Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
When the SSSD changes serves (and hence lastUSN) we perform a cleanup as
well. However, after recent changes, we didn't set the cleanup timestamp
correctly, which made the lastUSN logic fail.
|
|
Instead of always performing the cleanup on the main domain, the task
now accepts a sdap_domain structure to perform the cleanup on. This
change will make the cleanup task reusable for subdomains.
|
|
The LDAP cleanup request was asynchronous for no good reason, probably a
leftover from the days of async sysdb. This patch makes it sychronous
again, removing a lot of uneeded code.
|
|
The sysdb context is already available through the 'domain' structure.
|
|
Also remove sysdb_delete_domgroup()
|
|
|
|
Also remove sysdb_delete_domuser()
|
|
|
|
Currently it is only checked if an expired group still has members of
the local domain. If not, the group is delete from the cache. With this
patch the whole cache, i.e. including subdomains, is searched for
members.
|
|
Removing bad examples of usage of sysdb_transaction_start/commit/end
functions and making it more consistent (all files except of
src/db/sysdb_*.c).
|
|
|
|
|
|
This patch deletes memory context parameter in those places in sysdb
where it is not necessary. The code using modified functions has been
updated. Tests updated as well.
|
|
The patch also updates code using modified functions. Tests have also
been adjusted.
|
|
|
|
Without setting in_transaction=true, if the sysdb operations threw
an error, we wouldn't cancel the transaction.
|
|
|
|
We were cleaning up all groups that were expired and for which
there existed no user with memberOf: <thegroup> as an attribute.
This patch modifies the search to also check for cached users with
this group's GID as their primary GID.
Fixes https://fedorahosted.org/sssd/ticket/624
|
|
|
|
We need to make sure that if we didn't create the timeout, that we
cancel the request so there's no chance of ending up with two
enumerations/cleanups running simultaneously. We'll attempt to
reschedule later, if possible.
https://fedorahosted.org/sssd/ticket/524
|
|
|
|
|
|
|
|
|
|
When refactoring talloc_asprintf calls a check was left behind that
cased the backend to go offline immediately.
|
|
Implements a different mechanism for cleanup task. Instead of just
deleting expired entries, this patch adds a new option
account_cache_expiration for domains. If an entry is expired and the last
login was more days in the past that account_cache_expiration, the entry is
deleted.
Groups are deleted if they are expired and and no user references them
(no user has memberof: attribute pointing at that group).
The parameter account_cache_expiration is not LDAP-specific, so that other
future backends might use the same timeout setting.
Fixes: #391
|
|
Do not attempt to validate expired entries in cache, just delete them.
Also increase the cache timeouts.
Fixes: #331
|
|
|
|
Also update BUILD.txt
|