-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/18/2010 05:32 AM, Jakub Hrozek wrote:
On 10/15/2010 08:44 PM, Stephen Gallagher wrote:
These patches are forward-ported from the work done in SSSD 1.2.4.
Patch 0001: Add options for managing nested group limits.
Ack
Self-nack. I forgot to add the new option to the SSSDConfig API.
Patch 0002: Shortcut out of sdap_save_users() if there are no users to save, rather than starting a useless LDB transaction.
Ack
Patch 0003: Handle nested groups in RFC2307bis
Like SSSD 1.2.4, these patches only handle the generic case of RFC2307bis and do not perform any of the optimizations available when memberOf support is available.
Ack with a question.
I'm wondering whether we could use ldap_group_nesting_level (or another option..I know Ralf suggested a boolean at one point). If ldap_group_nesting_level = 0 ("No nesting present in LDAP") then just short-circuit to processing the group with sdap_process_group_send that, unlike in 1.2 branch also handles RFC2307bis groups and has the bonus of parallel searches.
Good idea. Added to the patch.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/