On Thu, Dec 19, 2013 at 11:10:08AM +0100, Jakub Hrozek wrote:
On Sat, Dec 14, 2013 at 10:15:14PM +0100, Jakub Hrozek wrote:
> Hi,
>
> we're debating what is the right approach to GC lookups by default, but
> for the 1.11.3 release, we should offer an option to fall back from GC
> to LDAP. The attached patches do that.
>
> [PATCH 1/3] AD: Add a utility function to create list of connections
> ad_id.c and ad_access.c used the same block of code. With the upcoming
> option to disable GC lookups, we should unify the code in a function to
> avoid breaking one of the code paths.
>
> Defaulting to GC for access provider is safe, as you can see in
> ad_access.c we retry on any denial against the GC to make sure we don't
> miss an attribute from LDAP.
>
> [PATCH 2/3] AD: Add a new option to turn off GC lookups
> Adds the option.
>
> [PATCH 3/3] AD: Enable fallback to LDAP of trusted domain
> Since we have the LDAP port of a trusted AD GC always available now, we
> can always perform a fallback.
>
> I'm fine with leaving the patch out of 1.11.3 if the other developers
> think we should stricly limit ourselves to what we've agreed on.
Hi,
the previous patches applied cleanly on origin/master but I think in
upstream, they should come after Sumit's local domain patches, so I
rebased them on top of those.
New patches are attached.
Patches look good and passed my basic testing. I didn't see any
connection to the GC port if 'ad_enable_gc = False' was set. ACK
bye,
Sumit