemp in the krb5 child code
17:42 Changeset [a21ccb8] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14Do not set HAVE_SYSTEMD_LOGIN if libsystemd-login is not available Even if HAVE_SYSTEMD_LOGIN is set to 0 #ifdef will still see it as defined.
17:42 Changeset [d898e65] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14nss: Wrong debug message.
14:19 Ticket #2034 ([RFE] simple access provider: support subdomain users and groups) closed by jhrozek
fixed: * master * a0d010f488bf15fb3e170ce04092013fa494401f * …
14:13 Changeset [786ccf0] by Jakub Hrozek <jhrozek@…>
sssd-1-11util: add sss_idmap_talloc[_free] Remove code duplication.
14:13 Changeset [27c0d8c] by Jakub Hrozek <jhrozek@…>
sssd-1-11simple access tests: fix typos
14:13 Changeset [c4a1a670] by Jakub Hrozek <jhrozek@…>
sssd-1-11simple provider: support subdomain users Resolves: https://fedorahosted.org/sssd/ticket/2034
14:13 Changeset [1110ac9] by Jakub Hrozek <jhrozek@…>
sssd-1-11util: add find_subdomain_by_sid() This function takes domain SID (doesn't have the last component) or object SID (have all components) and returns subdomain. The subdomain is found by comparing domain->domainid with the SID. E.g. domain SID: S-1-5-21-3940105347-3434501867-2690409756 object SID: S-1-5-21-3940105347-3434501867-2690409756-513 Resolves: https://fedorahosted.org/sssd/ticket/2034
14:13 Changeset [73cb76c5] by Jakub Hrozek <jhrozek@…>
sssd-1-11util: add find_subdomain_by_object_name() This function will parse object name into name and domain name part and return appropriate sss domain. Resolves: https://fedorahosted.org/sssd/ticket/2034
14:13 Changeset [18b14d1] by Jakub Hrozek <jhrozek@…>
sssd-1-11simple provider: support subdomain groups Resolves: https://fedorahosted.org/sssd/ticket/2034
14:13 Changeset [8673162] by Jakub Hrozek <jhrozek@…>
sssd-1-11simple access test: initialize be_ctx for all tests Recent simple access provider patches started using be_ctx during access check. This caused segfault in unit tests, since be_ctx wasn't initialized. Resolves: https://fedorahosted.org/sssd/ticket/2034
14:13 Changeset [bc37d07] by Jakub Hrozek <jhrozek@…>
sssd-1-11simple provider: obey case sensitivity for subdomain users and groups When comparing username and his groups to access list, we will obey case sensitivity of object from access list. Resolves: https://fedorahosted.org/sssd/ticket/2034
14:02 Changeset [7212411] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14simple provider: support subdomain users Resolves: https://fedorahosted.org/sssd/ticket/2034
14:02 Changeset [e1f6873] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14util: add find_subdomain_by_sid() This function takes domain SID (doesn't have the last component) or object SID (have all components) and returns subdomain. The subdomain is found by comparing domain->domainid with the SID. E.g. domain SID: S-1-5-21-3940105347-3434501867-2690409756 object SID: S-1-5-21-3940105347-3434501867-2690409756-513 Resolves: https://fedorahosted.org/sssd/ticket/2034
14:02 Changeset [0b81cc5] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14util: add find_subdomain_by_object_name() This function will parse object name into name and domain name part and return appropriate sss domain. Resolves: https://fedorahosted.org/sssd/ticket/2034
14:02 Changeset [115241b] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14simple provider: support subdomain groups Resolves: https://fedorahosted.org/sssd/ticket/2034
14:02 Changeset [219781d] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14simple access test: initialize be_ctx for all tests Recent simple access provider patches started using be_ctx during access check. This caused segfault in unit tests, since be_ctx wasn't initialized. Resolves: https://fedorahosted.org/sssd/ticket/2034
14:02 Changeset [a0d010f] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14simple provider: obey case sensitivity for subdomain users and groups When comparing username and his groups to access list, we will obey case sensitivity of object from access list. Resolves: https://fedorahosted.org/sssd/ticket/2034
14:02 Changeset [a473fb88] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14util: add sss_idmap_talloc[_free] Remove code duplication.
14:02 Changeset [588a67a] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14simple access tests: fix typos

09/16/13:

19:33 DesignDocs/Smartcards edited by nalin
(diff)
19:31 DesignDocs/Smartcards edited by nalin
rethink out-of-band authentication a bit (diff)
19:08 DesignDocs/Smartcards edited by nalin
notes on client-side configuration being able to limit the attempted … (diff)
14:06 Changeset [1f62bcc] by Jakub Hrozek <jhrozek@…>
sssd-1-9AUTOTOOLS: Fix warnings: macro xyz not found in library This patch also fixes warning generated by newer version of automake. /usr/share/automake-1.13/am/ltlibrary.am: archiver requires 'AM_PROG_AR' in 'configure.ac'
14:01 Changeset [d0017ae] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14Add missing new line in DEBUG message
13:56 Ticket #2084 (check for active sessions not troll proc for uids) closed by jhrozek
fixed: * master: b49a7d90708e816120ff88ce5a88fa62b35ff795
13:48 Changeset [b49a7d9] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14util: Use systemd-login to check user sessions Use systemd-lgin in preference to check if the user is logged in or not. Fall back to the old method if no systemd-login support is available at compile time or if it returns a fatal error, and can't determine the status of the user on its own. This will allow to consider a user really active (in order to reuse or refresh crdentials) only if it really is logged into the system, and not just if one of the user's processes is stuck around. Resolves: https://fedorahosted.org/sssd/ticket/2084

09/13/13:

15:54 Changeset [f48be9b3] by Jakub Hrozek <jhrozek@…>
sssd-1-9Rename _SSS_MC_SPECIAL If the environment variable _SSS_MC_SPECIAL is set to "NO", the mmap cache is skipped in the client code. The name is not very descriptive. This patch renames the variable to SSS_NSS_USE_MEMCACHE.
15:54 Changeset [2e2fb25] by Jakub Hrozek <jhrozek@…>
sssd-1-9man sssd: Add note about SSS_NSS_USE_MEMCACHE
15:40 Changeset [e2bf93a] by Jakub Hrozek <jhrozek@…>
sssd-1-10Rename _SSS_MC_SPECIAL If the environment variable _SSS_MC_SPECIAL is set to "NO", the mmap cache is skipped in the client code. The name is not very descriptive. This patch renames the variable to SSS_NSS_USE_MEMCACHE.
15:40 Changeset [527ea66] by Jakub Hrozek <jhrozek@…>
sssd-1-10man sssd: Add note about SSS_NSS_USE_MEMCACHE
15:33 Changeset [bef7e40] by Jakub Hrozek <jhrozek@…>
sssd-1-11Rename _SSS_MC_SPECIAL If the environment variable _SSS_MC_SPECIAL is set to "NO", the mmap cache is skipped in the client code. The name is not very descriptive. This patch renames the variable to SSS_NSS_USE_MEMCACHE.
15:33 Changeset [3c999b2] by Jakub Hrozek <jhrozek@…>
sssd-1-11man sssd: Add note about SSS_NSS_USE_MEMCACHE
15:27 Changeset [fb1613b] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14Rename _SSS_MC_SPECIAL If the environment variable _SSS_MC_SPECIAL is set to "NO", the mmap cache is skipped in the client code. The name is not very descriptive. This patch renames the variable to SSS_NSS_USE_MEMCACHE.
15:27 Changeset [6d2942eb] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14man sssd: Add note about SSS_NSS_USE_MEMCACHE
14:41 Ticket #1918 (Undocument and deprecate ipa_hbac_support_srchost) closed by jhrozek
fixed: * master: caf576da562bf7bd30e74ad921c1212ec7d230bc
14:34 Changeset [caf576da] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14IPA: Deprecate ipa_hbac_support_srchost option This option got already deprecated on the ipa server side. Option is undocumented and warning is printed both to the sssd log files and syslog. Resolves: https://fedorahosted.org/sssd/ticket/1918
14:33 Ticket #1187 (Delete IPA specific attribute mappings from man page) closed by jhrozek
fixed: * master: 777b638893289fa0b8743415ff1945c6468bd8b0
14:29 Changeset [357580cf] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14Bump version to track 1.12 development
14:29 Changeset [777b638] by Jakub Hrozek <jhrozek@…>
mastersssd-1-12sssd-1-13sssd-1-14MAN: Remove IPA specific LDAP settings Resolves: https://fedorahosted.org/sssd/ticket/1187
13:00 DesignDocs/ActiveDirectoryAccessControl edited by jhrozek
(diff)
12:18 DesignDocs/ActiveDirectoryAccessControl edited by jhrozek
(diff)
11:00 DesignDocs/ActiveDirectoryAccessControl edited by jhrozek
(diff)
09:37 Ticket #2089 (ldap_sudorule_object_class default is sudoRule insted of sudoRole) created by tothandor
It's really hard to notice this typo, and it's really vexing.
09:37 DesignDocs/ActiveDirectoryAccessControl edited by jhrozek
(diff)
09:35 DesignDocs/ActiveDirectoryAccessControl edited by jhrozek
(diff)
09:32 DesignDocs/ActiveDirectoryAccessControl edited by jhrozek
(diff)

09/12/13:

21:47 DesignDocs/ActiveDirectoryAccessControl edited by jhrozek
(diff)
21:33 DesignDocs/ActiveDirectoryAccessControl edited by jhrozek
(diff)
21:16 DesignDocs/ActiveDirectoryAccessControl edited by jhrozek
(diff)
18:38 DesignDocs/ActiveDirectoryAccessControl edited by jhrozek
(diff)
17:38 DesignDocs/ActiveDirectoryAccessControl created by jhrozek
17:11 Changeset [dd7d72e] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14KRB: Remove unused memory context mem_ctx was unused in function get_domain_or_subdomain
17:11 Changeset [10bc88a] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14KRB: Remove unused function parameters Parameter "int *dp_err" and parameter "int *pam_status" were unused in static function krb5_auth_prepare_ccache_name.
17:09 Changeset [c4545b1e] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14Remove unused code
17:09 Changeset [b4d70eb] by Jakub Hrozek <jhrozek@…>
mastersssd-1-11sssd-1-12sssd-1-13sssd-1-14TESTS: Remove unused variable The tmpl variable was only ever used to default to FILE backend in case absolute patch w/o ccache type was selected. Since backends are no longer there, we can remove the variable, too.
16:28 Ticket #2088 (Reorganize the sssd-ldap manual page) created by jhrozek
Currently the options in the man page are one mixed bag, attribute options …
16:15 Ticket #2087 (The multicast check is wrong in the sudo source code getting the host info) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Fedora): …
12:01 Ticket #2086 (utils: namespace domain_info_utils.c) created by pbrezina
We should use one namespace for the function in domain_info_utils.c.
Note: See TracTimeline for information about the timeline view.