On Tue, Jun 17, 2014 at 04:44:20PM -0400, Yassir Elley wrote:
----- Original Message -----
>
>
> ----- Original Message -----
> > On Sun, Jun 15, 2014 at 07:08:55PM -0400, Yassir Elley wrote:
> > >
> > >
> > > * You suggested using the name of the DC that SSSD is currently connected
> > > to in the smb uri (rather than the domain.name, which will require
> > > libsmbclient to perform a DNS resolution). Is there an easy way to get
> > > the
> > > name of the DC that SSSD is currently connected to? I am having trouble
> > > finding it.
> > >
> >
> > In struct ad_gpo_access_state you have a member struct sdap_id_conn_ctx
> > *conn. conn->service->uri is the LDAP uri for the current connection.
> > You can use calls from OpenLDAP or ldb to split it into components, picj
> > the hostname and create the smb uri.
> >
> > In general the uri should always be available since you read the GPO
> > data from LDAP before doing the smb operations. Nevertheless you can
> > call be_resolve_server_send() to make sure it is set, see e.g.
> > auth_get_server() how to use it.
> >
> > HTH
> >
> > bye,
> > Sumit
> > _______________________________________________
> > sssd-devel mailing list
> > sssd-devel(a)lists.fedorahosted.org
> >
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
> >
>
> I have attached a revised patch that modifies the smb uri to use the server
> name rather than the domain name.
>
> Thanks,
> Yassir.
> _______________________________________________
> sssd-devel mailing list
> sssd-devel(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
>
Oops. Forgot to attach the patch.
Yassir.
Thank you, the patch is working as expected and now uses the hostname to
connect to the DC. But please use e.g. ldap_url_parse() from OpenLDAP to
split the url and take the hostname from the lud_host member of typedef
struct ldap_url_desc. The LDAP url can contain port numbers which would
currently cause troubles with your scheme.
As a general comment, please try to split your patches into smaller
units. This would help to review them especially to compare multiple
versions of a patch.
I have not looked at the child code in details yet, but I would like to
suggest a change in the workflow. I think the child should only download
the gpo file and save it at some place, e.g. /var/lib/sss/gpo_cache/ and
then the backend will read an process it. This way you already have the
file available in the offline case. When calling the child the backend
should provide the smb url and a location to store the result. The child
can e.g. return a checksum for the file which the backend can save
together with the download time in the sysdb cache in a subtree below
cn=custom (grep sysdb.h for 'custom' to find the related sysdb calls).
With the download time it would be even possible to specific cache
lifetime during which the gpo file will not be downloaded again to save
bandwidth. But this should be optional.
What do you think?
bye,
Sumit