On Tue, Nov 25, 2014 at 03:42:14PM +0100, Pavel Reichl wrote:
Hello,
please see attached patch for
https://fedorahosted.org/sssd/ticket/2492
Thanks!
Hi Pavel,
thank you for the patch, it works well in my tests and I didn't see any
regressions in IPA setup with and without trsut to AD, so ACK.
I would just like to ask you to add a comment to
@@ -842,6 +913,23 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx,
goto fail;
}
}
+ if (opts->schema_type == SDAP_SCHEMA_IPA_V1) {
+ ret = sysdb_attrs_get_string(attrs, SYSDB_SID_STR, &group_sid);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_TRACE_FUNC, "Failed to get group sid\n");
+ group_sid = NULL;
+ }
+
+ if (group_sid != NULL) {
+ ret = retain_extern_members(memctx, dom, group_name, group_sid,
+ &userdns, &nuserdns);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "retain_extern_members failed: %d:[%s].\n",
+ ret, sss_strerror(ret));
+ }
+ }
+ }
which explains that this is a temporary solution until the IPA provider
can resolve external group membership. I have created
https://fedorahosted.org/sssd/ticket/2522 for this. Feel free to
explicitly add the ticket URL into the comment.
bye,
Sumit