On Thu, Aug 16, 2012 at 05:42:45PM +0200, Pavel Březina wrote:
On 08/07/2012 04:04 PM, Simo Sorce wrote:
>On Tue, 2012-08-07 at 15:23 +0200, Pavel Březina wrote:
>>https://fedorahosted.org/sssd/ticket/734
>>
>>Patches 1 and 2 adds support sysdb functions.
>>Patch 3 uses them to remove those entries.
>
>Sorry but this implementation doesn't seem to do what the ticket says
>you should do.
>
>Why are you deleting entries comparing entryUsn to a totally new and
>uncomparable lastUSN ?
>
>What should be done is that you should remove all entryUSN *attributes*,
>then do one enumeration to refresh them all, then remove any entry that
>has no updated entryUSN.
>
>If you remove entries with (old)entryUSN > (new)lastUSN you amy end up
>simply removing *all* entries for no good reason, withy a lot of churn
>in the ldb files due to memebrship removals etc, and lost of cached
>password for users.
>
>I guess this is a NACK on the approach unless I grossly misunderstood
>something.
>
>Simo.
>
The patch is completely rewritten to follow the approach mentioned above.
I think you should call sysdb_set_enumerated() for the domain once the
process finishes. See ldap_id_enumerate_reschedule().
Otherwise looks good to me.