Ticket #655 (closed enhancement: fixed)
Add a 'going online' callback to identity providers
|Reported by:||sgallagh||Owned by:||sbose|
|Coverity Bug:||Patch Submitted:|
|Red Hat Bugzilla:||0||Design link:|
|Design review:||Fedora test page:|
|Chosen:||Candidate to push out:|
Currently, the SSSD resets the offline flag for a backend whenever the routing table changes. This means that the next action that comes in that would require an online lookup will go to the network. At this time, any pending callbacks that are awaiting processing (e.g. the deferred offline kerberos authentication) will fire.
However, the problem is that the order of operations ends up behaving like this in a common scenario:
1) Turn on laptop (off the network) 2) Sign into your kerberos account with offline credentials 3) Connect to the VPN 4) Wait a while until some event happens that ends up connecting to the network for a lookup 5) Kerberos credentials are updated
We should add a method to the data provider interface (goingOnline) that will be triggered whenever the offline flag is reset due to a routing table change. The callback for this method should be provider-specific, but essentially perform a no-op network function to immediately test whether we actually are back online. For example, when this method is invoked for the LDAP provider, it should perform a rootDSE lookup.
- Priority changed from major to minor
- Milestone changed from NEEDS_TRIAGE to SSSD 1.5.0
- Resolution set to fixed
- Status changed from assigned to closed