The first patch (#131) adds the functionality and updates all parts of code which use it.
The second patch (#132) utilizes the exclusion when retrieving data for initgroups.
If you have any suggestions where else to use this functionality, please let me know, I'll be happy to create patches and test/send them.
Thanks Jan
On Mon, May 28, 2012 at 05:11:07PM +0200, Jan Zelený wrote:
The first patch (#131) adds the functionality and updates all parts of code which use it.
The second patch (#132) utilizes the exclusion when retrieving data for initgroups.
This breaks nested group processing in the IPA provider. We use the member attribute there to construct correct memberships between groups.
On Mon, May 28, 2012 at 05:11:07PM +0200, Jan Zelený wrote:
The first patch (#131) adds the functionality and updates all parts of code which use it.
The second patch (#132) utilizes the exclusion when retrieving data for initgroups.
This breaks nested group processing in the IPA provider. We use the member attribute there to construct correct memberships between groups.
I'm pretty sure I tested IPA provider and everything was ok. Are you sure this applies to initgroups operation?
Thanks Jan
On Tue, May 29, 2012 at 10:56:51AM +0200, Jan Zelený wrote:
On Mon, May 28, 2012 at 05:11:07PM +0200, Jan Zelený wrote:
The first patch (#131) adds the functionality and updates all parts of code which use it.
The second patch (#132) utilizes the exclusion when retrieving data for initgroups.
This breaks nested group processing in the IPA provider. We use the member attribute there to construct correct memberships between groups.
I'm pretty sure I tested IPA provider and everything was ok. Are you sure this applies to initgroups operation?
Thanks Jan
Yes, see sdap_initgr_store_user_memberships and sdap_initgr_nested_get_direct_parents
On Tue, May 29, 2012 at 10:56:51AM +0200, Jan Zelený wrote:
On Mon, May 28, 2012 at 05:11:07PM +0200, Jan Zelený wrote:
The first patch (#131) adds the functionality and updates all parts of code which use it.
The second patch (#132) utilizes the exclusion when retrieving data for initgroups.
This breaks nested group processing in the IPA provider. We use the member attribute there to construct correct memberships between groups.
I'm pretty sure I tested IPA provider and everything was ok. Are you sure this applies to initgroups operation?
Thanks Jan
Yes, see sdap_initgr_store_user_memberships and sdap_initgr_nested_get_direct_parents
You were indeed right. I didn't catch it during testing because deref code was not triggered in my test case. I removed the part for nested initgroups code subtree. I re-tested the patch and the rest of it is ok and should not cause any issues. Sending in attachment.
Thanks Jan
On Wed, May 30, 2012 at 10:18:00AM +0200, Jan Zelený wrote:
On Tue, May 29, 2012 at 10:56:51AM +0200, Jan Zelený wrote:
On Mon, May 28, 2012 at 05:11:07PM +0200, Jan Zelený wrote:
The first patch (#131) adds the functionality and updates all parts of code which use it.
The second patch (#132) utilizes the exclusion when retrieving data for initgroups.
This breaks nested group processing in the IPA provider. We use the member attribute there to construct correct memberships between groups.
I'm pretty sure I tested IPA provider and everything was ok. Are you sure this applies to initgroups operation?
Thanks Jan
Yes, see sdap_initgr_store_user_memberships and sdap_initgr_nested_get_direct_parents
You were indeed right. I didn't catch it during testing because deref code was not triggered in my test case. I removed the part for nested initgroups code subtree. I re-tested the patch and the rest of it is ok and should not cause any issues. Sending in attachment.
Thanks Jan
OK, ack
On Wed, 2012-05-30 at 15:38 +0200, Jakub Hrozek wrote:
On Wed, May 30, 2012 at 10:18:00AM +0200, Jan Zelený wrote:
On Tue, May 29, 2012 at 10:56:51AM +0200, Jan Zelený wrote:
On Mon, May 28, 2012 at 05:11:07PM +0200, Jan Zelený wrote:
The first patch (#131) adds the functionality and updates all parts of code which use it.
The second patch (#132) utilizes the exclusion when retrieving data for initgroups.
This breaks nested group processing in the IPA provider. We use the member attribute there to construct correct memberships between groups.
I'm pretty sure I tested IPA provider and everything was ok. Are you sure this applies to initgroups operation?
Thanks Jan
Yes, see sdap_initgr_store_user_memberships and sdap_initgr_nested_get_direct_parents
You were indeed right. I didn't catch it during testing because deref code was not triggered in my test case. I removed the part for nested initgroups code subtree. I re-tested the patch and the rest of it is ok and should not cause any issues. Sending in attachment.
Thanks Jan
OK, ack
Pushed to master.
sssd-devel@lists.fedorahosted.org
-
Jakub Hrozek -
Jan Zelený -
Stephen Gallagher