On Mon, Nov 12, 2012 at 01:34:01PM -0500, Simo Sorce wrote:
On Mon, 2012-11-12 at 17:49 +0100, Jakub Hrozek wrote:
Please see the patch and the commit message.
Why not simply do the operation but not fail on errors ?
We delete the user entry the member attribute points to when we finish the inner loop.
Is the operation really unnecessary ?
Here's what we do:
for fake_user in sysdb: user_name = get_attr("name") user_dn = get_attr("dn") for mb in memberof_attr(fake_user): ldb_msg = ldb_msg_new() ldb_msg->dn = mb add_attribute(ldb_msg, "ghost", name) remove_attribute(ldb_msg, "member", user_dn) end
ldb_delete(user_dn) end
There's no guarantee a group on a higher nesting level will contain the member attribute, moreover the object that the user_dn points to will be removed after the inner loop finishes so the memberof plugin will remove the member links on its own.
On Mon, 2012-11-12 at 20:17 +0100, Jakub Hrozek wrote:
On Mon, Nov 12, 2012 at 01:34:01PM -0500, Simo Sorce wrote:
On Mon, 2012-11-12 at 17:49 +0100, Jakub Hrozek wrote:
Please see the patch and the commit message.
Why not simply do the operation but not fail on errors ?
We delete the user entry the member attribute points to when we finish the inner loop.
Is the operation really unnecessary ?
Here's what we do:
for fake_user in sysdb: user_name = get_attr("name") user_dn = get_attr("dn") for mb in memberof_attr(fake_user): ldb_msg = ldb_msg_new() ldb_msg->dn = mb add_attribute(ldb_msg, "ghost", name) remove_attribute(ldb_msg, "member", user_dn) end
ldb_delete(user_dn)end
There's no guarantee a group on a higher nesting level will contain the member attribute, moreover the object that the user_dn points to will be removed after the inner loop finishes so the memberof plugin will remove the member links on its own.
Oh right, in this case ack to your patch, it really is useless.
Simo.
On Mon, Nov 12, 2012 at 03:43:16PM -0500, Simo Sorce wrote:
On Mon, 2012-11-12 at 20:17 +0100, Jakub Hrozek wrote:
On Mon, Nov 12, 2012 at 01:34:01PM -0500, Simo Sorce wrote:
On Mon, 2012-11-12 at 17:49 +0100, Jakub Hrozek wrote:
Please see the patch and the commit message.
Why not simply do the operation but not fail on errors ?
We delete the user entry the member attribute points to when we finish the inner loop.
Is the operation really unnecessary ?
Here's what we do:
for fake_user in sysdb: user_name = get_attr("name") user_dn = get_attr("dn") for mb in memberof_attr(fake_user): ldb_msg = ldb_msg_new() ldb_msg->dn = mb add_attribute(ldb_msg, "ghost", name) remove_attribute(ldb_msg, "member", user_dn) end
ldb_delete(user_dn)end
There's no guarantee a group on a higher nesting level will contain the member attribute, moreover the object that the user_dn points to will be removed after the inner loop finishes so the memberof plugin will remove the member links on its own.
Oh right, in this case ack to your patch, it really is useless.
Pushed to master and sssd-1-9
sssd-devel@lists.fedorahosted.org
-
Jakub Hrozek -
Simo Sorce