sssd.git/src/ldb_modules, branch 1.9.2-35

MEMBEROF: Keep inherited ghost users around on modify operation

2012-12-06T10:54:46+00:00

https://fedorahosted.org/sssd/ticket/1652

It is possible to simply reset the list of ghost users to a different one
during a modify operation. It is also actually how we update entries that
are expired in the SSSD cache.

In this case, we must be careful and retain the ghost users that are not
native to the group we are processing but are rather inherited from child
groups. The intention of the replace operation after all is to set the
list of direct members of that group, not direct and indirect.

MEMBEROF: Implement the modify operation for ghost users

2012-12-06T10:54:42+00:00

Similar to the add and delete operation, we also need to propagate the
changes of the ghost user attribute to the parent groups so that if a
nested group updates memberships, its parents also get the membership
updated.

MEMBEROF: Split the add ghost operation into a separate function

2012-12-06T10:54:36+00:00

This new function will be reused by the modify operation later

MEMBEROF: Split the del ghost attribute op into a reusable function

2012-12-06T10:54:33+00:00

This new function is going to be reused by the modify operation

MEMBEROF: split processing the member modify into a separate function

2012-12-06T10:54:30+00:00

This will allow to process ghost users in a similar fashion

MEMBEROF: Implement delete operation for ghost users

2012-12-06T10:54:27+00:00

https://fedorahosted.org/sssd/ticket/1668

The memberof plugin did only expand the ghost users attribute to
parents when adding a nested group, but didn't implement the reverse
operation.

This bug resulted in users being reported as group members even
after the direct parent went away as the expanded ghost attributes were
never removed from the parent entry.

When a ghost entry is removed from a group, all its parent groups are
expired from the cache by setting the expire timestamp to 1. Doing so
would force the SSSD to re-read the group next time it is requested in
order to make sure its members are really up-to-date.

MEMBEROF: Do not add the ghost attribute to self

2012-12-06T10:54:19+00:00

When a nested group with ghost users is added, its ghost attribute should
propagate within the nested group structure much like the memberuid
attribute. Unlike the memberuid attribute, the ghost attribute is only
semi-managed by the memberof plugin and added manually to the original
entry.

This bug caused LDB errors saying that attribute or value already exists
when a group with a ghost user was added to the hierarchy as groups were
updated with an attribute they already had.

Ghost members - modifications in memberof plugin

2012-05-31T19:46:27+00:00

memberof: free delete operation apyload once done

2011-04-14T15:46:35+00:00

Large memberof delete operations can cause quite a number of searches
and the results are attached to a delop operation structure.
Make sure we free this payload once the operation is done and these
results are not used anymore so that we get a smaller total memory footprint.

memberof: fix calculation of replaced members

2011-04-14T15:46:35+00:00

We were skipping the check on the next value in the added list when a match
was found for the currentr value being checked.