<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 24.06.2016 15:09, Martin Basti
wrote:<br>
</div>
<blockquote
cite="mid:3e3a6cae-594e-5c0f-8777-42e8fcf17dee@redhat.com"
type="cite">
<br>
<br>
On 24.06.2016 14:59, Sumit Bose wrote:
<br>
<blockquote type="cite">On Fri, Jun 24, 2016 at 02:00:24PM +0200,
Martin Basti wrote:
<br>
<blockquote type="cite">
<br>
On 22.06.2016 23:20, Lukas Slebodnik wrote:
<br>
<blockquote type="cite">On (22/06/16 11:57), Martin Basti
wrote:
<br>
<blockquote type="cite">On 09.06.2016 21:02, Martin Basti
wrote:
<br>
<blockquote type="cite">On 09.06.2016 14:45, Martin Basti
wrote:
<br>
<blockquote type="cite">On 09.06.2016 14:42, Martin
Basti wrote:
<br>
<blockquote type="cite">On 09.06.2016 14:38, Lukas
Slebodnik wrote:
<br>
<blockquote type="cite">On (09/06/16 14:29), Martin
Basti wrote:
<br>
<blockquote type="cite">On 09.06.2016 14:22,
Alexander Bokovoy wrote:
<br>
<blockquote type="cite">On Thu, 09 Jun 2016,
Jakub Hrozek wrote:
<br>
<blockquote type="cite">On Fri, May 20, 2016
at 09:23:46PM +0200, Sumit Bose wrote:
<br>
<blockquote type="cite">Hi,
<br>
<br>
this patch allows the extom plugin to
lookup
<br>
users by certificate which
<br>
is needed in the case where a IPA client
<br>
wants to lookup an AD user who
<br>
has the certificate stored in AD. To make
<br>
this work the related patches
<br>
I just send to sssd-devel are needed as
well.
<br>
<br>
Currently the patches miss the change in
the
<br>
required version of SSSD.
<br>
since the SSSD patches are not committed.
But
<br>
the patches are needed to
<br>
fully test the SSSD patches. I will send a
<br>
new version with the needed
<br>
changes to the minimal SSSD version when
the SSSD patches are
<br>
committed.
<br>
<br>
bye,
<br>
Sumit
<br>
</blockquote>
The patch works fine (tested together with
the corresponding SSSD
<br>
patches), so ACK from me. The code also
looks
<br>
good to me, but I'm not
<br>
sure if reviewing an IPA patch requires
something
<br>
more (CI? Coverity?)
<br>
</blockquote>
ACK from me as well, I forgot to send email
about it,
<br>
though I reviewed
<br>
this patch a week ago.
<br>
<br>
</blockquote>
Pushed to master:
aa734da49440c5d12c0f8d4566505adaeef254e8
<br>
<br>
</blockquote>
It's very likey that this commit will break build
of
<br>
freeipa-master. I didn't try.
<br>
<br>
Because it uses new function sss_nss_getnamebycert
<br>
from the library libsss_nss_idmap which is not in
fedora.
<br>
It was pushed to sssd master just today.
<br>
<br>
LS
<br>
</blockquote>
If this is true, can you/somebody provide the SRPM
of SSSD with
<br>
the required functionality please? We may need to
add it to
<br>
@freeipa/freeipa-master copr and bump required
version of SSSD.
<br>
<br>
Martin^2
<br>
<br>
</blockquote>
Yes, you were right, master build is broken.
<br>
Martin^2
<br>
<br>
</blockquote>
SSSD master build has been added to
@freeipa/freeipa-master copr as a
<br>
workaround (to unblock automatic testing an developers)
<br>
<br>
Please bump version in specfile accordingly (I don't
know in which
<br>
version of SSSD will be required function)
<br>
<br>
Martin^2
<br>
<br>
</blockquote>
Bumping SSSD version in requires and buildrequires
<br>
Patch attached
<br>
</blockquote>
>From f2b394085157954768bc93a73b854778c65bfdcd Mon Sep 17
00:00:00 2001
<br>
<blockquote type="cite">From: Martin Basti
<a class="moz-txt-link-rfc2396E" href="mailto:mbasti@redhat.com"><mbasti@redhat.com></a>
<br>
Date: Wed, 22 Jun 2016 10:49:39 +0200
<br>
Subject: [PATCH] Bump SSSD requires
<br>
<br>
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/4955">https://fedorahosted.org/freeipa/ticket/4955</a>
<br>
---
<br>
freeipa.spec.in | 4 ++--
<br>
1 file changed, 2 insertions(+), 2 deletions(-)
<br>
<br>
diff --git a/freeipa.spec.in b/freeipa.spec.in
<br>
index
0d5c745d5306cd7141c573454bd1c1e6a78c7e7f..befc7af9ee2ceefa41b1b999df4bdb1c6607bea8
100644
<br>
--- a/freeipa.spec.in
<br>
+++ b/freeipa.spec.in
<br>
@@ -85,7 +85,7 @@ BuildRequires: python-pyasn1 >=
0.0.9a
<br>
BuildRequires: python-qrcode-core >= 5.0.0
<br>
BuildRequires: python-dns >= 1.11.1
<br>
BuildRequires: libsss_idmap-devel
<br>
-BuildRequires: libsss_nss_idmap-devel >= 1.12.2
<br>
+BuildRequires: libsss_nss_idmap-devel >= 1.14.0
<br>
BuildRequires: java-headless
<br>
BuildRequires: rhino
<br>
BuildRequires: libverto-devel
<br>
@@ -327,7 +327,7 @@ Requires: pam_krb5
<br>
Requires: curl
<br>
Requires: libcurl >= 7.21.7-2
<br>
Requires: xmlrpc-c >= 1.27.4
<br>
-Requires: sssd >= 1.13.3-5
<br>
+Requires: sssd >= 1.14.0
<br>
</blockquote>
NACK
<br>
</blockquote>
Thank you.
<br>
<blockquote type="cite">A) It's not explained in commit
message why you need to bump Requires for sssd.
<br>
IIRC, you need just new libsss_nss_idmap-devel.
<br>
</blockquote>
I don't know actually, would be nice if author of the original
patch can
<br>
confirm if newer SSSD is required or not
<br>
</blockquote>
Currently both are required. 'BuildRequires:
libsss_nss_idmap-devel >=
<br>
1.14.0' is needed for the build because the new call
<br>
sss_nss_getnamebycert() is needed to look up trusted users by
<br>
certificate.
<br>
<br>
At runtime 'Requires: sssd >= 1.14.0' is needed because
currently
<br>
libsss_nss_idmap does not have a dependency to sssd. If only the
<br>
libsss_nss_idmap would be updated and not SSSD the
<br>
sss_nss_getnamebycert() would just return a not implemented
error code
<br>
because the older versions of SSSD cannot handle the request.
<br>
<br>
HTH
<br>
<br>
bye,
<br>
Sumit
<br>
</blockquote>
Thank you for explanation, updated patch attached.
<br>
<br>
Martin^2
<br>
</blockquote>
<br>
Requested 'sss_nss_idmap >= 1.14.0' but version of sss_nss_idmap
is 1.13.90<br>
You may find new versions of sss_nss_idmap at
<a class="moz-txt-link-freetext" href="http://fedorahosted.org/sssd/">http://fedorahosted.org/sssd/</a><br>
<br>
libsss_nss_idmap-devel-1.14.0-1.fc24.alpha.x86_64<br>
<br>
Is it possible that you forgot to increment this version on SSSD
side, or it is my failure?<br>
<br>
Martin^2<br>
<blockquote
cite="mid:3e3a6cae-594e-5c0f-8777-42e8fcf17dee@redhat.com"
type="cite">
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">B) You forgot add detection for newer
version of libsss_nss_idmap at configure
<br>
time
<br>
Hint: * daemons/configure.ac
<br>
*
<a class="moz-txt-link-freetext" href="https://autotools.io/pkgconfig/pkg_check_modules.html#pkgconfig.pkg_check_modules.specification">https://autotools.io/pkgconfig/pkg_check_modules.html#pkgconfig.pkg_check_modules.specification</a><br>
</blockquote>
Fixed
<br>
<blockquote type="cite">LS
<br>
</blockquote>
Updated patch attached.
<br>
From 34c63f8ba5c478cd95a62bc3dffc6bfc7be3384b Mon Sep 17
00:00:00 2001
<br>
From: Martin Basti <a class="moz-txt-link-rfc2396E" href="mailto:mbasti@redhat.com"><mbasti@redhat.com></a>
<br>
Date: Wed, 22 Jun 2016 10:49:39 +0200
<br>
Subject: [PATCH] Bump libsss_nss_idmap-devel
<br>
<br>
This is required by commit
aa734da49440c5d12c0f8d4566505adaeef254e8
<br>
<br>
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/4955">https://fedorahosted.org/freeipa/ticket/4955</a>
<br>
---
<br>
daemons/configure.ac | 2 +-
<br>
freeipa.spec.in | 2 +-
<br>
2 files changed, 2 insertions(+), 2 deletions(-)
<br>
<br>
diff --git a/daemons/configure.ac b/daemons/configure.ac
<br>
index
2906def285a0f6ad9553fc07cbc59f7a7f7fd426..fa5eab829cad6718f21ec3d5569ffe1b0168e518
100644
<br>
--- a/daemons/configure.ac
<br>
+++ b/daemons/configure.ac
<br>
@@ -253,7 +253,7 @@ dnl -- dirsrv is needed for the extdom
unit tests --
<br>
PKG_CHECK_MODULES([DIRSRV], [dirsrv >= 1.3.0])
<br>
dnl -- sss_idmap is needed by the extdom exop --
<br>
PKG_CHECK_MODULES([SSSIDMAP], [sss_idmap])
<br>
-PKG_CHECK_MODULES([SSSNSSIDMAP], [sss_nss_idmap])
<br>
+PKG_CHECK_MODULES([SSSNSSIDMAP], [sss_nss_idmap >=
1.14.0])
<br>
dnl
---------------------------------------------------------------------------<br>
dnl - Check for systemd unit directory
<br>
diff --git a/freeipa.spec.in b/freeipa.spec.in
<br>
index
d31ddfaf78a455f4e4d65724bbbe23461e1336e0..e82950d7f82fb5018d893a0644dd1a5931656e2d
100644
<br>
--- a/freeipa.spec.in
<br>
+++ b/freeipa.spec.in
<br>
@@ -85,7 +85,7 @@ BuildRequires: python-pyasn1 >= 0.0.9a
<br>
BuildRequires: python-qrcode-core >= 5.0.0
<br>
BuildRequires: python-dns >= 1.11.1
<br>
BuildRequires: libsss_idmap-devel
<br>
-BuildRequires: libsss_nss_idmap-devel >= 1.12.2
<br>
+BuildRequires: libsss_nss_idmap-devel >= 1.14.0
<br>
BuildRequires: java-headless
<br>
BuildRequires: rhino
<br>
BuildRequires: libverto-devel
<br>
-- <br>
2.5.5
<br>
<br>
-- <br>
Manage your subscription for the Freeipa-devel mailing list:
<br>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-devel">https://www.redhat.com/mailman/listinfo/freeipa-devel</a>
<br>
Contribute to FreeIPA:
<a class="moz-txt-link-freetext" href="http://www.freeipa.org/page/Contribute/Code">http://www.freeipa.org/page/Contribute/Code</a>
<br>
</blockquote>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>