-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
These patches must be applied atop my patches in the thread "Handle nested groups in RFC2307bis (sssd-1-2)", which in turn must be applied atop Jakub's patches in the thread "Fix initgroup processing for RFC2307 (sssd-1.2)".
These patches rely on the fake group functionality added by Jakub's patches.
Patch 0001: Make user argument of sysdb_update_members_send a const This argument should have been const to begin with, as the function should not modify it. This removes a const pointer issue from patch 3 (since it was more sensible to just send a const string than make a useless copy)
Patch 0002: Modify sysdb_add_group_member_send to accept users and groups Previously, it assumed that all members were users. This changes the interface so that either a user or a group can be specified.
Patch 0003: Add proper nested initgroup support for RFC2307bis servers This patch handles the general case, that of any RFC2307bis server. The memberOf optimizations that we were previously relying on are still available if ldap_schema=IPA is set in the sssd.conf.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
On Thu, Oct 07, 2010 at 09:24:43PM -0400, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
These patches must be applied atop my patches in the thread "Handle nested groups in RFC2307bis (sssd-1-2)", which in turn must be applied atop Jakub's patches in the thread "Fix initgroup processing for RFC2307 (sssd-1.2)".
These patches rely on the fake group functionality added by Jakub's patches.
Patch 0001: Make user argument of sysdb_update_members_send a const This argument should have been const to begin with, as the function should not modify it. This removes a const pointer issue from patch 3 (since it was more sensible to just send a const string than make a useless copy)
Patch 0002: Modify sysdb_add_group_member_send to accept users and groups Previously, it assumed that all members were users. This changes the interface so that either a user or a group can be specified.
Patch 0003: Add proper nested initgroup support for RFC2307bis servers This patch handles the general case, that of any RFC2307bis server. The memberOf optimizations that we were previously relying on are still available if ldap_schema=IPA is set in the sssd.conf.
Hi,
the tmp_ctx in rfc2307bis_nested_groups_incomplete_groups_save() needs to be initialised to NULL.
bye, Sumit
Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkyuctsACgkQeiVVYja6o6P6fwCfZnXU1vD7YoUw+pwIo39G8TlA 56gAmwcR7hLw20DTerjis+N/fpeQNv8D =6AP4 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/08/2010 06:25 AM, Sumit Bose wrote:
the tmp_ctx in rfc2307bis_nested_groups_incomplete_groups_save() needs to be initialised to NULL.
Good catch. Fixed.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/08/2010 07:54 AM, Stephen Gallagher wrote:
On 10/08/2010 06:25 AM, Sumit Bose wrote:
the tmp_ctx in rfc2307bis_nested_groups_incomplete_groups_save() needs to be initialised to NULL.
Good catch. Fixed.
I discovered a bug in the original patch 0003. I was asking the sysdb for the list of memberOf entries for the user so I could compare it with the list I was getting from LDAP.
However, the sysdb lists nested parents in memberOf, not just direct parents, so I was getting errors trying to delete the user as a member from the toplevel parent groups.
The new version of patch 0003 now does a search through the groups for groups with member=user_dn. This returns the correct list of direct parents only.
Patches 0001 and 0002 are unchanged from the previous submission, they're just included to make it easier to keep track.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/08/2010 10:37 AM, Stephen Gallagher wrote:
On 10/08/2010 07:54 AM, Stephen Gallagher wrote:
On 10/08/2010 06:25 AM, Sumit Bose wrote:
the tmp_ctx in rfc2307bis_nested_groups_incomplete_groups_save() needs to be initialised to NULL.
Good catch. Fixed.
I discovered a bug in the original patch 0003. I was asking the sysdb for the list of memberOf entries for the user so I could compare it with the list I was getting from LDAP.
However, the sysdb lists nested parents in memberOf, not just direct parents, so I was getting errors trying to delete the user as a member from the toplevel parent groups.
The new version of patch 0003 now does a search through the groups for groups with member=user_dn. This returns the correct list of direct parents only.
Patches 0001 and 0002 are unchanged from the previous submission, they're just included to make it easier to keep track.
I found a bug where I wasn't checking if the reply from a sysdb lookup was ENOENT (which is valid) and was returning it as an error.
New patches attached.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/08/2010 02:57 PM, Stephen Gallagher wrote:
On 10/08/2010 10:37 AM, Stephen Gallagher wrote:
On 10/08/2010 07:54 AM, Stephen Gallagher wrote:
On 10/08/2010 06:25 AM, Sumit Bose wrote:
the tmp_ctx in rfc2307bis_nested_groups_incomplete_groups_save() needs to be initialised to NULL.
Good catch. Fixed.
I discovered a bug in the original patch 0003. I was asking the sysdb for the list of memberOf entries for the user so I could compare it with the list I was getting from LDAP.
However, the sysdb lists nested parents in memberOf, not just direct parents, so I was getting errors trying to delete the user as a member from the toplevel parent groups.
The new version of patch 0003 now does a search through the groups for groups with member=user_dn. This returns the correct list of direct parents only.
Patches 0001 and 0002 are unchanged from the previous submission, they're just included to make it easier to keep track.
I found a bug where I wasn't checking if the reply from a sysdb lookup was ENOENT (which is valid) and was returning it as an error.
New patches attached.
Jakub discovered a bug with deep nesting. I only fixed the direct membership lookup for users, but not for other groups.
This version of the patch combines this into a common routine so that both users and groups check for direct parentage in the sysdb.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/08/2010 10:14 PM, Stephen Gallagher wrote:
Jakub discovered a bug with deep nesting. I only fixed the direct membership lookup for users, but not for other groups.
This version of the patch combines this into a common routine so that both users and groups check for direct parentage in the sysdb.
ACK!
Great work.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/08/2010 05:37 PM, Jakub Hrozek wrote:
On 10/08/2010 10:14 PM, Stephen Gallagher wrote:
Jakub discovered a bug with deep nesting. I only fixed the direct membership lookup for users, but not for other groups.
This version of the patch combines this into a common routine so that both users and groups check for direct parentage in the sysdb.
ACK!
Great work.
Pushed to sssd-1-2.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
sssd-devel@lists.fedorahosted.org
-
Jakub Hrozek -
Stephen Gallagher -
Sumit Bose