Re: [SSSD] [PATCHES] Enable enumeration and cleanup tasks for subdomains

On Thu, Aug 22, 2013 at 12:06:33PM +0200, Jakub Hrozek wrote: > Hi, > > the attached patch implements enumeration and cleanup for the IPA server > mode and also makes it possible to support enumeration and cleanup for > other subdomains in general (we already have a request from one of our > users to enumerate trusted AD domains). > > Some of the changes can also be leveraged to special-case enumeration > requests in AD or IPA providers to e.g. download the master domain data > before enumerating the domain for the first time. > > I hope the patches are split well to make it possible to review them > easily. The bigger patches usually just move code around. I forgot to note two important things: 1) the subdomain enumeration setting is inherited from the master domain enumeration. Is this OK or do we need to enumerate the AD trusted domain automatically? I think that only a minority of the legacy clients actually need enumeration, so as long as we document how enumeration works in the server mode, we should be fine. 2) These patches currently do not optimize the enumeration which is what the ticket initially talked about. The reason is that just enabling the enumeration properly took a long time and also performance is only a problem for the initial enumeration. The subsequent ones can leverage lastUSN to only download deltas. Because the IPA server would mostly stay online and running, I think the initial enumeration can be further optimized in 1.11.1. Sumit came up with some idea when he visited Brno, so I'll work on that next week.