[Freeipa-devel] [PATCH] 0159-0160 Support ID views in compat tree
Martin Kosek
mkosek at redhat.com
Thu Oct 9 08:05:51 UTC 2014
On 10/09/2014 09:33 AM, Ludwig Krispenz wrote:
> all the issues I found are fixed, for me it's ACK
>
> On 10/08/2014 07:50 PM, Alexander Bokovoy wrote:
>> On Tue, 07 Oct 2014, Ludwig Krispenz wrote:
>>> Hi Alex,
>>>
>>> I have a question regarding cbdata.target. It is/was a reference to the
>>> pblock used to generate a new dn, but now in
>>> idview_replace_target_dn(&cbdata.target,...) it can be newly allocated and
>>> should be freed, so I think there should be a return code indicating if it
>>> was allocated or not.
>> Yes, good catch.
>>
>> I've fixed this and other issues raised in the review.
>>
>> I also fixed an issue with an initial lookup by an override. If someone
>> does a search by an override, we would replace uid|cn=<value> by
>> uid=<ipaOriginalUid value> if it exists and by <ipaAnchorUUID value>
>> otherwise -- for groups we don't have ipaOriginalUid as they don't have
>> uids. Now, the filter would look like (ipaAnchorUUID=:SID:S-...) and if
>> there is no entry in the map cache, the search will return nothing, the
>> entry will be staged for lookup through SSSD.
>>
>> In the original version lookup in SSSD didn't take ipaAnchorUUID into
>> account, so the entry would not be found at all. I did add a call to
>> do sid2name first and then use the name to perform actual SSSD lookup.
>>
>> Works nicely now.
>>
>> New patch for slapi-nis is attached.
Great! What is the next step? If Nalin (CCed) is OK with the slapi-nis changes
as well, it would be great to have that pushed there.
Alexander, do you plan to do any other changes in slapi-nis in scope of FreeIPA
4.1? When the changes are ready, it would be nice to get slapi-nis released so
that we can bump FreeIPA slapi-nis requires.
Martin
More information about the Freeipa-devel
mailing list