#1960 [RFE] Add range type for ID mapping in AD to libsss_idmap
Closed: Fixed None Opened 5 years ago by sbose.

The idea is that ranges for IDs from AD can be used in libsss_idmap as well, but whenever a mapping is requested for this range a specific error code like IDMAP_ASK_AD_FOR_MAPPING is returned to tell SSSD to do an AD lookup. This way SSSD does not need to inspect the ranges itself but all is done inside if libsss_idmap.

Additionally a new call is needed to check whether the returned externally managed ID belongs to a configured range, if not the ID cannot be mapped in the given configuration and the related object should be ignored.


Fields changed

owner: somebody => sbose
status: new => assigned

Fields changed

description: Add a range type to handle mappings in AD The idea is that ranges for IDs from AD can be used in libsss_idmap as well, but whenever a mapping is requested for this range a specific error code like IDMAP_ASK_AD_FOR_MAPPING is returned to tell SSSD to do an AD lookup. This way SSSD does not need to inspect the ranges itself but all is done inside if libsss_idmap. => The idea is that ranges for IDs from AD can be used in libsss_idmap as well, but whenever a mapping is requested for this range a specific error code like IDMAP_ASK_AD_FOR_MAPPING is returned to tell SSSD to do an AD lookup. This way SSSD does not need to inspect the ranges itself but all is done inside if libsss_idmap.

Additionally a new call is needed to check whether the returned externally managed ID belongs to a configured range, if not the ID cannot be mapped in the given configuration and the related object should be ignored.

A sub ticket of the 1.11 feature.

rhbz: => 0

Fields changed

patch: 0 => 1

resolution: => fixed
status: assigned => closed

Metadata Update from @sbose:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.11 beta

2 years ago

Login to comment on this ticket.

Metadata