Hi,
The attached patch adds support for gpo processing in offline mode. While the code for
online mode uses LDAP to determine which gpo-guids are applicable (and then uses SMB to
retrieve policy files), the code in offline mode simply retrieves all gpo-guids from the
cache (and then retrieves locally cached per-gpo-guid policy files). Note that neither
version checking nor the ad_gpo_cache_timeout option are relevant when in offline mode.
Unresolved issues
* if there are no gpo-guids in the cache, the code currently denies access; i suspect we
should be allowing access instead; agree?
* i don't think offline callbacks are needed, but i'm unclear about whether online
callbacks are needed; i suspect they are not needed for the access provider (b/c I
don't see them being used by the ad_access_filter code); should we trigger a fresh
round of gpo processing when transitioning from offline to online?
Regards,
Yassir.