sssd.git/src/tests, branch 1.9.2-35

MEMBEROF: Keep inherited ghost users around on modify operation

2012-12-06T10:54:46+00:00

https://fedorahosted.org/sssd/ticket/1652

It is possible to simply reset the list of ghost users to a different one
during a modify operation. It is also actually how we update entries that
are expired in the SSSD cache.

In this case, we must be careful and retain the ghost users that are not
native to the group we are processing but are rather inherited from child
groups. The intention of the replace operation after all is to set the
list of direct members of that group, not direct and indirect.

MEMBEROF: Implement the modify operation for ghost users

2012-12-06T10:54:42+00:00

Similar to the add and delete operation, we also need to propagate the
changes of the ghost user attribute to the parent groups so that if a
nested group updates memberships, its parents also get the membership
updated.

MEMBEROF: Implement delete operation for ghost users

2012-12-06T10:54:27+00:00

https://fedorahosted.org/sssd/ticket/1668

The memberof plugin did only expand the ghost users attribute to
parents when adding a nested group, but didn't implement the reverse
operation.

This bug resulted in users being reported as group members even
after the direct parent went away as the expanded ghost attributes were
never removed from the parent entry.

When a ghost entry is removed from a group, all its parent groups are
expired from the cache by setting the expire timestamp to 1. Doing so
would force the SSSD to re-read the group next time it is requested in
order to make sure its members are really up-to-date.

TESTS: Test ghosts users in the RFC2307 schema

2012-12-06T10:54:23+00:00

MEMBEROF: Do not add the ghost attribute to self

2012-12-06T10:54:19+00:00

When a nested group with ghost users is added, its ghost attribute should
propagate within the nested group structure much like the memberuid
attribute. Unlike the memberuid attribute, the ghost attribute is only
semi-managed by the memberof plugin and added manually to the original
entry.

This bug caused LDB errors saying that attribute or value already exists
when a group with a ghost user was added to the hierarchy as groups were
updated with an attribute they already had.

LDAP: Only convert direct parents' ghost attribute to member

2012-11-21T10:18:10+00:00

https://fedorahosted.org/sssd/ticket/1612

This patch changes the handling of ghost attributes when saving the
actual user entry. Instead of always linking all groups that contained
the ghost attribute with the new user entry, the original member
attributes are now saved in the group object and the user entry is only
linked with its direct parents.

As the member attribute is compared against the originalDN of the user,
if either the originalDN or the originalMember attributes are missing,
the user object is linked with all the groups as a fallback.

The original member attributes are only saved if the LDAP schema
supports nesting.

Fix compare_principal_realm() check

2012-11-20T07:19:57+00:00

In case of a short UPN compare_principal_realm() erroneously returns an
error.

Add string_in_list() and add_string_to_list() with tests

2012-11-14T10:20:23+00:00

string_in_list() and add_string_to_list() are two utilities for NULL
terminated strings arrays. add_string_to_list() adds a new string to an
existing list or creates a new one with the strings as only item if
there is not list. string_in_list() checks if a given string is in the
list. It can be used case sensitive or in-sensitive.

Add diff_gid_lists() with test

2012-11-11T23:22:09+00:00

This patch adds a new call which compares a list of current GIDs with a
list of new GIDs and return a list of GIDs which are currently missing
and must be added and another list of GIDs which are not used anymore
and must be deleted. The method is the same as used by
diff_string_lists().

Use find_or_guess_upn() where needed

2012-11-04T23:14:05+00:00