sssd.git/src/providers/ad, branch tests sssd with jhrozek's patches AD: add debug messages for netlogon get info 2015-09-30T13:39:11+00:00 Pavel Reichl preichl@redhat.com 2015-09-22T15:00:38+00:00 1e87219471c1220c773ea75b211ad0a4d087d869 Reviewed-by: Petr Cech <pcech@redhat.com> 
Reviewed-by: Petr Cech <pcech@redhat.com>
AD: inicialize root_domain_attrs field 2015-09-30T07:48:33+00:00 Pavel Reichl preichl@redhat.com 2015-09-24T15:03:12+00:00 101628a48d25ffae3b13c75d0b0b01577188c803 Resolves: https://fedorahosted.org/sssd/ticket/2805 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Resolves:
https://fedorahosted.org/sssd/ticket/2805

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
AD: Set ignore_mark_offline=false when resolving AD root domain 2015-09-21T15:04:13+00:00 Jakub Hrozek jhrozek@redhat.com 2015-09-02T12:10:03+00:00 ece345a74cec793e6d970a4955beb3d4a05935b3 https://fedorahosted.org/sssd/ticket/2637 Avoid going offline in cases where SSSD is connected to a child domain but the root domain is not accessible. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
https://fedorahosted.org/sssd/ticket/2637

Avoid going offline in cases where SSSD is connected to a child domain
but the root domain is not accessible.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
AD: Do not mark the whole back end as offline if subdomain lookup fails 2015-09-21T15:04:10+00:00 Jakub Hrozek jhrozek@redhat.com 2015-09-02T13:52:51+00:00 64d4b1e5fd4a3c99ef8d8fef6ad0db52c5152c1c Required for: https://fedorahosted.org/sssd/ticket/2637 Rather mark the domain as inactive. It will be marked as active later, in the meantime the main domain can continue to work online and subdomain requests will be answered from cache. The lookup request itself just returns a special error code and lets the caller handle the error code as appropriate (normally by disabling the subdomain temporarily). Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Required for:
https://fedorahosted.org/sssd/ticket/2637

Rather mark the domain as inactive. It will be marked as active later,
in the meantime the main domain can continue to work online and
subdomain requests will be answered from cache.

The lookup request itself just returns a special error code and lets the
caller handle the error code as appropriate (normally by disabling the
subdomain temporarily).

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
AD: Only ignore errors from SDAP lookups if there's another connection to fallback to 2015-09-21T15:04:04+00:00 Jakub Hrozek jhrozek@redhat.com 2015-09-02T11:42:06+00:00 7fc8692d49cdaa0368072f196433c07b475da679 Required for: https://fedorahosted.org/sssd/ticket/2637 The AD lookup code honors the ignore_mark_offline flag in the sense that if it's set, the sdap return code is not reported to the upper layer, but EOK is returned as request status and the sdap return code is returned separately. This patch modifies the behaviour further to only apply if there is another connection to fall back to. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Required for:
https://fedorahosted.org/sssd/ticket/2637

The AD lookup code honors the ignore_mark_offline flag in the sense that
if it's set, the sdap return code is not reported to the upper layer,
but EOK is returned as request status and the sdap return code is
returned separately.

This patch modifies the behaviour further to only apply if there is
another connection to fall back to.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
UTIL: Convert domain->disabled into tri-state with domain states 2015-09-21T15:03:01+00:00 Jakub Hrozek jhrozek@redhat.com 2015-08-18T15:15:44+00:00 b5825c74b6bf7a99ae2172392dbecb51179013a6 Required for: https://fedorahosted.org/sssd/ticket/2637 This is a first step towards making it possible for domain to be around, but not contacted by Data Provider. Also explicitly create domains as active, previously we only relied on talloc_zero marking dom->disabled as false. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Required for:
https://fedorahosted.org/sssd/ticket/2637

This is a first step towards making it possible for domain to be around,
but not contacted by Data Provider.

Also explicitly create domains as active, previously we only relied on
talloc_zero marking dom->disabled as false.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
GPO: use SDAP_SASL_AUTHID as samAccountName 2015-09-14T13:52:40+00:00 Sumit Bose sbose@redhat.com 2015-09-01T11:30:19+00:00 560b624b34895df55bf489a1d53380c6c8c82e03 The samAccountName for AD hosts is the hosts NetBIOS name with a trailing $. Since there is a size limit on NetBIOS names long DNS names must be truncated to find a matching entry in the AD LDAP tree. The NetBIOS name is already needed during kinit/SASL bind where the SDAP_SASL_AUTHID config option is used. Since the GPO lookup code is only reached after the SASL bind was successful we can safely assume that the name is correct and use it for the GPO lookup. Resolves https://fedorahosted.org/sssd/ticket/2692 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
The samAccountName for AD hosts is the hosts NetBIOS name with a
trailing $. Since there is a size limit on NetBIOS names long DNS names
must be truncated to find a matching entry in the AD LDAP tree.

The NetBIOS name is already needed during kinit/SASL bind where the
SDAP_SASL_AUTHID config option is used. Since the GPO lookup code is
only reached after the SASL bind was successful we can safely assume
that the name is correct and use it for the GPO lookup.

Resolves https://fedorahosted.org/sssd/ticket/2692

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
GPO: fix memory leak 2015-09-07T16:39:57+00:00 Pavel Reichl preichl@redhat.com 2015-09-03T08:46:50+00:00 5dbdcc2c7210a0e3eb60ad1e85ba33f27d7faeda Resolves: https://fedorahosted.org/sssd/ticket/2777 Reviewed-by: Michal Židek <mzidek@redhat.com> 
Resolves:
https://fedorahosted.org/sssd/ticket/2777

Reviewed-by: Michal Židek <mzidek@redhat.com>
GPO: Use sss_unique_file and close fd on failure 2015-09-01T11:01:42+00:00 Jakub Hrozek jhrozek@redhat.com 2015-08-12T10:45:34+00:00 3954cd07dae78bf79136f0854472757d1ed26897 The GPO child didn't remove temporary file on failure and didn't close the fd on failure (the latter was not much of a problem for a short-lived child process). Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
The GPO child didn't remove temporary file on failure and didn't close
the fd on failure (the latter was not much of a problem for a
short-lived child process).

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
AD: send less logs to syslog 2015-09-01T09:26:26+00:00 Pavel Reichl preichl@redhat.com 2015-08-28T12:06:18+00:00 bfa5e3869bb68213f08169efe55c45cb625e8fd0 Create new callback that handles logging messages in cyrus sasl library. Resolves: https://fedorahosted.org/sssd/ticket/2561 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Create new callback that handles logging messages in cyrus sasl library.

Resolves:
https://fedorahosted.org/sssd/ticket/2561

Reviewed-by: Pavel Březina <pbrezina@redhat.com>