diff options
author | Sumit Bose <sbose@redhat.com> | 2015-04-28 17:20:05 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-05-06 05:58:23 +0200 |
commit | f643fadbd072a9d3725f5f750340d5b13628ce6a (patch) | |
tree | ab329f53a380b15d89c97f6627613d1eeeb3b130 /scripts | |
parent | 24905d4ecbf210687e385449448f5a5ec97d2833 (diff) | |
download | sssd-f643fadbd072a9d3725f5f750340d5b13628ce6a.tar.gz sssd-f643fadbd072a9d3725f5f750340d5b13628ce6a.tar.xz sssd-f643fadbd072a9d3725f5f750340d5b13628ce6a.zip |
IPA: update initgr expire timestamp conditionally
Newer versions of the extdom plugin return the full list of
group-memberships during user lookups. As a result the lifetime of the
group-membership data is updates in those cases. But if the user is not
looked up directly but is resolved as a group member during a group
lookup SSSD does not resolve all group-membership of the user to avoid
deep recursion and eventually a complete enumeration of the user and
group base. In this case the lifetime of the group-memberships should
not be updated because it might be incomplete.
Related to https://fedorahosted.org/sssd/ticket/2633
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit cffe3135f29c737f2598f3c1384bfba1694fb843)
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions