On Tue, Apr 24, 2012 at 08:36:32AM +0200, Stef Walter wrote:
On 04/23/2012 09:00 PM, Simo Sorce wrote:
Doesn't this end up running potentially the same regex over and over for each domain we have configured ? Wouldn't it make sense to detect how many different regexes we actually have (in the default case just one, the same for all domains) and just run them once ? Then we can sort out which of the domains using that regex is being addressed ... or is there something I am missing ?
Yes that could be a nice optimization ... if we are in fact matching more than a handful of regexes (ie: configured domains).
But that brings to mind another related point. How are other 'trusted' domains in the forest handled, and does this patch break them? Is there somewhere in SSSD that handles arbitrary domain names, and figures out which configured domain they go to. How does that work?
For example let's say I have a domain 'ad.thewalter.lan' configured in sssd which is part of a trust relationship with 'other.thewalter.lan'. 'other.thewalter.lan' is not a configured sssd domain. How do we resolve user names for other.thewalter.lan?
If this is correctly handled, then I guess I missed consideration of this in my patch. Pointers to the where this logic lives in sssd would be nice.
Hi Stef, the trusted domain appear as subdomains in SSSD. The subdomains support is currently on the list on review: https://fedorahosted.org/pipermail/sssd-devel/2012-March/009069.html
The design document is here: https://fedorahosted.org/sssd/wiki/DesignDocs/SubDomains
I think that patch #4 in the patch set shows what you need - there is a "struct sss_domain_info **subdomains;" array that lists the sub domains the main domain trusts.