On Mon, Aug 26, 2013 at 05:20:21PM +0200, Jakub Hrozek wrote:
On Fri, Aug 23, 2013 at 03:44:09PM +0200, Sumit Bose wrote:
> Hi,
>
> currently in ipa-server-mode only the AD groups memberships are
> available. This patch adds the IPA group memberships to trusted AD
> users.
>
> This patch is missing some unit tests for some of the helper functions.
> I will send them later, but I didn't want to delay the next release.
>
> bye,
> Sumit
I haven't done any testing yet but do we need the timeout? Since the
initgroups is a rare operation and on logins we generally want to have
the correct memberships, can we just rely on responder caching?
I was thinking of situations where multiple logins happen in a short
time. Additionally I think even if group memberships of a user might
change often the mapping of AD to IPA group memberships via the external
groups will only change rarely.
Maybe we can a cache time option to make it more flexible?
bye,
Sumit
_______________________________________________
sssd-devel mailing list
sssd-devel(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel