URL: https://github.com/SSSD/sssd/pull/85 Title: #85: SYSDB: Removing of sysdb_try_to_find_expected_dn()
sumit-bose commented: """ I think sdap_object_in_domain() and sdap_domain_get_by_dn() are working as expected, only the debug message in the code-block you cited should be corrected to some thing like "The original DN of the group cannot be related to any search base". sdap_object_in_domain() assumes by default that the given object belongs to the given group which can be seen in the handling of the missing DN. So it makes sense that if the DN cannot be matched to any search bases to assume the same, i.e. 'return true;'. When test_user_is_from_another_domain() is run there is only one domain, "domain.test.com", available in opts->sdom when sdap_domain_get_by_dn() is called. The search base does not match to the DN of the object from "another_domain.test.com" and NULL is returned. If you setup the test so that there is at least "another_domain.test.com" in the opt->sdom list as well sdap_domain_get_by_dn() can return the domain and in sdap_object_in_domain() false can be returned because the domains are not the same. HTH bye, Sumit """ See the full comment at https://github.com/SSSD/sssd/pull/85#issuecomment-273496307
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
