sssd.git/src/providers, branch tests sssd with jhrozek's patches AD: add debug messages for netlogon get info 2015-09-30T13:39:11+00:00 Pavel Reichl preichl@redhat.com 2015-09-22T15:00:38+00:00 1e87219471c1220c773ea75b211ad0a4d087d869 Reviewed-by: Petr Cech <pcech@redhat.com> 
Reviewed-by: Petr Cech <pcech@redhat.com>
AD: inicialize root_domain_attrs field 2015-09-30T07:48:33+00:00 Pavel Reichl preichl@redhat.com 2015-09-24T15:03:12+00:00 101628a48d25ffae3b13c75d0b0b01577188c803 Resolves: https://fedorahosted.org/sssd/ticket/2805 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Resolves:
https://fedorahosted.org/sssd/ticket/2805

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
IPA: Retry fetching keytab if IPA user lookup fails 2015-09-23T21:08:50+00:00 Jakub Hrozek jhrozek@redhat.com 2015-09-17T15:11:34+00:00 42bd89dbe77846b6ee60365bba50da521745bca1 Required for: https://fedorahosted.org/sssd/ticket/2639 Instead of calling ipa_get_ad_acct_send directly, call a new request ipa_srv_ad_acct_send. The new request wraps ipa_get_ad_acct_send and either tries to request a new keytab every time the lookup fails but the domain is online. be_mark_dom_offline() is called when the retry fails with the new code. The retry tries to re-setup the trusted domain. With two-way setups, the request is a no-op. With one-way trust setups, the request re-fetches new keytab unconditionally. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Required for:
    https://fedorahosted.org/sssd/ticket/2639

Instead of calling ipa_get_ad_acct_send directly, call a new request
ipa_srv_ad_acct_send. The new request wraps ipa_get_ad_acct_send and
either tries to request a new keytab every time the lookup fails but the
domain is online.

be_mark_dom_offline() is called when the retry fails with the new code.

The retry tries to re-setup the trusted domain. With two-way setups, the
request is a no-op. With one-way trust setups, the request re-fetches
new keytab unconditionally.

Reviewed-by: Sumit Bose <sbose@redhat.com>
FO: Also reset the server common data in addition to SRV 2015-09-23T21:08:50+00:00 Jakub Hrozek jhrozek@redhat.com 2015-09-21T10:31:38+00:00 bc58e1cfee742178f95922d964349d6c262f6df7 In a server that is expanded from a SRV query was reset, only it's 'meta-server' status was set to neutral, but the server->common structure still retained its not_working status. This patch also resets the status of the common structure so that both the SRV query and resolving the server are retried next time. Reviewed-by: Sumit Bose <sbose@redhat.com> 
In a server that is expanded from a SRV query was reset, only it's
'meta-server' status was set to neutral, but the server->common
structure still retained its not_working status.

This patch also resets the status of the common structure so that both
the SRV query and resolving the server are retried next time.

Reviewed-by: Sumit Bose <sbose@redhat.com>
FO: Add an API to reset all servers in a single service 2015-09-23T21:08:50+00:00 Jakub Hrozek jhrozek@redhat.com 2015-09-21T10:31:18+00:00 669ce24f8157b7d79914b3eb5a18214ef42aacc8 Required for: https://fedorahosted.org/sssd/ticket/2639 Previously, we had a function that allowed the caller to reset the status of all services in the global fail over context. This patch adds a new function that allows the caller to reset a single service instead. The main user would be IPA subdomain provider that might need to reset the status of an AD trusted domain on demand. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Required for:
    https://fedorahosted.org/sssd/ticket/2639

Previously, we had a function that allowed the caller to reset the
status of all services in the global fail over context. This patch adds
a new function that allows the caller to reset a single service instead.

The main user would be IPA subdomain provider that might need to reset
the status of an AD trusted domain on demand.

Reviewed-by: Sumit Bose <sbose@redhat.com>
IPA: Change ipa_server_trust_add_send request to be reusable from ID code 2015-09-23T21:08:50+00:00 Jakub Hrozek jhrozek@redhat.com 2015-09-17T15:09:24+00:00 4c53f8b7400630ae06459aa8b5079427edcaa348 Required for: https://fedorahosted.org/sssd/ticket/2639 Expose a request ipa_server_trusted_dom_setup_send that sets up a trusted domain. The setup might include actions like retrieving a keytab for one-way trusts. Creating the AD ID context for the trused domain is now done in the caller of this new request. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Required for:
    https://fedorahosted.org/sssd/ticket/2639

Expose a request ipa_server_trusted_dom_setup_send that sets up a
trusted domain. The setup might include actions like retrieving a keytab
for one-way trusts.

Creating the AD ID context for the trused domain is now done in the
caller of this new request.

Reviewed-by: Sumit Bose <sbose@redhat.com>
DYNDNS: Return right error code in case of failure 2015-09-23T13:32:01+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-09-23T11:50:22+00:00 75889713afc99ea52f4ff13b40672a12b28bdd41 The variable will be zero if getifaddrs succeeds and therefore wrong error code will be returned in case of insufficient memory (talloc_zero failed) Reviewed-by: Pavel Reichl <preichl@redhat.com> 
The variable will be zero if getifaddrs succeeds
and therefore wrong error code will be returned
in case of insufficient memory (talloc_zero failed)

Reviewed-by: Pavel Reichl <preichl@redhat.com>
DDNS: execute nsupdate for single update of PTR rec 2015-09-22T12:51:22+00:00 Pavel Reichl preichl@redhat.com 2015-09-12T13:09:35+00:00 eeac17ebbe38f16deaa8599231cccfc97aaac85c nsupdate fails definitely if any of update request fails when GSSAPI is used. As tmp solution nsupdate is executed for each update. Resolves: https://fedorahosted.org/sssd/ticket/2783 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
nsupdate fails definitely if any of update request fails when GSSAPI is used.

As tmp solution nsupdate is executed for each update.

Resolves:
https://fedorahosted.org/sssd/ticket/2783

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
IPA PROVIDER: Resolve nested netgroup membership 2015-09-22T12:43:26+00:00 Petr Cech pcech@redhat.com 2015-09-02T15:51:12+00:00 e6595222c41af84288d303e8d464ce45b1408ed3 Informations about usergroup membership are stored in memberOf attribute. And informations about hostgroup membership are stored in originalMemberOf. This patch add appropriate memberOf attributes for searching in. Ticket: https://fedorahosted.org/sssd/ticket/2275 Reviewed-by: Sumit Bose <sbose@redhat.com> 
Informations about usergroup membership are stored in memberOf
attribute. And informations about hostgroup membership are stored
in originalMemberOf.
This patch add appropriate memberOf attributes
for searching in.

Ticket: https://fedorahosted.org/sssd/ticket/2275

Reviewed-by: Sumit Bose <sbose@redhat.com>
LDAP: Filter out multiple entries when searching overlapping domains 2015-09-22T11:46:02+00:00 Jakub Hrozek jhrozek@redhat.com 2015-09-04T16:45:45+00:00 fb83de0699b16e7d8eca803305e2112795807b4c In case domain overlap, we might download multiple objects. To avoid saving them all, we attempt to filter out the objects from foreign domains. We can only do this optimization for non-wildcard lookups. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
In case domain overlap, we might download multiple objects. To avoid
saving them all, we attempt to filter out the objects from foreign
domains.

We can only do this optimization for non-wildcard lookups.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>