On Thu, Aug 22, 2013 at 12:25:28PM +0200, Jakub Hrozek wrote:
On Thu, Aug 22, 2013 at 12:06:33PM +0200, Jakub Hrozek wrote:
> Hi,
>
> the attached patch implements enumeration and cleanup for the IPA server
> mode and also makes it possible to support enumeration and cleanup for
> other subdomains in general (we already have a request from one of our
> users to enumerate trusted AD domains).
>
> Some of the changes can also be leveraged to special-case enumeration
> requests in AD or IPA providers to e.g. download the master domain data
> before enumerating the domain for the first time.
>
> I hope the patches are split well to make it possible to review them
> easily. The bigger patches usually just move code around.
I forgot to note two important things:
1) the subdomain enumeration setting is inherited from the master domain
enumeration. Is this OK or do we need to enumerate the AD trusted domain
automatically? I think that only a minority of the legacy clients
actually need enumeration, so as long as we document how enumeration
works in the server mode, we should be fine.
2) These patches currently do not optimize the enumeration which is what
the ticket initially talked about. The reason is that just enabling the
enumeration properly took a long time and also performance is only a
problem for the initial enumeration. The subsequent ones can leverage
lastUSN to only download deltas. Because the IPA server would mostly
stay online and running, I think the initial enumeration can be further
optimized in 1.11.1. Sumit came up with some idea when he visited Brno,
so I'll work on that next week.
I found a couple of bugs (tevent_req_error not terminated with return,
uninitialized variable etc). New patches are attached.
Please note that these patches depend on the patch with subject "DB:
Update sss_domain_info with new updated data".