#625 enumeration improvements for RFC 2307
Closed: Fixed None Opened 10 years ago by jhrozek.

These improvements were proposed by Simo on sssd-devel:

If we use rfc2307 classic with memberUid attributes, we can just create the fake/expired users and be done with it. The meberUid attribute contains the valid username so instead of fetching all users members of such a group we can simply create fake users and marked them expired (so if you call getpwnam(username) they will be refreshed).

The reason we need objects is that you need a DN to add a member to the group

Keep in mind that creating fake users may require other changes in the code to make sure they are never reported on enumerations or direct request. They will not have any valid attribute that we should report.
I think we might set the UID to 0 and therefore have them autometically filtered, but it may make sense instead to not set any uidnumber at all and make sure that code does not abort but simply skip any user that does not have uidNumber set.

We could also add a new attribute with a flag, but I am not sure I like the solution as it requires us to check its presence and remove it when we refresh a user, making it easier to mess up if we forget in some code path.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.2.4

Fields changed

owner: somebody => jhrozek

In 1.2, fixed by 5cdb4db

status: new => assigned

I'm closing this ticket. The porting to the master branch is now being tracked in ticket #646.

fixedin: => 1.2.4
resolution: => fixed
status: assigned => closed
tests: 0 => 1

Fields changed

rhbz: => 0

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.2.4

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1667

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.