On Wed, 2011-11-23 at 16:23 +0100, Jan Zelený wrote:
> On Fri, 2011-11-18 at 16:13 +0100, Jan Zeleny wrote:
> > don't fetch all host groups if this option is set to false
> >
https://fedorahosted.org/sssd/ticket/1078
>
> Nack.
Nack again.
>
> I don't like setting the srchost element to NULL and checking for that.
> Technically, we're violating the HBAC design by omitting the srchost
> here. I'd rather that our solution be to set srchost to
> HBAC_CATEGORY_ALL instead of special-casing NULL.
>
This is fine.
> You're missing a comma in:
> static struct sdap_attr_map hostgroup_map[] = {
> ...
> {"ipa_id", IPA_UNIQUE_ID IPA_UNIQUE_ID, NULL}
> };
>
You didn't fix the missing comma.
> If you're going to use an sdap_attr_map, it's probably
better to do the
> memberOf->originalMemberOf and member->orig_member conversion in the
> attribute map instead of calls to replace_attribute_name in the _done()
> functions.
>
You didn't remove the replace_attribute_name() calls.
> In ipa_hbac_host_info_done(), don't allocate the
hostgroup_filter unless
> we're doing the full lookup. Move it into the support_srchost if block.
I'm sending the new patch in attachment, all issues are
addressed.
Not quite :)