[Freeipa-devel] [PATCH] 0159-0160 Support ID views in compat tree
Martin Kosek
mkosek at redhat.com
Thu Oct 9 11:13:45 UTC 2014
On 10/09/2014 01:02 PM, Alexander Bokovoy wrote:
> On Thu, 09 Oct 2014, Alexander Bokovoy wrote:
>> On Thu, 09 Oct 2014, Martin Kosek wrote:
>>> On 10/09/2014 09:33 AM, Ludwig Krispenz wrote:
>>>> all the issues I found are fixed, for me it's ACK
>>>>
>>>> On 10/08/2014 07:50 PM, Alexander Bokovoy wrote:
>>>>> On Tue, 07 Oct 2014, Ludwig Krispenz wrote:
>>>>>> Hi Alex,
>>>>>>
>>>>>> I have a question regarding cbdata.target. It is/was a reference to the
>>>>>> pblock used to generate a new dn, but now in
>>>>>> idview_replace_target_dn(&cbdata.target,...) it can be newly allocated and
>>>>>> should be freed, so I think there should be a return code indicating if it
>>>>>> was allocated or not.
>>>>> Yes, good catch.
>>>>>
>>>>> I've fixed this and other issues raised in the review.
>>>>>
>>>>> I also fixed an issue with an initial lookup by an override. If someone
>>>>> does a search by an override, we would replace uid|cn=<value> by
>>>>> uid=<ipaOriginalUid value> if it exists and by <ipaAnchorUUID value>
>>>>> otherwise -- for groups we don't have ipaOriginalUid as they don't have
>>>>> uids. Now, the filter would look like (ipaAnchorUUID=:SID:S-...) and if
>>>>> there is no entry in the map cache, the search will return nothing, the
>>>>> entry will be staged for lookup through SSSD.
>>>>>
>>>>> In the original version lookup in SSSD didn't take ipaAnchorUUID into
>>>>> account, so the entry would not be found at all. I did add a call to
>>>>> do sid2name first and then use the name to perform actual SSSD lookup.
>>>>>
>>>>> Works nicely now.
>>>>>
>>>>> New patch for slapi-nis is attached.
>>>
>>> Great! What is the next step? If Nalin (CCed) is OK with the slapi-nis changes
>>> as well, it would be great to have that pushed there.
>>>
>>> Alexander, do you plan to do any other changes in slapi-nis in scope of FreeIPA
>>> 4.1? When the changes are ready, it would be nice to get slapi-nis released so
>>> that we can bump FreeIPA slapi-nis requires.
>> No more changes are planned right now. If Nalin would grant me write
>> access to slapi-nis.git on fedorahosted.org, I can handle release in Fedora
>> already.
> Never say never. The moment I've sent this email, I've realized I need
> to fix https://bugzilla.redhat.com/show_bug.cgi?id=1130131
>
> The patch is sent in a separate email.
Seen that, thanks! BTW what about
#4435 Trusted AD users are not resovable in netgroups
#4403 [RFE] compat tree: show AD members of IPA groups
do you see this also as something that would fit in slapi-nis in 4.1?
Martin
More information about the Freeipa-devel
mailing list