sssd.git/src/config, branch sysdb sssd with jhrozek's patches AD: Add autofs provider 2015-11-26T15:51:41+00:00 Jakub Hrozek jhrozek@redhat.com 2015-11-18T14:29:58+00:00 03b859510dc13a13a456ca4aa94c0561a0e9684c https://fedorahosted.org/sssd/ticket/1632 Adds the possibility to configure: autofs_provider = ad The AD autofs provider uses the rfc2307 (nis*) attribute maps. This is different (at the moment) from using autofs_provider=ldap with ldap_schema=ad. Reviewed-by: Ondrej Valousek <ondrejv2@fedoraproject.org> Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
https://fedorahosted.org/sssd/ticket/1632

Adds the possibility to configure:
    autofs_provider = ad

The AD autofs provider uses the rfc2307 (nis*) attribute maps. This is
different (at the moment) from using autofs_provider=ldap with
ldap_schema=ad.

Reviewed-by: Ondrej Valousek <ondrejv2@fedoraproject.org>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
p11: enable ocsp checks 2015-11-26T15:39:49+00:00 Sumit Bose sbose@redhat.com 2015-11-05T17:20:27+00:00 544a20de7667f05c1a406c4dea0706b0ab507430 This patch enables the Online Certificate Status Protocol in NSS and adds an option to disable it if needed. To make further tuning of certificate verification more easy it is not an option on its own but an option to the new certificate_verification configuration option. Resolves https://fedorahosted.org/sssd/ticket/2812 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This patch enables the Online Certificate Status Protocol in NSS and
adds an option to disable it if needed. To make further tuning of
certificate verification more easy it is not an option on its own but an
option to the new certificate_verification configuration option.

Resolves https://fedorahosted.org/sssd/ticket/2812

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SSSD: Add a new option diag_cmd 2015-11-13T09:55:50+00:00 Jakub Hrozek jhrozek@redhat.com 2015-11-02T10:41:31+00:00 89530c830ded58c6140cdb34c9de07bf77bb5bc0 This option is an optional one that is run when a sbus ping times out and before a SIGKILL signal is sent. It is undocumented by default. diag_cmd (string): A command that should be run for diagnostic purpose when an sbus timeout fails. The option value may contain %p which would be expanded for the process ID of the process that timed out Example: pstack %p This setting would print the stackstrace of the service whose ping timed out. Default: not set. Reviewed-by: Petr Cech <pcech@redhat.com> 
This option is an optional one that is run when a sbus ping times out
and before a SIGKILL signal is sent.

It is undocumented by default.

diag_cmd (string):
A command that should be run for diagnostic purpose when an sbus timeout
fails. The option value may contain %p which would be expanded for the
process ID of the process that timed out

Example:
        pstack %p
This setting would print the stackstrace of the service whose ping timed out.

Default: not set.

Reviewed-by: Petr Cech <pcech@redhat.com>
SSSDConfigTest: Test real config without config_file_version 2015-10-19T12:14:52+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-10-15T09:04:06+00:00 7388fc91bd6c22705e60632346ec815f4a4963f1 src/config/testconfigs/sssd-valid.conf explicitly contains config_file_version. Recently we changed the default value to 2 and therefore it needn't be listed in configuration file. This patch test real sssd.conf without config_file_version. Reviewed-by: Michal Židek <mzidek@redhat.com> 
src/config/testconfigs/sssd-valid.conf explicitly contains
config_file_version. Recently we changed the default value to 2
and therefore it needn't be listed in configuration file.
This patch test real sssd.conf without config_file_version.

Reviewed-by: Michal Židek <mzidek@redhat.com>
SSSDConfigTest: Try load saved config 2015-10-19T12:14:48+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-10-15T08:32:09+00:00 87ef67286b64af98d32a3a5abcd28a9c2886f751 Python module SSSDConfig should be able to save configuration file and later load the same configuration file without problem. Unit test for: https://fedorahosted.org/sssd/ticket/2837 Reviewed-by: Michal Židek <mzidek@redhat.com> 
Python module SSSDConfig should be able to save configuration file
and later load the same configuration file without problem.

Unit test for:
https://fedorahosted.org/sssd/ticket/2837

Reviewed-by: Michal Židek <mzidek@redhat.com>
SSSDConfig: Do not raise exception if config_file_version is missing 2015-10-19T12:04:08+00:00 Michal Židek mzidek@redhat.com 2015-10-15T16:53:37+00:00 6a044fa43d53638c1d0b874d43f58c0428820362 Ticket: https://fedorahosted.org/sssd/ticket/2837 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Ticket:
https://fedorahosted.org/sssd/ticket/2837

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
PAM: Make p11_child timeout configurable 2015-09-23T21:08:50+00:00 Michal Židek mzidek@redhat.com 2015-09-07T13:19:53+00:00 d85be8ad409c9efa9cf9e9ab6f9c2d911b01e5c1 Ticket: https://fedorahosted.org/sssd/ticket/2773 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Ticket:
https://fedorahosted.org/sssd/ticket/2773

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>
CONFDB: Assume config file version 2 if missing 2015-09-03T07:32:15+00:00 Michal Židek mzidek@redhat.com 2015-07-07T13:15:32+00:00 175613be0cfb0890174d12d941e634d833b63dd9 Default to config file version 2 if the version is not specified explicitly. Ticket: https://fedorahosted.org/sssd/ticket/2688 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Default to config file version 2 if the version
is not specified explicitly.

Ticket:
https://fedorahosted.org/sssd/ticket/2688

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
DYNDNS: Add a new option dyndns_server 2015-08-14T21:51:02+00:00 Jakub Hrozek jhrozek@redhat.com 2014-07-06T20:53:27+00:00 8145ab51b05aa86b2f1a21b49383f55e50b0a2e3 Some environments use a different DNS server than identity server. For these environments, it would be useful to be able to override the DNS server used to perform DNS updates. This patch adds a new option dyndns_server that, if set, would be used to hardcode a DNS server address into the nsupdate message. Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Some environments use a different DNS server than identity server. For
these environments, it would be useful to be able to override the DNS
server used to perform DNS updates.

This patch adds a new option dyndns_server that, if set, would be used
to hardcode a DNS server address into the nsupdate message.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
sudo: use "higher value wins" when ordering rules 2015-08-14T20:47:45+00:00 Pavel Březina pbrezina@redhat.com 2015-07-29T12:51:30+00:00 52e3ee5c5ff2c5a4341041826a803ad42d2b2de7 This commit changes the default ordering logic (lower value wins) to a correct one that is used by native ldap support. It also adds a new option sudo_inverse_order to switch to the original SSSD (incorrect) behaviour if needed. Resolves: https://fedorahosted.org/sssd/ticket/2682 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This commit changes the default ordering logic (lower value wins) to
a correct one that is used by native ldap support. It also adds a new
option sudo_inverse_order to switch to the original SSSD (incorrect)
behaviour if needed.

Resolves:
https://fedorahosted.org/sssd/ticket/2682

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>