URL:
https://github.com/SSSD/sssd/pull/820
Author: pbrezina
Title: #820: ad: delete domains disabled through ad_enabled_domains from cache
Action: opened
PR body:
"""
Steps to reproduce:
1. Have at least one subdomain in ad domain (e.g. child.ad.vm is subdomain of ad.vm).
2. Enable all domains, set ad_enabled_domains =
[ad.vm]
...
ad_enabled_domains =
3. Look up 'administrator(a)child.ad.vm'
$ id administrator(a)child.ad.vm
uid=1678800500(administrator(a)child.ad.vm) ...
4. Disable the subdomain by setting 'ad_enabled_domains = ad.vm'
5. Restart sssd without clearing the cache
6. Request for *(a)child.ad.vm will go to data provider and try to lookup the user in
child.ad.vm domain which will yield 'domain not found'. However if the user is
cached it will return the user.
$ id administrator(a)child.ad.vm
uid=1678800500(administrator(a)child.ad.vm) ...
Subdomains that are not root domains are removed from cache. Root domains are
disabled in sysdb with new `enabled` attribute.
Resolves:
https://pagure.io/SSSD/sssd/issue/4009
"""
To pull the PR as Git branch:
git remote add ghsssd
https://github.com/SSSD/sssd
git fetch ghsssd pull/820/head:pr820
git checkout pr820