Ubuntu
sssd package

  1. Bug #1868703
  2. Comment #35

Comment 35 for bug 1868703

Revision history for this message
Matthew Ruffell (mruffell) wrote : Re: Support new AD requirements (ADV190023)

Hi Tobias, Thorstein, and anyone who is after a backport of these patches,

I have completed backporting the below patches to the Bionic and Focal adcli and sssd packages, and I am looking for some help with testing. If you have some spare time, a Windows Active Directory server available, and some test Ubuntu machines, I would really appreciate help ensuring these test packages work as expected.

Source code / debdiffs for the test sssd and adcli packages are below if you are interested:

Focal:
sssd: https://paste.ubuntu.com/p/JCVcV26RS2/
adcli: https://paste.ubuntu.com/p/RSqSWdCYQH/

Bionic:
sssd: https://paste.ubuntu.com/p/vcyYnjVdg7/
adcli: https://paste.ubuntu.com/p/SVpHZc59pq/

Please note, these test packages are NOT SUPPORTED by Canonical, and are for
TEST PURPOSES ONLY. ONLY install in a dedicated test environment.

Instructions to install (on a bionic or focal system):
1) sudo add-apt-repository ppa:mruffell/sf294530-test
2) sudo apt update
3) sudo apt install adcli sssd
4) sudo apt-cache policy adcli | grep Installed
Installed: 0.9.0-1ubuntu0+sf294530v20201013b1 // for focal
Installed: 0.8.2-1ubuntu0+sf294530v20201019b1 // for bionic
5) sudo apt-cache policy sssd | grep Installed
Installed: 2.2.3-3ubuntu0+sf294530v20201012b1 // for focal
Installed: 1.16.1-1ubuntu1.6+sf294530v20201021b1 // for bionic

Please let me know if these test packages work as expected in regards to the "ad_use_ldaps" flag, or if you run into any problems.

List of commits backported are below:

adcli
=====

For both Bionic and Focal:
--------------------------

commit a6f795ba3d6048b32d7863468688bf7f42b2cafd
Author: Sumit Bose <email address hidden>
Date: Fri Oct 11 16:39:25 2019 +0200
Subject: Use GSS-SPNEGO if available
Link: https://gitlab.freedesktop.org/realmd/adcli/-/commit/a6f795ba3d6048b32d7863468688bf7f42b2cafd

commit 85097245b57f190337225dbdbf6e33b58616c092
Author: Sumit Bose <email address hidden>
Date: Thu Dec 19 07:22:33 2019 +0100
Subject: add option use-ldaps
Link: https://gitlab.freedesktop.org/realmd/adcli/-/commit/85097245b57f190337225dbdbf6e33b58616c092

sssd
====

Bionic only (dependency)
------------------------

commit 070f22f896b909c140ed7598aed2393d61a834ae
Author: Sumit Bose <email address hidden>
Date: Tue May 21 10:22:04 2019 +0200
Subject: sdap: inherit SDAP_SASL_MECH if not set explicitly
Link: https://github.com/SSSD/sssd/commit/070f22f896b909c140ed7598aed2393d61a834ae

For Bionic and Focal:
---------------------

commit 090cf77a0fd5f300a753667658af3ed763a88e83
Author: Sumit Bose <email address hidden>
Date: Thu Sep 26 20:24:34 2019 +0200
Subject: ad: allow booleans for ad_inherit_opts_if_needed()
Link: https://github.com/SSSD/sssd/commit/090cf77a0fd5f300a753667658af3ed763a88e83

commit 341ba49b0deb42e17d535744824786c2499656b7
Author: Sumit Bose <email address hidden>
Date: Thu Sep 26 20:27:09 2019 +0200
Subject: ad: add ad_use_ldaps
Link: https://github.com/SSSD/sssd/commit/341ba49b0deb42e17d535744824786c2499656b7

commit 78649907b81b4bdaf8fc6a6e6ae55ed3cd5419f5
Author: Sumit Bose <email address hidden>
Date: Fri Sep 27 11:49:59 2019 +0200
Subject: ldap: add new option ldap_sasl_maxssf
Link: https://github.com/SSSD/sssd/commit/78649907b81b4bdaf8fc6a6e6ae55ed3cd5419f5

commit 24387e19f065e6a585b1120d5568cb4df271d102
Author: Sumit Bose <email address hidden>
Date: Fri Sep 27 13:45:13 2019 +0200
Subject: ad: set min and max ssf for ldaps
Link: https://github.com/SSSD/sssd/commit/24387e19f065e6a585b1120d5568cb4df271d102

Thanks,
Matthew