[SSSD] [PATCH] views: do not require overrideDN in groups when LOCAL view is set
https://fedorahosted.org/sssd/ticket/2790
This is just a partial fix.
If a group contains member which doesn't have overrideDN specified, we
fail to resolve membership with LOCAL views.
There is a bigger issue when group contains ghost members, we do not
apply overrides and just ignore the group. As code says, this is
expected. Sumit, do you remember why it is this way?
sysdb_getgrgid_with_views:
if (el != NULL && el->num_values != 0) {
DEBUG(SSSDBG_TRACE_ALL,
"Group object [%s], contains ghost entries which must be " \
"resolved before overrides can be applied.\n",
ldb_dn_get_linearized(orig_obj->msgs[0]->dn));
ret = ENOENT;
goto done;
}
As I see it, we can do:
1) If group contains ghosts and memberuid, resolve memberuid
2) For each ghost user either:
a) Ignore
b) Put the name in
c) Try to find overrideObjectDN and apply possible name override,
then put the name in
Attachments:
- 0001-views-do-not-require-overrideDN-in-groups-when-LOCAL.patch (text/x-patch — 1.2 KB)
- 0002-views-fix-two-typos-in-debug-messages.patch (text/x-patch — 1.2 KB)