URL: https://github.com/SSSD/sssd/pull/552 Title: #552: GPO: Store security CSE settings of all applicable GPOs
rdratlos commented: """ This PR provides an alternative solution to #551 to fix [#3680](https://pagure.io/SSSD/sssd/issue/3680). #551 falls short of fixing the root cause. Current SSSD GPO implementation is straight forward but can handle only a limited set of classical GPO use cases for AD network operators. One of them is network administrators splitting their security group policy into several GPOs. As [#3680](https://pagure.io/SSSD/sssd/issue/3680) outlines, some of the GPOs or GPO access rules may be emptied over time. SSSD implementation should reflect both, empty security GPOs and the underlying split of GPs. This patch is already part of a set of patches to fix and clean-up the GPO implementation as well as to adapt SSSD's GPO implementation to the recent development of GPO management in Samba AD and Microsoft AD. Unfortunately, the patch set relies on fixing issue [#3324](https://pagure.io/SSSD/sssd/issue/3324). The related [pull request](https://pagure.io/SSSD/sssd/pull-request/3320) currently lacks progress. Therefore, I have extracted the parts that are relevant for [#3680](https://pagure.io/SSSD/sssd/issue/3680) from the patch set and provide them here. They also include following one additional change required to improve GPO handling in general: - Store GP results in SSSD cache per CSE GUID Note: Currently only one CSE GUID (827D319E-6EAC-11D2-A4EA-00C04F79F83A) is implemented in SSSD. Please review this different approach and compare it against #551. """ See the full comment at https://github.com/SSSD/sssd/pull/552#issuecomment-381345441
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
