<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Alex,<br>
<br>
one quick comment:<br>
I'm afraid the only case where slapi_search_internal_pb() returns -1
is if you don't provide a pblock. In all other cases it returns 0
and you have to check:<br>
slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &result);<br>
<br>
Ludwig<br>
<br>
Ludwig<br>
<div class="moz-cite-prefix">On 10/01/2014 06:16 PM, Alexander
Bokovoy wrote:<br>
</div>
<blockquote cite="mid:20141001161606.GA6186@redhat.com" type="cite">Hi!
<br>
<br>
Attached are patches to add support of FreeIPA ID views to Schema
<br>
compatibility plugin (slapi-nis). There are two patches for
FreeIPA and
<br>
a separate patch for slapi-nis. Patches can be applied
independently; if
<br>
old slapi-nis is installed, it will simply work with new
configuration
<br>
but do nothing with respect to answering to requests using
host-specific
<br>
ID views.
<br>
<br>
I included documentation on how slapi-nis ID views feature
supposed to
<br>
work, available in slapi-nis/doc/ipa/ipa-sch.txt. Any comments and
fixes
<br>
are welcome. There are no additional tests in slapi-nis to cover
compat
<br>
trees, we have multiple tests in FreeIPA for this purpose, will be
run
<br>
as part of FreeIPA CI effort.
<br>
<br>
FreeIPA patches add ACIs for accessing ID view-applied entries
over
<br>
compat tree. They also include additional configuration; this
<br>
configuration is needed to properly resolve ID view overrides when
<br>
creating compat entries.
<br>
<br>
A second FreeIPA patch adds support to override login shell. This
part
<br>
was missing from the original patchset by Tomas.
<br>
<br>
For trusted AD users one needs patches to SSSD 1.12.2, made by
Sumit
<br>
Bose. There is also a regression (fixed by Sumit as well) that
prevents
<br>
authentication of AD users over PAM which affects authentication
over
<br>
compat tree. With the patch from Sumit authentication works again,
both
<br>
with ID view and without it.
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-devel">https://www.redhat.com/mailman/listinfo/freeipa-devel</a></pre>
</blockquote>
<br>
</body>
</html>