#3803 Switch hbactest and external group membership to use getgrouplist() instead of GC search
Closed: Fixed None Opened 8 years ago by tbabej.

In 3.3 we are moving to use SSSD for resolving SIDS.

To stop searching AD's Global Catalog in our code, and therefore use SSSD for all the cases, we need be able to get a list of groups for hbactest. SSSD should provide that with getgrouplist(). Since getgrouplist() is not available in Python older than Python 3.3 by default, we need to create binding to it as pysss.getgrouplist().

We should change hbactest and external group membership implementation to use that interface.

Patch for SSSD to add pysss.getgrouplist() is posted for review on SSSD development list: https://lists.fedorahosted.org/pipermail/sssd-devel/2013-July/015833.html but it uncovered an error in SSSD processing of user private groups in IPA server mode.

HBAC test regression reported in Bug 848531 fixed:

master: faa820f[[BR]]
ipa-3-3: fdce36c

Metadata Update from @tbabej:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 3.3 - 2013/07

4 years ago

Login to comment on this ticket.