abbra / slapi-nis

Forked from slapi-nis 6 years ago
Clone

e83cdaa track changes to ID overrides and evict map cache entries

Authored and Committed by abbra 6 years ago
    track changes to ID overrides and evict map cache entries
    
    Plug into a processing of LDAP add/delete/modify to see if an ID override entry
    was added/deleted/updated. ID overrides aren't directly used to produce
    map cache entries but when AD user or group is resolved, SSSD on IPA
    master amends that information with ID Override from a Default Trust
    View. Since nothing else would remove AD user or group entry from the map cache
    on ID override change, handle their removal here.
    
    Check if we have any nssswitch-generated entry in a map cache that
    corresponds to this entry. Such entries would be evicted from the map
    cache to allow their refresh.
    
    Allow backends to inspect entries related to a map set
    
    Entries may be related to a map set content but not used directly to
    generate it. An example would be ID overrides in FreeIPA. An addition,
    removal or change of an ID override in the Default Trust View should be
    reflected by evicting an entry from the corresponding seti.
    
    Let backends to handle exact logic. NIS backend does not support
    exposing AD users so it provides set of dummy callbacks that always
    return FALSE (entry is not related). Schema Compat backend, on other
    hand, does track ID overrides in a Default Trust View in FreeIPA.
    
        
file modified
+176 -0
file modified
+43 -12
file modified
+20 -0