On Fri, Jan 17, 2014 at 12:43:04PM +0100, Sumit Bose wrote:
On Fri, Jan 17, 2014 at 12:04:38PM +0100, Jakub Hrozek wrote:
> On Fri, Jan 17, 2014 at 11:55:08AM +0100, Pavel Reichl wrote:
> >
> > > We just have to remember to touch this code, if we start to support home
> > > directories defined in AD.
> > >
> >
> > I'm sorry that I failed to see what you were implying. My patch will
> > override value of homedir for members of every subdomain by
> > subdomain_homedir.
> >
> > I missed that even if subdomain_homedir is not set explicitly in
> > sssd.conf it has a non NULL value.
>
> Me too and to be honest I failed to test the patch with AD subdomains
> with POSIX attributes. Sorry about that.
>
> I think Sumit's suggestion makes the most sense now, but the
> documentation should be amended, too. Currently the man page implies
> that the subdomain_homedir parameter will have equal effect for all
> kinds of subdomains, while the code would only use it for IPA-AD trust
> cases (be it for the server mode or the client).
I also realized that having the right home directory in sysdb might be
useful because krb5_ccname_template allows to expand %h to the user's
home directory. And here the home directory is looked up in sysdb.
bye,
Sumit
But that also affects the other options, right? Sounds like a second
problem to me, or did you want to solve both together?
About the subdomain homedir, I think we should:
1) revert the original patch that is commited
2) fix the IPA server mode the way you described in your reply to
Pavel's mail
3) Amend the subdomain_homedir documentation so that it's clear
where the option has effect