-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/22/2011 02:35 PM, Jakub Hrozek wrote: > On 03/22/2011 06:36 PM, Jakub Hrozek wrote: >> Fixes: >> https://fedorahosted.org/sssd/ticket/822 > >> [PATCH 1/2] Add originalDN to fake groups >> Since we are storing expired groups during initgroups now and some of >> the group processing routines depend on originalDN, I think the >> originalDN should be stored with the fake groups. > >> This would help for instance sdap_nested_group_process_step() which >> would find the expired group in sysdb and refresh it immediately instead >> of trying blind lookup for users and then groups. > >> [PATCH 2/2] Use fake groups during IPA schema initgroups >> Do not just store non-expired groups from LDAP during initgroups and >> risks that some of the members might not be there. Instead, add fake >> groups for those that are not yet cached and build correct >> member/memberof relationship. > >> There's one more optimization I'd like to make, although I'm not sure if >> it is 1.5 material. Since we do not fetch the memberof attribute for >> LDAP groups, we must look at all groups when searching for direct >> parents for a group (see sdap_initgr_nested_get_direct_parents()). > >> Having the memberof attribute would allow for an optimization where we >> would first filter all parents and then just the direct ones. That would >> be very similar to what we can do for the user since we search the >> groups based on users' memberof anyway. > >> Jakub > > Attached patches are rebased on top of Stephen's multiname patches. >
Nack. The rebase needs to add support for sysdb_attrs_primary_name() in sdap_initgr_nested_store_group() (instead of sysdb_attrs_get_string(SYSDB_NAME)) Otherwise, this would be regressing functionality from my multiname patches. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2I8qoACgkQeiVVYja6o6NDbgCfZWjOB+Vuw2TY8PZUmt/IiU57 PE0AnjS0AjCpVUixVNBrEh09hHsXB1vU =TVCc -----END PGP SIGNATURE----- _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel