SSSD / sssd

Clone

919b5d7 ipa: check for SYSDB_OVERRIDE_DN in process_members and get_group_dn_list

1 file Authored by sbose 6 years ago, Committed by lslebodn 6 years ago,
raw patch tree parent
1 file changed. 84 lines added. 63 lines removed.
src/providers/ipa/ipa_s2n_exop.c
file modified
+84 -63 
    ipa: check for SYSDB_OVERRIDE_DN in process_members and get_group_dn_list
    
    process_members() and get_group_dn_list() are used on an IPA client to
    determine a list of users or groups which are missing in the cache and
    are needed to properly add a group or user object to the cache
    respectively.
    
    If a non-default view is assigned to the client the SYSDB_OVERRIDE_DN
    must be set for all user and group objects to indicate that it was
    already checked if there is an id-override defined for the object or
    not. There a circumstances were SYSDB_OVERRIDE_DN is not set, e.g. after
    a view name change. To make sure the cache is in a consistent state with
    this patch  user and group entries without SYSDB_OVERRIDE_DN are
    considered as missing is a non-default view is assigned to the client.
    
    Related to https://pagure.io/SSSD/sssd/issue/3579
    
    Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
file modified
+84 -63
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.