Learn more about these different git repos.
Other Git URLs
These improvements were proposed by Simo on sssd-devel: https://fedorahosted.org/pipermail/sssd-devel/2010-September/004547.html
If we use rfc2307 classic with memberUid attributes, we can just create the fake/expired users and be done with it. The meberUid attribute contains the valid username so instead of fetching all users members of such a group we can simply create fake users and marked them expired (so if you call getpwnam(username) they will be refreshed).
The reason we need objects is that you need a DN to add a member to the group
Keep in mind that creating fake users may require other changes in the code to make sure they are never reported on enumerations or direct request. They will not have any valid attribute that we should report. I think we might set the UID to 0 and therefore have them autometically filtered, but it may make sense instead to not set any uidnumber at all and make sure that code does not abort but simply skip any user that does not have uidNumber set.
We could also add a new attribute with a flag, but I am not sure I like the solution as it requires us to check its presence and remove it when we refresh a user, making it easier to mess up if we forget in some code path.
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.2.4
owner: somebody => jhrozek
In 1.2, fixed by 5cdb4db
status: new => assigned
I'm closing this ticket. The porting to the master branch is now being tracked in ticket #646.
fixedin: => 1.2.4 resolution: => fixed status: assigned => closed tests: 0 => 1
rhbz: => 0
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.2.4
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/1667
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.