diff options
| author | Jan Zeleny <jzeleny@redhat.com> | 2012-04-23 04:46:33 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-05-31 15:46:26 -0400 |
| commit | 9bd757c0484e8c4eddeab98ec74773a5d5228532 (patch) | |
| tree | 319458bfd1c5a6a4b732f93b660b8f90d565f41e /src/db/sysdb_ssh.h | |
| parent | 15c4878ac7830d078ad1a948a08a79e8b93eab3f (diff) | |
| download | sssd-9bd757c0484e8c4eddeab98ec74773a5d5228532.tar.gz sssd-9bd757c0484e8c4eddeab98ec74773a5d5228532.tar.bz2 sssd-9bd757c0484e8c4eddeab98ec74773a5d5228532.zip | |
Ghost members - support in LDAP provider
The original approach was to store name and original DN in an object in
sysdb. When later referenced as member of a group, it was retrieved by
its original DN and the correct information about its sysdb DN was
stored in the group object which referenced it.
The new approach doesn't use fake user objects, therefore this
information has to be reached differently when constructing group
memberships. The approach is to store all users to a hash table where
original DN is used as the key and username as value. When constructing
group memberships, the name is retrieved from this hash table instead of
sysdb. This hash table is constructed when retrieving user objects from
LDAP server - if the user is not present in sysdb, it is automatically
stored in the hash table.
Another situation is for rfc2307. Because there is no nesting there, we
can construct the SYSDB_GHOST attribute directly and therefore don't
need a hash table of ghost users.
Diffstat (limited to 'src/db/sysdb_ssh.h')
0 files changed, 0 insertions, 0 deletions