URL:
https://github.com/SSSD/sssd/pull/402
Title: #402: LDAP: Allow autogenerating user-private groups
fidencio commented:
"""
A few nitpicks:
- **CONFIG: Add a new option auto_private_groups**:
```
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index c20cb53ca..a02822481 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -938,7 +938,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
ret = get_entry_as_bool(res->msgs[0], &domain->mpg,
CONFDB_DOMAIN_AUTO_UPG, 0);
- if(ret != EOK) {
+ if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Invalid value for %s\n", CONFDB_DOMAIN_AUTO_UPG);
goto done;
```
- **SDAP: Allow the mpg flag for the main domain**:
```
diff --git a/src/providers/ldap/sdap_async_users.c
b/src/providers/ldap/sdap_async_users.c
index 34c0eabb0..7338b4a15 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -424,7 +424,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
"Missing GID, won't save the %s attribute\n",
SYSDB_PRIMARY_GROUP_GIDNUM);
- /* Store a the UID as GID (since we're in a MPG domain so that it
doesn't
+ /* Store the UID as GID (since we're in a MPG domain so that it
doesn't
* get treated as a missing attribute and removed
*/
ret = sdap_replace_id(attrs, SYSDB_GIDNUM, uid);
```
- **LDAP: Turn by-GID request into by-UID request for MPG domains if needed**:
```
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index bd988f0dd..9f0c762e9 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -1165,7 +1165,6 @@ static errno_t groups_get_handle_no_group(struct tevent_req *req)
return ret;
}
break;
-
case BE_FILTER_IDNUM:
gid = (gid_t) strtouint32(state->filter_value, &endptr, 10);
if (errno || *endptr || (state->filter_value == endptr)) {
@@ -1181,14 +1180,12 @@ static errno_t groups_get_handle_no_group(struct tevent_req
*req)
return ret;
}
break;
-
case BE_FILTER_SECID:
case BE_FILTER_UUID:
/* Since it is not clear if the SID/UUID belongs to a user or a
* group we have nothing to do here. */
ret = EOK;
break;
-
case BE_FILTER_WILDCARD:
/* We can't know if all groups are up-to-date, especially in
* a large environment. Do not delete any records, let the
@@ -1196,7 +1193,6 @@ static errno_t groups_get_handle_no_group(struct tevent_req *req)
*/
ret = EOK;
break;
-
default:
ret = EINVAL;
break;
```
"""
See the full comment at
https://github.com/SSSD/sssd/pull/402#issuecomment-336805797