Am Montag 27 September 2010, 16:37:14 schrieb Simo Sorce:
> On Fri, 24 Sep 2010 16:31:24 +0200
>
> Ralf Haferkamp <rha...@suse.de> wrote:
> > Hi,
> >
> > find updated patches attached. (Rebased against current master)
> >
> > Am Donnerstag 23 September 2010, 20:02:20 schrieb Stephen Gallagher:
> > > On 09/20/2010 11:13 AM, Ralf Haferkamp wrote:
> > [..]
> >
> > > Patch 0001: Ack. This looks fine to me.
>
> Uhmm I think I see an issue in patch 1.
>
> It looks to me that we fail the operation if we have no members in a
> group as when calling sysdb_attrs_get_el() sdap_save_group() now
> treats ENOENT just like a fatal error.
Hm, I am not sure what call to sysdb_attrs_get_el() you are referring
to, but if I understand the sysdb_attrs_get_el() code correctly it will
never return ENOENT.
It just calls sysdb_attrs_get_el_int with alloc=true in that case the
only error that can return is ENOMEN. Did I overlook something?
IIRC I explicitly tested the code with empty groups.
> Although uncommon I think we should handle empty groups.
Of course.
> Also I have a cosmetic request. It took sometimes to me to understand
> what the name sysdb_member_dns meant. Would it be possible to rename
> it to something like populate_members/resolve/members/fetch_members
> or something similar ? It would make it easier to understand it is an
> option that does something like store_members, just different.
Ok. Find updated patch attached.
--
Ralf
From bdd2b5877a0eeb0dbe0578390e4cd819776bbf2e Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rha...@suse.de>
Date: Mon, 27 Sep 2010 21:33:41 +0200
Subject: [PATCH 1/2] Shortcut for save_group() to accept sysdb DNs as member attributes
Addtional parameter "populate_members" for save_group() and save_groups()
to indicate that the "member" attribute of the groups is populated with
sysdb DNs of the members (instead of LDAP DNs).
---
src/providers/ldap/sdap_async_accounts.c | 23 +++++++++++++++++++----
1 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c
index 95f3b0d..b71e6d5 100644
--- a/src/providers/ldap/sdap_async_accounts.c
+++ b/src/providers/ldap/sdap_async_accounts.c
@@ -609,6 +609,7 @@ static int sdap_save_group(TALLOC_CTX *memctx,
struct sss_domain_info *dom,
struct sysdb_attrs *attrs,
bool store_members,
+ bool populate_members,
char **_timestamp)
{
struct ldb_message_element *el;
@@ -697,7 +698,19 @@ static int sdap_save_group(TALLOC_CTX *memctx,
}
}
- if (store_members) {
+ if (populate_members) {
+ struct ldb_message_element *el1;
+ ret = sysdb_attrs_get_el(attrs, opts->group_map[SDAP_AT_GROUP_MEMBER].sys_name, &el1);
+ if (ret != EOK) {
+ goto fail;
+ }
+ ret = sysdb_attrs_get_el(group_attrs, SYSDB_MEMBER, &el);
+ if (ret != EOK) {
+ goto fail;
+ }
+ el->values = el1->values;
+ el->num_values = el1->num_values;
+ } else if (store_members) {
ret = sysdb_attrs_get_el(attrs,
opts->group_map[SDAP_AT_GROUP_MEMBER].sys_name, &el);
if (ret != EOK) {
@@ -808,6 +821,7 @@ static int sdap_save_groups(TALLOC_CTX *memctx,
struct sdap_options *opts,
struct sysdb_attrs **groups,
int num_groups,
+ bool populate_members,
char **_timestamp)
{
TALLOC_CTX *tmpctx;
@@ -848,7 +862,7 @@ static int sdap_save_groups(TALLOC_CTX *memctx,
/* if 2 pass savemembers = false */
ret = sdap_save_group(tmpctx, sysdb,
opts, dom, groups[i],
- (!twopass), ×tamp);
+ (!twopass), populate_members, ×tamp);
/* Do not fail completely on errors.
* Just report the failure to save and go on */
@@ -872,7 +886,7 @@ static int sdap_save_groups(TALLOC_CTX *memctx,
}
}
- if (twopass) {
+ if (twopass && !populate_members) {
for (i = 0; i < num_groups; i++) {
@@ -988,6 +1002,7 @@ static void sdap_get_groups_process(struct tevent_req *subreq)
ret = sdap_save_groups(state, state->sysdb,
state->dom, state->opts,
state->groups, state->count,
+ false,
&state->higher_timestamp);
if (ret) {
DEBUG(2, ("Failed to store groups.\n"));
@@ -1355,7 +1370,7 @@ static void sdap_initgr_nested_store(struct tevent_req *req)
state = tevent_req_data(req, struct sdap_initgr_nested_state);
ret = sdap_save_groups(state, state->sysdb, state->dom, state->opts,
- state->groups, state->groups_cur, NULL);
+ state->groups, state->groups_cur, false, NULL);
if (ret) {
tevent_req_error(req, ret);
return;
--
1.7.1
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
