Age | Commit message (Collapse) | Author | Files | Lines |
|
In order to fix https://fedorahosted.org/sssd/ticket/2093 the name of
the forest must be known for a member domain of the forest.
|
|
The enumerate flag will be read from the cache for subdomains and
the domain object will be created accordingly.
|
|
|
|
The parameter was not used at all.
|
|
|
|
The mpg flag will be read from the cache for subdomains and the domain
object will be created accordingly.
|
|
The information of a subdomain will use magic private groups (mpg) or
not will be stored together with other information about the domain in
the cache.
|
|
- Use a double-linked list for domains and subdomains.
- Never remove a subdomain, simply mark it as disabled if it becomes
unused.
- Rework the way subdomains are refreshed.
Now sysdb_update_subdomains() actually updates the current subdomains
and marks as disabled the ones not found in the sysdb or add new ones
found. It never removes them.
Removal of missing domains from sysdb is deferred to the providers,
which will perform it at refresh time, for the ipa provider that is
done by ipa_subdomains_write_mappings() now.
sysdb_update_subdomains() is then used to update the memory hierarchy
of the subdomains.
- Removes sysdb_get_subdomains()
- Removes copy_subdomain()
- Add sysdb_subdomain_delete()
|
|
struct sss_domain_info is always used to represent domains now.
Adjust tests accordingly.
|
|
Replaces sysdb_add_subdomain_attributes and is a public sysdb interface.
|
|
|
|
|
|
|
|
Now that the sysdb context does not contain anymore domain related data
we can simply stop creating faxe sysdb context and just reference the
parent context.
|
|
Finally remove this upside-down dependency.
|
|
A sysdb contains now multiple domains, but the mpg property is a
property of a specific domain not of the underlying database.
|
|
|
|
Also remove sysdb_delete_domgroup()
|
|
Also remove sysdb_delete_domuser()
|
|
Also remove sysdb_store_domgroup()
|
|
Also remove sysdb_store_domuser()
|
|
Also remove unused sysdb_search_domgroup_by_gid()
|
|
Also remove unused sysdb_search_domgroup_by_name()
|
|
Also remove unused sysdb_search_domuser_by_uid()
|
|
Also remove unused sysdb_search_domuser_by_name()
|
|
Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore
fqnames proper value in subdomains, by testing for a parent domain being
present or not.
|
|
https://fedorahosted.org/sssd/ticket/1612
This patch changes the handling of ghost attributes when saving the
actual user entry. Instead of always linking all groups that contained
the ghost attribute with the new user entry, the original member
attributes are now saved in the group object and the user entry is only
linked with its direct parents.
As the member attribute is compared against the originalDN of the user,
if either the originalDN or the originalMember attributes are missing,
the user object is linked with all the groups as a fallback.
The original member attributes are only saved if the LDAP schema
supports nesting.
|
|
The original sysdb code had a strong assumption that only users from one
domain are saved in the databse, with the subdomain feature, we have
changed reality, but have not adjusted all the code arund the sysdb calls
to not rely on the original assumption.
One of the side effects of this incongrunece is that currently group
memberships do not return fully qualified names for subdomain users as they
should.
In oreder to fix this and other potential issues surrounding the violation
of the original assumption, we need to fully qualify subdomain user names.
By savin them fully qualified we do not risk aliasing local users and have
group memberhips or other name based matching code mistake a domain user
with subdomain usr or vice versa.
|
|
|
|
|
|
|
|
This patch keeps a local copy of the subdomains in the ipa subdomains plugin
context.
This has 2 advantages:
1. allows to check if anything changed w/o always hitting the sysdb.
2. later will allows us to dump this information w/o having to retrieve it
again. The timestamp also allows to avoid refreshing too often.
|
|
This will be used later for setting domain_realm mappings in krb5.conf
|
|
The debuf message was trying to print the number of returned entries, but no
integer was provided.
Return ENOENT as the error for when there are no entries, not EINVAL.
|
|
|
|
|
|
|
|
|
|
Rename the structure to use a standard name prefix so it is properly
name-spaced, in preparation for changing the structure itself.
|
|
The query is performed only if there is missing information in the
cache. That means this should be done only once after restart when cache
doesn't exist. All subsequent requests for subdomains won't include the
request for master domain.
|
|
|