URL:
https://github.com/SSSD/sssd/pull/5613
Title: #5613: ipa: read auto_private_groups from id range if available
sumit-bose commented:
"""
Hi,
thank you for the patches. So far I tested the `true` and `false` options in different
trust setups and came across an issue if the trust is created with
`--range-type=ipa-ad-trust-posix`. In this case only a single id-range for the forest root
is created and the settings (basically the range-type) is inherited to all domains in the
forest. This was done because we cannot know which POSIX IDs are used in which domain of
the forest, so there will be an id-range for the whole forest which just blocks the given
range of ID for other to use.
If you now set `--auto-private-groups` to this id-range the patch currently only evaluats
the option for the forest root, but the setting is not inherited to the other domains in
the forest. A workaround is to add an id-range for each other domain in the forest but I
think it would be better if the setting is inherited automatically if
`--range-type=ipa-ad-trust-posix`.
In `test_ipa_idmap.c` some test data is using `struct range_info` and the new `enum
sss_domain_mpg_mode mpg_mode` is not initialized in the test data.
bye,
Sumit
"""
See the full comment at
https://github.com/SSSD/sssd/pull/5613#issuecomment-832489140