URL: https://github.com/SSSD/sssd/pull/5613
Title: #5613: ipa: read auto_private_groups from id range if available
sumit-bose commented:
"""
Hi,
some additional observations. The setting is inherited but only after multiple
refreshes:
```
[r...@master.ipa.vm /var/log/sssd]# systemctl stop sssd ; rm -rf
/var/log/sssd/* /var/lib/sss/db/* ; systemctl start sssd
[r...@master.ipa.vm /var/log/sssd]# grep 'mpg m' *
sssd_ipa.vm.log:(2021-05-05 14:41:22): [be[ipa.vm]] [ipa_subdom_store]
(0x0400): Range mpg mode for ad.vm: true
sssd_ipa.vm.log:(2021-05-05 14:41:22): [be[ipa.vm]] [ipa_subdom_store]
(0x0400): Domain mpg mode for ad.vm: true
sssd_ipa.vm.log:(2021-05-05 14:41:22): [be[ipa.vm]] [ipa_subdom_store]
(0x0400): Range mpg mode for child.ad.vm: default
sssd_ipa.vm.log:(2021-05-05 14:41:22): [be[ipa.vm]] [ipa_subdom_store]
(0x0400): Domain mpg mode for child.ad.vm: false
[r...@master.ipa.vm /var/log/sssd]# getent passwd dwqdqw@fewfw.fewff
[r...@master.ipa.vm /var/log/sssd]# grep 'mpg m' *
sssd_ipa.vm.log:(2021-05-05 14:41:22): [be[ipa.vm]] [ipa_subdom_store]
(0x0400): Range mpg mode for ad.vm: true
sssd_ipa.vm.log:(2021-05-05 14:41:22): [be[ipa.vm]] [ipa_subdom_store]
(0x0400): Domain mpg mode for ad.vm: true
sssd_ipa.vm.log:(2021-05-05 14:41:22): [be[ipa.vm]] [ipa_subdom_store]
(0x0400): Range mpg mode for child.ad.vm: default
sssd_ipa.vm.log:(2021-05-05 14:41:22): [be[ipa.vm]] [ipa_subdom_store]
(0x0400): Domain mpg mode for child.ad.vm: false
sssd_ipa.vm.log:(2021-05-05 14:42:30): [be[ipa.vm]] [ipa_subdom_store]
(0x0400): Range mpg mode for ad.vm: true
sssd_ipa.vm.log:(2021-05-05 14:42:30): [be[ipa.vm]] [ipa_subdom_store]
(0x0400): Domain mpg mode for ad.vm: true
sssd_ipa.vm.log:(2021-05-05 14:42:30): [be[ipa.vm]] [ipa_subdom_store]
(0x0400): Range mpg mode for child.ad.vm: true
sssd_ipa.vm.log:(2021-05-05 14:42:30): [be[ipa.vm]] [ipa_subdom_store]
(0x0400): Domain mpg mode for child.ad.vm: true
```
But even then it looks like a restart is required for the option to start to
work.
With `hybrid` it is the same, please note the `hybrid` is special in the sense
that it is completely handled in the responder. While looking at the related
commit 2ea38097dc62963403f77c96946a93f8aae11a44 it looks like it is only
handled in the nss responder. Maybe it would be better to move the whole logic
into cache_req? But this does not have to be part of this PR. Here it should be
sufficient to make sure the options read from the server at startup if the
cache is empty are available in the nss responder as well.
bye,
Sumit
"""
See the full comment at
https://github.com/SSSD/sssd/pull/5613#issuecomment-832757212
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
