| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Without setting in_transaction=true, if the sysdb operations threw
an error, we wouldn't cancel the transaction.
|
|
|
|
We were cleaning up all groups that were expired and for which
there existed no user with memberOf: <thegroup> as an attribute.
This patch modifies the search to also check for cached users with
this group's GID as their primary GID.
Fixes https://fedorahosted.org/sssd/ticket/624
|
|
|
|
We need to make sure that if we didn't create the timeout, that we
cancel the request so there's no chance of ending up with two
enumerations/cleanups running simultaneously. We'll attempt to
reschedule later, if possible.
https://fedorahosted.org/sssd/ticket/524
|
|
|
|
|
|
|
|
|
|
When refactoring talloc_asprintf calls a check was left behind that
cased the backend to go offline immediately.
|
|
Implements a different mechanism for cleanup task. Instead of just
deleting expired entries, this patch adds a new option
account_cache_expiration for domains. If an entry is expired and the last
login was more days in the past that account_cache_expiration, the entry is
deleted.
Groups are deleted if they are expired and and no user references them
(no user has memberof: attribute pointing at that group).
The parameter account_cache_expiration is not LDAP-specific, so that other
future backends might use the same timeout setting.
Fixes: #391
|
|
Do not attempt to validate expired entries in cache, just delete them.
Also increase the cache timeouts.
Fixes: #331
|
|
|
|
Also update BUILD.txt
|
