On Mon, May 06, 2013 at 10:05:41PM +0200, Jakub Hrozek wrote:
> On Mon, May 06, 2013 at 06:14:56PM +0200, Sumit Bose wrote:
> > Hi,
> > this patch reads the flat name and the SID from AD and stores then to
> > the cache. It fixes https://fedorahosted.org/sssd/ticket/1468
> > and the flat name is needed e.g. for
> > https://fedorahosted.org/sssd/ticket/1648
and the SID e.g. for
> > https://fedorahosted.org/sssd/ticket/1558
> > bye,
> > Sumit
> mostly looks good to me and seems to work fine. I just have a couple of
> suggestions and a question:
> I think the AD subdomains provider should be present in the configAPI,
> mostly for completeness' sake.
> Now that we can match the domain and subdomain in the re_expression in
> the AD provider, too think we should document the fact.
> See attached mini-patche for these two suggestions, feel free to squash
> them in if you agree.
Thank you for the review, I squashed your changes in as you suggested.
> And one question -- do you think it would make sense to default to the
> part of ad_domain until the first dot if the discovery fails? I would
> rather not use the special option I posted earlier but maybe some kind
> of fallback would be nice.
I think we should not try to guess the name here. Since the name is
stored in the cache it must be resolved only once successfully. I guess
the most common case when he discovery fails during the initial startup
is when the connection fails, e.g. SSSD is offline. But here chances are
that other lookups will fail, too, and having a short name won't help