sssd.git/src, branch mdbtest

No indexing

2015-05-03T17:45:25+00:00

Hardcode a different tests directory

2015-05-03T17:45:17+00:00

Make the db configurable with a environment variable

2015-05-03T17:35:11+00:00

tests: Disable failing sysdb tests

2015-05-03T17:30:06+00:00

GPO: Do not ignore missing attrs for GPOs

2015-04-30T06:47:00+00:00

We don't want to skip over a GPO that might properly be denying
users.

[sssd[be[a.foo.com]]] [sdap_sd_search_send] (0x0400):
    Searching entry [cn={2BA15B73-9524-419F-B4B7-185E1F0D3DCF},cn=policies,cn=system,DC=foo,DC=com] using SD
[sssd[be[a.foo.com]]] [sdap_get_generic_ext_step] (0x0400):
    calling ldap_search_ext with [(objectclass=*)][cn={2BA15B73-9524-419F-B4B7-185E1F0D3DCF},cn=policies,cn=system,DC=lzb,DC=hq].
[sssd[be[a.foo.com]]] [sdap_process_message] (0x4000):
    Message type: [LDAP_RES_SEARCH_RESULT]
[sssd[be[a.foo.com]]] [sdap_get_generic_op_finished] (0x0400):
    Search result: Referral(10), 0000202B: RefErr: DSID-0310063C, data 0, 1 access points
        ref 1: 'lzb.hq'
[sssd[be[a.foo.com]]] [sdap_get_generic_op_finished] (0x1000):
    Ref: ldap://foo.com/cn=%7B2BA15B73-9524-419F-B4B7-185E1F0D3DCF%7D,cn=policies,cn=system,DC=foo,DC=com
[sssd[be[a.foo.com]]] [ad_gpo_get_gpo_attrs_done] (0x0040):
    no attrs found for GPO; try next GPO.

Resolves:
https://fedorahosted.org/sssd/ticket/2629

Reviewed-by: Stephen Gallagher

autofs: fix 'Cannot allocate memory' with FQDNs

2015-04-30T06:24:57+00:00

https://fedorahosted.org/sssd/ticket/2643

Reviewed-by: Jakub Hrozek

IPA: fix segfault in ipa_s2n_exop

2015-04-29T15:09:04+00:00

can be triggered on demand by assigning a POSIX group
with external members sudo privileges, then dropping
the cache and doing a sudo -U  -l.

Reviewed-by: Sumit Bose

IPA: allow initgroups by SID for AD users

2015-04-29T09:33:22+00:00

If a user from a trusted AD domain is search with the help of an
override name the SID from the override anchor is used to search the
user in AD. Currently the initgroups request only allows searches by
name.  With this patch a SID can be used as well.

Resolves https://fedorahosted.org/sssd/ticket/2632

Reviewed-by: Jakub Hrozek

simple-access-provider: make user grp res more robust

2015-04-28T09:58:53+00:00

Not all user groups need to be resolved if group deny list is empty.

Resolves:
https://fedorahosted.org/sssd/ticket/2519

Reviewed-by: Jakub Hrozek

IPA: check ghosts in groups found by uuid as well

2015-04-27T13:42:39+00:00

With views and overrides groups are not allowed to have ghost members
anymore because the name of a member might be overridden. To achieve
this ghost members are looked up and resolved later during group
lookups. Currently this is only done for group lookups by name but
should happen as well if the group is looked up by uuid.

Resolves https://fedorahosted.org/sssd/ticket/2631

Reviewed-by: Jakub Hrozek