On (19/12/13 16:54), Jakub Hrozek wrote:
On Thu, Dec 19, 2013 at 01:39:56PM +0100, Lukas Slebodnik wrote:
> On (19/12/13 11:10), Jakub Hrozek wrote:
> >On Sat, Dec 14, 2013 at 10:15:14PM +0100, Jakub Hrozek wrote:
> >> Hi,
> >>
> >> we're debating what is the right approach to GC lookups by default, but
> >> for the 1.11.3 release, we should offer an option to fall back from GC
> >> to LDAP. The attached patches do that.
> >>
> >> [PATCH 1/3] AD: Add a utility function to create list of connections
> >> ad_id.c and ad_access.c used the same block of code. With the upcoming
> >> option to disable GC lookups, we should unify the code in a function to
> >> avoid breaking one of the code paths.
> >>
> >> Defaulting to GC for access provider is safe, as you can see in
> >> ad_access.c we retry on any denial against the GC to make sure we don't
> >> miss an attribute from LDAP.
> >>
> >> [PATCH 2/3] AD: Add a new option to turn off GC lookups
> >> Adds the option.
> >>
> >> [PATCH 3/3] AD: Enable fallback to LDAP of trusted domain
> >> Since we have the LDAP port of a trusted AD GC always available now, we
> >> can always perform a fallback.
> >>
> >> I'm fine with leaving the patch out of 1.11.3 if the other developers
> >> think we should stricly limit ourselves to what we've agreed on.
> >
> >Hi,
> >
> >the previous patches applied cleanly on origin/master but I think in
> >upstream, they should come after Sumit's local domain patches, so I
> >rebased them on top of those.
> >
> >New patches are attached.
>
> just few nitpicks:
> Please replace assert_true(somePtr == NULL) with assert_null(somePtr)
>
> I tested:
> --ad_enable_gc = true
> --ad_enable_gc = true with nonfunctional Global Catalog (modified SRV recors)
> --ad_enable_gc = false
>
> All tests passed :-)
>
> LS
Thank you new patches with fixes to the unit tests are attached.
ACK
LS