Re: [SSSD] [PATCH] Add an option to disable GC lookups

On Sat, Dec 14, 2013 at 10:15:14PM +0100, Jakub Hrozek wrote: > Hi, > > we're debating what is the right approach to GC lookups by default, but > for the 1.11.3 release, we should offer an option to fall back from GC > to LDAP. The attached patches do that. > > [PATCH 1/3] AD: Add a utility function to create list of connections > ad_id.c and ad_access.c used the same block of code. With the upcoming > option to disable GC lookups, we should unify the code in a function to > avoid breaking one of the code paths. > > Defaulting to GC for access provider is safe, as you can see in > ad_access.c we retry on any denial against the GC to make sure we don't > miss an attribute from LDAP. > > [PATCH 2/3] AD: Add a new option to turn off GC lookups > Adds the option. > > [PATCH 3/3] AD: Enable fallback to LDAP of trusted domain > Since we have the LDAP port of a trusted AD GC always available now, we > can always perform a fallback. > > I'm fine with leaving the patch out of 1.11.3 if the other developers > think we should stricly limit ourselves to what we've agreed on. Hi, the previous patches applied cleanly on origin/master but I think in upstream, they should come after Sumit's local domain patches, so I rebased them on top of those. New patches are attached.