URL:
https://github.com/SSSD/sssd/pull/820
Title: #820: ad: delete domains disabled through ad_enabled_domains from cache
sumit-bose commented:
"""
Ok, I managed to setup trust with the child domain (it was necessary
to change client's hostname because it was already enrolled to the root domain) and it
works correctly.
There is one corner case when the master domain is the only enabled domain, we hit
`ad_subdomains.c:1837` and the subdomains are not refresh. @sumit-bose Is it OK to
recursively delete all cached subdomains (including the root domian) here? Or should it be
only disabled?
Hi,
I think it would be more elegant to just set the disable flag for the domain object in the
cache. But iirc when starting with an empty cache we do not create a domain object if the
domain is not listed in ad_enabled_domains, only for the forest root and I guess for the
domain we are joined to as well. In this case it might be more consistent to just remove
the domain and only set disable flag for the forest root and the domain we are joined
to.
bye,
Sumit
"""
See the full comment at
https://github.com/SSSD/sssd/pull/820#issuecomment-499856160