f9e4c93 sysdb_sudo: completely replace old object instead of merging it

Authored and Committed by fidencio 5 years ago
    sysdb_sudo: completely replace old object instead of merging it
    
    Let's make sure that we do not merge two record in sysdb_sudo.
    
    1) If there are two rules with the same cn (possible with multiple search bases
    or organizational units) we would end up merging those two rules instead of
    choosing one of them.
    
    2) Also smart refresh would merge the diff insteand of removing the attributes
    that are no longer present in ldap.
    
    Since 1) is a rare use case and it is a misconfiguration we completely replace
    the old rule with new one. It is simpler to implement and it solves both issues.
    
    Resolves:
    https://pagure.io/SSSD/sssd/issue/3558
    
    Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
    Reviewed-by: Pavel Březina <pbrezina@redhat.com>
    
        
file modified
+8 -0