Hi,
[PATCH 1/3] AD: Only connect to GC for subdomain users https://fedorahosted.org/sssd/ticket/2251
By connecting to GC for users from both trusted domains and parent domain, we lose the ability to download the shell and homedir if these are used with ID mapping.
This patch changes the user lookups only. Changing the logic for all lookups would break cross-domain group memberships, for example.
[PATCH 2/3] MAN: Clarify the GC support a bit It should be noted that disabling GC does *not* disable lookups from trusted domains. Disabling GC might be a a good way for admins who wish to use POSIX attributes in trusted domains and the man page should hint this option.
[PATCH 3/3] AD: Use the right memory context The caller would typically use the same combination of context as this bug implies, but we should use the passed-in context anyway.
On Wed, Mar 05, 2014 at 12:55:31PM +0100, Jakub Hrozek wrote:
[PATCH 3/3] AD: Use the right memory context The caller would typically use the same combination of context as this bug implies, but we should use the passed-in context anyway.
Self-nack, this patch breaks the unit tests. The other two patches are still valid.
On Fri, Mar 07, 2014 at 01:03:26PM +0100, Jakub Hrozek wrote:
On Wed, Mar 05, 2014 at 12:55:31PM +0100, Jakub Hrozek wrote:
[PATCH 3/3] AD: Use the right memory context The caller would typically use the same combination of context as this bug implies, but we should use the passed-in context anyway.
Self-nack, this patch breaks the unit tests. The other two patches are still valid.
After more careful check, the third patch was incorrect. The first two patches still should be reviewed and I'm attaching them to avoid more confusion.
On 03/09/2014 10:21 PM, Jakub Hrozek wrote:
On Fri, Mar 07, 2014 at 01:03:26PM +0100, Jakub Hrozek wrote:
On Wed, Mar 05, 2014 at 12:55:31PM +0100, Jakub Hrozek wrote:
[PATCH 3/3] AD: Use the right memory context The caller would typically use the same combination of context as this bug implies, but we should use the passed-in context anyway.
Self-nack, this patch breaks the unit tests. The other two patches are still valid.
After more careful check, the third patch was incorrect. The first two patches still should be reviewed and I'm attaching them to avoid more confusion.
Ack to both.
On Tue, Mar 11, 2014 at 05:04:44PM +0100, Pavel Březina wrote:
On 03/09/2014 10:21 PM, Jakub Hrozek wrote:
On Fri, Mar 07, 2014 at 01:03:26PM +0100, Jakub Hrozek wrote:
On Wed, Mar 05, 2014 at 12:55:31PM +0100, Jakub Hrozek wrote:
[PATCH 3/3] AD: Use the right memory context The caller would typically use the same combination of context as this bug implies, but we should use the passed-in context anyway.
Self-nack, this patch breaks the unit tests. The other two patches are still valid.
After more careful check, the third patch was incorrect. The first two patches still should be reviewed and I'm attaching them to avoid more confusion.
Ack to both.
Thank you for the review, pushed to master and sssd-1-11
sssd-devel@lists.fedorahosted.org
-
Jakub Hrozek -
Pavel Březina