> On 21 Sep 2018, at 20:36, gfb...@yahoo.com wrote: > > For our case, say we have a set of groups abcd..1, abcd..2 etc, all with the > same GID. I would expect the first lookup (e.g. abcd..1) to put an entry in > the cache. If there is then a lookup by GID, (getent group <GID>) it would > return this entry. However a lookup by name (e.g. abcd..2) would have to > query LDAP, right? Then what happens, does this new data overwrite the old > GID entry in the cache? Or is there some bug whereby sometimes a duplicate > entry gets made? Why is there a check for duplicates when a GID is looked up > as opposed to when an entry is placed in the cache?
I’m not so sure it would be a good idea to support this, honestly. What do you suggest would then be returned for lookups by GID (getgrgid 1234) if there are multiple entries with GID=1234 in the cache? Just let the first match win? I know this is what nss_ldap does, whatever is returned from LDAP is then passed on to NSS, but I’m mostly concerned about consistency, suppose a first machine does getent group abcd..1, another one does geten group abcd..2. Then you get a different result on each machine for by-GID request.. LDAP also doesn’t guarantee any ordering of results AFAIK (even though in practice I’ve seen the replies are quite consistent), so it’s even not guaranteed to always receive the same answer for the by-GID LDAP search.. btw it’s a good question to ask why isn’t the check done on saving the group. I thought it was and I see code that checks for ID uniqueness and even a test.. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
