On (11/12/14 11:21), Sumit Bose wrote:
Hi,
these two patches add a missing part to
https://fedorahosted.org/sssd/ticket/2481 (ID Views implementation does
not support IPA user&group overrides). Since it is not allowed to have
ghost members if a non-default view is applied because otherwise user
name overrides would not be covered ghosts members have to be resolved
for IPA groups in this case. The changes are only in the IPA provider so
they should not cause a regression in other providers. Since the generic
LDAP code use some IPA specific optimizations (derives user name from
the user's DN to avoid LDAP lookups) there wouldn't be a performance
benefit if this change would be in the generic LDAP code.
bye,
Sumit
From 47dd73e7ee559817d7913fc36266adfea6e50020 Mon Sep 17 00:00:00
2001
From: Sumit Bose <sbose(a)redhat.com>
Date: Wed, 10 Dec 2014 15:03:18 +0100
Subject: [PATCH 2/2] IPA: resolve ghost members if a non-default view is
applied
Related to
https://fedorahosted.org/sssd/ticket/2481
---
src/providers/ipa/ipa_id.c | 217 ++++++++++++++++++++++++++++++++++
src/providers/ipa/ipa_subdomains_id.c | 1 +
2 files changed, 218 insertions(+)
There is warnig reported by two static analysers.
Error: FORWARD_NULL (CWE-476): [#def2]
sssd-1.12.3/src/providers/ipa/ipa_id.c:558: var_compare_op: Comparing
"state->obj_msg" to null implies that "state->obj_msg" might be
null.
sssd-1.12.3/src/providers/ipa/ipa_id.c:612: var_deref_op: Dereferencing null pointer
"state->obj_msg".
LS