On 12/09/2014 01:36 PM, Sumit Bose wrote:
>On Tue, Nov 25, 2014 at 03:42:14PM +0100, Pavel Reichl wrote:
>>Hello,
>>
>>please see attached patch for
https://fedorahosted.org/sssd/ticket/2492
>>
>>Thanks!
>Hi Pavel,
>
>thank you for the patch, it works well in my tests and I didn't see any
>regressions in IPA setup with and without trsut to AD, so ACK.
>
>I would just like to ask you to add a comment to
>
>>@@ -842,6 +913,23 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx,
>> goto fail;
>> }
>> }
>>+ if (opts->schema_type == SDAP_SCHEMA_IPA_V1) {
>>+ ret = sysdb_attrs_get_string(attrs, SYSDB_SID_STR, &group_sid);
>>+ if (ret != EOK) {
>>+ DEBUG(SSSDBG_TRACE_FUNC, "Failed to get group sid\n");
>>+ group_sid = NULL;
>>+ }
>>+
>>+ if (group_sid != NULL) {
>>+ ret = retain_extern_members(memctx, dom, group_name, group_sid,
>>+ &userdns, &nuserdns);
>>+ if (ret != EOK) {
>>+ DEBUG(SSSDBG_MINOR_FAILURE,
>>+ "retain_extern_members failed: %d:[%s].\n",
>>+ ret, sss_strerror(ret));
>>+ }
>>+ }
>>+ }
>which explains that this is a temporary solution until the IPA provider
>can resolve external group membership. I have created
>https://fedorahosted.org/sssd/ticket/2522 for this. Feel free to
>explicitly add the ticket URL into the comment.
>
>bye,
>Sumit
>_______________________________________________
>sssd-devel mailing list
>sssd-devel(a)lists.fedorahosted.org
>https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
Thanks for review.
Please see updated patch.