On Wed, 2011-09-21 at 07:42 -0400, Stephen Gallagher wrote:
On Wed, 2011-09-21 at 13:24 +0200, Jan Zelený wrote:
> Simo,
> as promised before, I have a new version of the patch. This time it's
> complete, including the rewritten recompute task. I also took almost all
> comments you and Stephen gave me into account. The only thing I left
> unresolved for the moment is the last comment in the diff you sent. The change
> shouldn't be difficult, but it will need changes in many parts of the code,
> therefore I'll rather send it in the next patch.
That's the change to suppress memberuid for non-posixGroup entries,
correct?
I'm going to say that this is an optimization that we don't need right
now. Please open an RFE for it and we'll schedule it for later
inclusion.
Right now the SSSD only ever uses the member/memberOf relationship for
groups, so the only advantage of this would be that we wouldn't add
memberUid attributes to non-POSIX groups in a nested chain, but I think
the gain there is not worth the effort at this time.
Actual review of the patch will be forthcoming, but I didn't want you
wasting time on this for now.
Actually we use memberUid to build the replies when group information is
requested. But I agree this is a further optimization and does not
impact current behavior.
Simo.
--
Simo Sorce * Red Hat, Inc * New York