[Freeipa-devel] [PATCH] 0159-0160 Support ID views in compat tree
Ludwig Krispenz
lkrispen at redhat.com
Mon Oct 6 14:59:52 UTC 2014
On 10/06/2014 04:57 PM, Ludwig Krispenz wrote:
>
> On 10/06/2014 04:44 PM, Alexander Bokovoy wrote:
>> On Mon, 06 Oct 2014, Ludwig Krispenz wrote:
>>> Hi Alex,
>>>
>>> one quick comment:
>>> I'm afraid the only case where slapi_search_internal_pb() returns -1
>>> is if you don't provide a pblock. In all other cases it returns 0
>>> and you have to check:
>>> slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
>> Uhm, there are few more cases:
>>
>> - when filter string is NULL;
>> - when scope is wrong
>> - when building a filter struct failed due to memory or syntax error
> these are returns from search_internal_callback_pb(). But
> slapi_search_internal_pb() calls slapi_search_internal_pb() which just
> does:
slapi_search_internal_pb() calls search_internal_pb()
>
> search_internal_callback_pb (pb, &psid,
> internal_plugin_result_callback,
> internal_plugin_search_entry_callback,
> internal_plugin_search_referral_callback);
> opresult = psid.rc;
> ...
> and does not care what search_internal_callback_pb() returns.
>>
>> If return from slapi_search_internal_pb() is 0, we are at least got to
>> op_shared_search() so we are dealing with the consequence of actually
>> running the search. I'll add one more check for the result (I had it in
>> one of original versions before simplification), thanks.
>>
>>>
>>> Ludwig
>>>
>>> Ludwig
>>> On 10/01/2014 06:16 PM, Alexander Bokovoy wrote:
>>>> Hi!
>>>>
>>>> Attached are patches to add support of FreeIPA ID views to Schema
>>>> compatibility plugin (slapi-nis). There are two patches for FreeIPA
>>>> and
>>>> a separate patch for slapi-nis. Patches can be applied
>>>> independently; if
>>>> old slapi-nis is installed, it will simply work with new configuration
>>>> but do nothing with respect to answering to requests using
>>>> host-specific
>>>> ID views.
>>>>
>>>> I included documentation on how slapi-nis ID views feature supposed to
>>>> work, available in slapi-nis/doc/ipa/ipa-sch.txt. Any comments and
>>>> fixes
>>>> are welcome. There are no additional tests in slapi-nis to cover
>>>> compat
>>>> trees, we have multiple tests in FreeIPA for this purpose, will be run
>>>> as part of FreeIPA CI effort.
>>>>
>>>> FreeIPA patches add ACIs for accessing ID view-applied entries over
>>>> compat tree. They also include additional configuration; this
>>>> configuration is needed to properly resolve ID view overrides when
>>>> creating compat entries.
>>>>
>>>> A second FreeIPA patch adds support to override login shell. This part
>>>> was missing from the original patchset by Tomas.
>>>>
>>>> For trusted AD users one needs patches to SSSD 1.12.2, made by Sumit
>>>> Bose. There is also a regression (fixed by Sumit as well) that
>>>> prevents
>>>> authentication of AD users over PAM which affects authentication over
>>>> compat tree. With the patch from Sumit authentication works again,
>>>> both
>>>> with ID view and without it.
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-devel mailing list
>>>> Freeipa-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>
>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
More information about the Freeipa-devel
mailing list