[Freeipa-devel] [PATCH] 0159-0160 Support ID views in compat tree
Alexander Bokovoy
abokovoy at redhat.com
Thu Oct 9 09:04:44 UTC 2014
On Thu, 09 Oct 2014, Martin Kosek wrote:
>On 10/09/2014 09:33 AM, Ludwig Krispenz wrote:
>> all the issues I found are fixed, for me it's ACK
>>
>> On 10/08/2014 07:50 PM, Alexander Bokovoy wrote:
>>> On Tue, 07 Oct 2014, Ludwig Krispenz wrote:
>>>> Hi Alex,
>>>>
>>>> I have a question regarding cbdata.target. It is/was a reference to the
>>>> pblock used to generate a new dn, but now in
>>>> idview_replace_target_dn(&cbdata.target,...) it can be newly allocated and
>>>> should be freed, so I think there should be a return code indicating if it
>>>> was allocated or not.
>>> Yes, good catch.
>>>
>>> I've fixed this and other issues raised in the review.
>>>
>>> I also fixed an issue with an initial lookup by an override. If someone
>>> does a search by an override, we would replace uid|cn=<value> by
>>> uid=<ipaOriginalUid value> if it exists and by <ipaAnchorUUID value>
>>> otherwise -- for groups we don't have ipaOriginalUid as they don't have
>>> uids. Now, the filter would look like (ipaAnchorUUID=:SID:S-...) and if
>>> there is no entry in the map cache, the search will return nothing, the
>>> entry will be staged for lookup through SSSD.
>>>
>>> In the original version lookup in SSSD didn't take ipaAnchorUUID into
>>> account, so the entry would not be found at all. I did add a call to
>>> do sid2name first and then use the name to perform actual SSSD lookup.
>>>
>>> Works nicely now.
>>>
>>> New patch for slapi-nis is attached.
>
>Great! What is the next step? If Nalin (CCed) is OK with the slapi-nis changes
>as well, it would be great to have that pushed there.
>
>Alexander, do you plan to do any other changes in slapi-nis in scope of FreeIPA
>4.1? When the changes are ready, it would be nice to get slapi-nis released so
>that we can bump FreeIPA slapi-nis requires.
No more changes are planned right now. If Nalin would grant me write
access to slapi-nis.git on fedorahosted.org, I can handle release in Fedora already.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list