On Tue, Nov 25, 2014 at 03:42:14PM +0100, Pavel Reichl wrote:
> Hello,
>
> please see attached patch for
https://fedorahosted.org/sssd/ticket/2492
>
> Thanks!
Hi Pavel,
thank you for the patch, it works well in my tests and I didn't see any
regressions in IPA setup with and without trsut to AD, so ACK.
I would just like to ask you to add a comment to
> @@ -842,6 +913,23 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx,
> goto fail;
> }
> }
> + if (opts->schema_type == SDAP_SCHEMA_IPA_V1) {
> + ret = sysdb_attrs_get_string(attrs, SYSDB_SID_STR, &group_sid);
> + if (ret != EOK) {
> + DEBUG(SSSDBG_TRACE_FUNC, "Failed to get group sid\n");
> + group_sid = NULL;
> + }
> +
> + if (group_sid != NULL) {
> + ret = retain_extern_members(memctx, dom, group_name, group_sid,
> + &userdns, &nuserdns);
> + if (ret != EOK) {
> + DEBUG(SSSDBG_MINOR_FAILURE,
> + "retain_extern_members failed: %d:[%s].\n",
> + ret, sss_strerror(ret));
> + }
> + }
> + }
>
which explains that this is a temporary solution until the IPA provider
can resolve external group membership. I have created
https://fedorahosted.org/sssd/ticket/2522 for this. Feel free to
explicitly add the ticket URL into the comment.
bye,
Sumit
_______________________________________________
sssd-devel mailing list
sssd-devel(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel