On Tue, Nov 20, 2012 at 03:20:06PM +0100, Pavel Březina wrote: > We should propagate the built-in sid error instead of misusing id. Maybe > return IDMAP* directly and return errno value in new output parameter. >
I actually think that using a special ID value is OK. We've been treating the UID and GID 0 as a special case before anyway for the fake users and groups. Also sdap_idmap_sid_to_unix() is supposed to return errno and not IDMAP* anyway, so even if we introduced a new IDMAP* return code, we would have to translate it into an (errno, id) tuple. The NSS responder would skip groups with a zero GID anyway. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
