Title: #5693: Basics of 'subid ranges' support for IPA provider
thank you for the review.
* Please, provide some description to the first commit message.
Do you think it makes sense to keep 2 commits? I was going to squash them after review.
* Why conditional build? Why is build disabled by default?
This is MVP of experimental feature.
Corresponding code in shadow-utils is merged upstream, but there is no upstream release
available yet. We brought functionality to Fedora via patches. But I doubt other
distributions will do the same. I.e. out of Fedora/RHEL, this is at the moment for
enthusiasts who are willing to play with a new feature and who is capable to rebuild
shadow-utils from sources.
Moreover, I anticipate significant changes might be required once we have initial
So... at the very least it's conditional to allow distributions to avoid installing
plugin that they can't use yet.
Once shadow-utils upstream release is done and widely used, Podman patches released
), etc (so it is more or less easy to use),
we can change default and build code / install plugin in sssd-ipa, IMO.
* We don't use two blank lines between function definitions.
And this (monolithic text) makes me sad :) I didn't see such restrictions in
* Can the range be set also for trusted domain user? If yes, this
implementation doesn't seem to support it.
No, FreeIPA doesn't support it in MVP.
See the full comment at https://github.com/SSSD/sssd/pull/5693#issuecomment-885572708