sssd.git/src/providers, branch f23 sssd with jhrozek's patches IPA: Always re-fetch the keytab from the IPA server 2015-09-07T16:22:05+00:00 Jakub Hrozek jhrozek@redhat.com 2015-07-24T11:13:08+00:00 042600d08a9d3188d7d3135fc235e6a7c2237a4b Even if a keytab for one-way trust exists, re-fetch the keytab again and try to use it. Fall back to the previous one if it exists. This is in order to allow the admin to re-establish the trust keytabs with a simple sssd restart. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Even if a keytab for one-way trust exists, re-fetch the keytab again and
try to use it. Fall back to the previous one if it exists.

This is in order to allow the admin to re-establish the trust keytabs
with a simple sssd restart.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
IPA: Change the default of ldap_user_certificate to userCertificate;binary 2015-09-07T16:21:48+00:00 Jakub Hrozek jhrozek@redhat.com 2015-08-10T10:40:39+00:00 6a5abcaf3eb6133bc96c44a11e423fe7a0dca3a6 This is safe from ldb point of view, because ldb gurantees the data is NULL-terminated. We must be careful before we save the data, though. Resolves: https://fedorahosted.org/sssd/ticket/2742 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
This is safe from ldb point of view, because ldb gurantees the data is
NULL-terminated. We must be careful before we save the data, though.

Resolves:
https://fedorahosted.org/sssd/ticket/2742

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
LDAP: use ldb_binary_encode when printing attribute values 2015-09-07T16:21:42+00:00 Jakub Hrozek jhrozek@redhat.com 2015-08-10T10:40:30+00:00 0158fc7bd5b1ffeb2ae9929e5af6924c831a132a Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
IPA: Handle sssd-owned keytabs when running as root 2015-09-07T16:20:27+00:00 Jakub Hrozek jhrozek@redhat.com 2015-07-22T15:20:11+00:00 fd68d59f701ff90e4baae7b4bd137c374c719e8a https://fedorahosted.org/sssd/ticket/2718 This patch handles the case where the keytab is created with sssd:sssd ownership (perhaps by the IPA oddjob script) but SSSD runs as root, which is the default in many distributions. Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com> 
https://fedorahosted.org/sssd/ticket/2718

This patch handles the case where the keytab is created with sssd:sssd
ownership (perhaps by the IPA oddjob script) but SSSD runs as root,
which is the default in many distributions.

Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
IPA: Better debugging 2015-09-07T16:20:14+00:00 Jakub Hrozek jhrozek@redhat.com 2015-07-22T13:17:57+00:00 9581883ba3d8651aca3888d6883f41280cd97979 Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com> 
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
IPA: Remove MPG groups if getgrgid was called before getpw() 2015-09-07T16:12:16+00:00 Jakub Hrozek jhrozek@redhat.com 2015-07-21T09:44:03+00:00 e5dcfc2888611cadc482307d8b5147f85332ec86 https://fedorahosted.org/sssd/ticket/2724 This bug only affects IPA clients that are connected to IPA servers with AD trust and ID mapping in effect. If an IPA client calls getgrgid() for an ID that matches a user, the user's private group would be returned and stored as a group entry. Subsequent queries for that user would fail, because MPG domains impose uniqueness restriction for both the ID and name space across groups and users. To work around that, we remove the UPG groups in MPG domains during a group lookup. Reviewed-by: Sumit Bose <sbose@redhat.com> 
https://fedorahosted.org/sssd/ticket/2724

This bug only affects IPA clients that are connected to IPA servers with
AD trust and ID mapping in effect.

If an IPA client calls getgrgid() for an ID that matches a user, the
user's private group would be returned and stored as a group entry.

Subsequent queries for that user would fail, because MPG domains impose
uniqueness restriction for both the ID and name space across groups and
users.

To work around that, we remove the UPG groups in MPG domains during a
group lookup.

Reviewed-by: Sumit Bose <sbose@redhat.com>
DYNDNS: special value '*' for dyndns_iface option 2015-09-07T16:08:17+00:00 Pavel Reichl preichl@redhat.com 2015-07-14T08:21:34+00:00 236e56df392a18ac0ccc23f56f4e9586f996a16f Option dyndns_iface has now special value '*' which implies that IPs from add interfaces should be sent during DDNS update. 
Option dyndns_iface has now special value '*' which implies that IPs
from add interfaces should be sent during DDNS update.
DYNDNS: support mult. interfaces for dyndns_iface opt 2015-09-07T16:08:10+00:00 Pavel Reichl preichl@redhat.com 2015-07-08T13:08:03+00:00 8aa8acd9440013409ea8a6963611d399873b4fbe Resolves: https://fedorahosted.org/sssd/ticket/2549 
Resolves:
https://fedorahosted.org/sssd/ticket/2549
DYNDNS: sss_iface_addr_list_get return ENOENT 2015-09-07T16:08:02+00:00 Pavel Reichl preichl@redhat.com 2015-07-08T13:01:24+00:00 7837d8ed79181ff115f1193cccbec6c3455d1dd3 If none of eligible interfaces matches ifname then ENOENT is returned. Resolves: https://fedorahosted.org/sssd/ticket/2549 
If none of eligible interfaces matches ifname then ENOENT is returned.

Resolves:
https://fedorahosted.org/sssd/ticket/2549
KRB5: Return right data provider error code 2015-09-07T16:07:06+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-07-14T10:48:47+00:00 3e42297426742313bbbfaa868553857acba78feb Resolves: https://fedorahosted.org/sssd/ticket/2719 Reviewed-by: Michal Židek <mzidek@redhat.com> 
Resolves:
https://fedorahosted.org/sssd/ticket/2719

Reviewed-by: Michal Židek <mzidek@redhat.com>