[Freeipa-devel] [PATCH] 0159-0160 Support ID views in compat tree
Ludwig Krispenz
lkrispen at redhat.com
Mon Oct 6 14:30:25 UTC 2014
Hi Alex,
one quick comment:
I'm afraid the only case where slapi_search_internal_pb() returns -1 is
if you don't provide a pblock. In all other cases it returns 0 and you
have to check:
slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
Ludwig
Ludwig
On 10/01/2014 06:16 PM, Alexander Bokovoy wrote:
> Hi!
>
> Attached are patches to add support of FreeIPA ID views to Schema
> compatibility plugin (slapi-nis). There are two patches for FreeIPA and
> a separate patch for slapi-nis. Patches can be applied independently; if
> old slapi-nis is installed, it will simply work with new configuration
> but do nothing with respect to answering to requests using host-specific
> ID views.
>
> I included documentation on how slapi-nis ID views feature supposed to
> work, available in slapi-nis/doc/ipa/ipa-sch.txt. Any comments and fixes
> are welcome. There are no additional tests in slapi-nis to cover compat
> trees, we have multiple tests in FreeIPA for this purpose, will be run
> as part of FreeIPA CI effort.
>
> FreeIPA patches add ACIs for accessing ID view-applied entries over
> compat tree. They also include additional configuration; this
> configuration is needed to properly resolve ID view overrides when
> creating compat entries.
>
> A second FreeIPA patch adds support to override login shell. This part
> was missing from the original patchset by Tomas.
>
> For trusted AD users one needs patches to SSSD 1.12.2, made by Sumit
> Bose. There is also a regression (fixed by Sumit as well) that prevents
> authentication of AD users over PAM which affects authentication over
> compat tree. With the patch from Sumit authentication works again, both
> with ID view and without it.
>
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141006/fcbf263b/attachment.htm>
More information about the Freeipa-devel
mailing list