[SSSD] [PATCH] AD: support gpo processing in offline mode

Hi, The attached patch adds support for gpo processing in offline mode. While the code for online mode uses LDAP to determine which gpo-guids are applicable (and then uses SMB to retrieve policy files), the code in offline mode simply retrieves all gpo-guids from the cache (and then retrieves locally cached per-gpo-guid policy files). Note that neither version checking nor the ad_gpo_cache_timeout option are relevant when in offline mode. Unresolved issues * if there are no gpo-guids in the cache, the code currently denies access; i suspect we should be allowing access instead; agree? * i don't think offline callbacks are needed, but i'm unclear about whether online callbacks are needed; i suspect they are not needed for the access provider (b/c I don't see them being used by the ad_access_filter code); should we trigger a fresh round of gpo processing when transitioning from offline to online? Regards, Yassir.