diff options
author | Sumit Bose <sbose@redhat.com> | 2015-04-28 17:20:05 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-05-05 16:02:35 +0200 |
commit | cffe3135f29c737f2598f3c1384bfba1694fb843 (patch) | |
tree | a3b4811da0abedd5f208ca0f084fd6e88de6462a /src/providers/ipa/ipa_id.h | |
parent | e87badc0f6fb20a443cf12bde9582ecbc2aef727 (diff) | |
download | sssd-cffe3135f29c737f2598f3c1384bfba1694fb843.tar.gz sssd-cffe3135f29c737f2598f3c1384bfba1694fb843.tar.xz sssd-cffe3135f29c737f2598f3c1384bfba1694fb843.zip |
IPA: update initgr expire timestamp conditionally
Newer versions of the extdom plugin return the full list of
group-memberships during user lookups. As a result the lifetime of the
group-membership data is updates in those cases. But if the user is not
looked up directly but is resolved as a group member during a group
lookup SSSD does not resolve all group-membership of the user to avoid
deep recursion and eventually a complete enumeration of the user and
group base. In this case the lifetime of the group-memberships should
not be updated because it might be incomplete.
Related to https://fedorahosted.org/sssd/ticket/2633
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers/ipa/ipa_id.h')
0 files changed, 0 insertions, 0 deletions