On Thu, Dec 19, 2013 at 01:39:56PM +0100, Lukas Slebodnik wrote:
On (19/12/13 11:10), Jakub Hrozek wrote:
>On Sat, Dec 14, 2013 at 10:15:14PM +0100, Jakub Hrozek wrote:
>> Hi,
>>
>> we're debating what is the right approach to GC lookups by default, but
>> for the 1.11.3 release, we should offer an option to fall back from GC
>> to LDAP. The attached patches do that.
>>
>> [PATCH 1/3] AD: Add a utility function to create list of connections
>> ad_id.c and ad_access.c used the same block of code. With the upcoming
>> option to disable GC lookups, we should unify the code in a function to
>> avoid breaking one of the code paths.
>>
>> Defaulting to GC for access provider is safe, as you can see in
>> ad_access.c we retry on any denial against the GC to make sure we don't
>> miss an attribute from LDAP.
>>
>> [PATCH 2/3] AD: Add a new option to turn off GC lookups
>> Adds the option.
>>
>> [PATCH 3/3] AD: Enable fallback to LDAP of trusted domain
>> Since we have the LDAP port of a trusted AD GC always available now, we
>> can always perform a fallback.
>>
>> I'm fine with leaving the patch out of 1.11.3 if the other developers
>> think we should stricly limit ourselves to what we've agreed on.
>
>Hi,
>
>the previous patches applied cleanly on origin/master but I think in
>upstream, they should come after Sumit's local domain patches, so I
>rebased them on top of those.
>
>New patches are attached.
just few nitpicks:
Please replace assert_true(somePtr == NULL) with assert_null(somePtr)
I tested:
--ad_enable_gc = true
--ad_enable_gc = true with nonfunctional Global Catalog (modified SRV recors)
--ad_enable_gc = false
All tests passed :-)
LS
Thank you new patches with fixes to the unit tests are attached.