sssd.git/src/providers/ad, branch openssl Unnamed repository; edit this file 'description' to name the repository. Remove double semicolon at the end of line 2016-09-21T13:10:11+00:00 Lukas Slebodnik lslebodn@redhat.com 2016-09-17T19:05:36+00:00 b9941359b3181c42f415530d5ccad0f4664d85fa Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
dyndns: fix typo and unify ipa with ad debug message when off 2016-08-30T12:30:53+00:00 Pavel Březina pbrezina@redhat.com 2016-08-04T12:10:09+00:00 b3851e86af91dc1aa6e265d5b2e4279b2611ff43 Reviewed-by: Petr Čech <pcech@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Reviewed-by: Petr Čech <pcech@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
AD_PROVIDER: ad_enabled_domains - other then master 2016-08-17T14:08:58+00:00 Petr Cech pcech@redhat.com 2016-06-27T09:51:30+00:00 ba26252f43409a2e4c3d2396e4e7a21584bd725a We can skip looking up other domains if option ad_enabled_domains doesn't contain them. Resolves: https://fedorahosted.org/sssd/ticket/2828 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
We can skip looking up other domains if
option ad_enabled_domains doesn't contain them.

Resolves:
https://fedorahosted.org/sssd/ticket/2828

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
AD_PROVIDER: ad_enabled_domains - only master 2016-08-17T14:08:43+00:00 Petr Cech pcech@redhat.com 2016-06-21T07:48:52+00:00 49f38702e62bbd1728757063ba407444e6270952 We can skip looking up other domains if option ad_enabled_domains contains only master domain. Resolves: https://fedorahosted.org/sssd/ticket/2828 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
We can skip looking up other domains if option ad_enabled_domains
contains only master domain.

Resolves:
https://fedorahosted.org/sssd/ticket/2828

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
AD_PROVIDER: Initializing of ad_enabled_domains 2016-08-17T14:08:36+00:00 Petr Cech pcech@redhat.com 2016-06-21T06:34:15+00:00 a82baf596bac1fdac6addca6419d8992111a8aa2 We add ad_enabled_domains into ad_subdomains_ctx. Resolves: https://fedorahosted.org/sssd/ticket/2828 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
We add ad_enabled_domains into ad_subdomains_ctx.

Resolves:
https://fedorahosted.org/sssd/ticket/2828

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
AD_PROVIDER: Add ad_enabled_domains option 2016-08-17T14:08:19+00:00 Petr Cech pcech@redhat.com 2016-05-13T09:21:07+00:00 d6342c92c226becbdd254f90a0005b8c00c300dc Resolves: https://fedorahosted.org/sssd/ticket/2828 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Resolves:
https://fedorahosted.org/sssd/ticket/2828

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Warn if IP address is used as option for ipa_server/ad_server 2016-08-16T18:21:29+00:00 Justin Stephenson jstephen@redhat.com 2016-08-10T15:27:01+00:00 e915f42093add45a11208e871c9abdf7ab2bfbdc GSSAPI is dependent on DNS with hostnames and we should warn about this. Resolves: https://fedorahosted.org/sssd/ticket/2789 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
GSSAPI is dependent on DNS with hostnames and we should warn about this.

Resolves:
https://fedorahosted.org/sssd/ticket/2789

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
failover: mark subdomain service with sd_ prefix 2016-08-16T12:39:15+00:00 Pavel Březina pbrezina@redhat.com 2016-06-29T12:58:37+00:00 778f241e78241b0d6b8734148175f8dee804f494 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
gpo: gPCMachineExtensionNames with just whitespaces 2016-08-11T08:30:45+00:00 Michal Židek mzidek@redhat.com 2016-07-29T14:09:16+00:00 b1a8b4a1291529367b46c79eb02448eced3bf8d2 Resolves: https://fedorahosted.org/sssd/ticket/3114 We failed GPO procesing if the gPCMachineExtensionNames attribute contained just whitespaces. This coused failures in some server settings. Comment from Alexander Bokovoy quoting: You should use MS-GPOL spec. 2.2.4 'GPO Search' section says that when processing gPCMachineExtensionNames, "Group Policy processing terminates at the first <CSE GUIDn> out of sequence." Since ' ' (space only) does not fall into defined syntax for gPCMachineExtensionNames, this Group Policy processing is stopped and its CSE GUIDs are set to 'empty list'. Because of the 3.2.5.1.10 'Extension Protocol Sequences' language ------------------------------------------------------------------------ The Group Policy client MUST evaluate the subset of the abstract element Filtered GPO list separately for each Group Policy extension by including in the subset only those GPOs whose gPCUserExtensionNames (for user policy mode) or gPCMachineExtensionNames (for computer policy mode) attributes contain CSE GUID that correspond to the Group Policy extension. If the CSE GUID corresponding to the Group Policy extension is present in Extension List, it is invoked using the Implementation Identifier field. Applicability is determined as specified in section 3.2.1.5. The Group Policy Registry Extension MUST always execute first. All other applicable Group Policy extensions in the Extension List MUST be loaded and executed in Extension List order. A failure in any Group Policy extension sequence MUST NOT affect the execution of other Group Policy extensions. ------------------------------------------------------------------------- I think we can practically treat wrong content of gPCMachineExtensionNames (and gPCUserExtensionNames) as inability of the GPO to pass through the Filtered GPO list. Thus, the GPO would be ignored. Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Resolves:
https://fedorahosted.org/sssd/ticket/3114

We failed GPO procesing if the gPCMachineExtensionNames
attribute contained just whitespaces. This coused
failures in some server settings.

Comment from Alexander Bokovoy quoting:

You should use MS-GPOL spec. 2.2.4 'GPO Search' section says that when
processing gPCMachineExtensionNames, "Group Policy processing terminates
at the first <CSE GUIDn> out of sequence."
Since ' ' (space only) does not fall into defined syntax for
gPCMachineExtensionNames, this Group Policy processing is stopped and
its CSE GUIDs are set to 'empty list'.

Because of the 3.2.5.1.10 'Extension Protocol Sequences' language
------------------------------------------------------------------------
The Group Policy client MUST evaluate the subset of the abstract element
Filtered GPO list separately for each Group Policy extension by
including in the subset only those GPOs whose gPCUserExtensionNames (for
user policy mode) or gPCMachineExtensionNames (for computer policy mode)
attributes contain CSE GUID that correspond to the Group Policy
extension. If the CSE GUID corresponding to the Group Policy extension
is present in Extension List, it is invoked using the
Implementation Identifier field. Applicability is determined as
specified in section 3.2.1.5. The Group Policy Registry Extension MUST
always execute first. All other applicable Group Policy extensions in
the Extension List MUST be loaded and executed in Extension List order.
A failure in any Group Policy extension sequence MUST NOT affect the
execution of other Group Policy extensions.
-------------------------------------------------------------------------

I think we can practically treat wrong content of
gPCMachineExtensionNames (and gPCUserExtensionNames) as inability of the
GPO to pass through the Filtered GPO list. Thus, the GPO would be
ignored.

Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
LDAP: new attribute option ldap_user_email 2016-07-29T12:44:44+00:00 Sumit Bose sbose@redhat.com 2016-06-18T16:24:50+00:00 83a796ec8de4bde65b11cc8032675406950641fa Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>