On Fri, Jun 28, 2013 at 06:43:48PM +0200, Jakub Hrozek wrote: > Hi, > > the attached patches implement > https://fedorahosted.org/sssd/ticket/1962. When a new option, > ipa_server_mode is set to True, then subdomain/trusted users are not > looked up using the extop plugin but AD ID context is initialized and > the users are looked up directly with AD code. This is in support of > legacy clients looking up trusted AD users and groups.
Patches are working well, now trusted domain users and groups can have algorithmically mapped IDs or IDs from POSIX attributes from the trusted DC. [PATCH 1/8] IPA: Add a server mode option ACK [PATCH 2/8] LDAP: Add utility function sdap_copy_map > > + > + for (i = 0; i < num_entries; i++) { > + map[i].opt_name = src_map[i].opt_name; > + map[i].def_name = src_map[i].def_name; > + map[i].name = discard_const(src_map[i].def_name); > + map[i].sys_name = src_map[i].sys_name; > + I wonder if it would be safer in the long run to copy the values instead of the references. I think currently the options are not modified, but if a future patch starts to modify values there might be unexpected side effects? [PATCH 3/8] AD: decouple ad_id_ctx initialization ACK [PATCH 4/8] AD: initialize failover with custom realm, domain and failover service ACK I think it would be a good idea if someone is working on some code other then the initialization routines and sees some calls to configuration option to evaluate if the call is really needed at this place or if it would be possible to hand the value over as a parameter. This should make code more reusable. Using calls to the samba configuration management was identified as one of the reasons why some of the samba libraries are hard to use in other projects. Because it forces the other project to parse a smb.conf file. [PATCH 5/8] IPA: Initialize server mode ctx if server mode is on ACK [PATCH 6/8] AD: Move storing sdap_domain for subdomain to genericLDAP code ACK [PATCH 7/8] IPA: Create and remove AD id_ctx for subdomains discovered in server mode ACK [PATCH 8/8] IPA: Look up AD users directly if IPA server mode is on ACK Thank you. bye, Sumit _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel