| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
| |
Groups may contain members from different domains. We need
to make sure that we always choose correct domain for subdomain
users when looking up in sysdb.
Resolves:
https://fedorahosted.org/sssd/ticket/2064
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
talloc_realloc(..., 0) calls talloc_free() and returns NULL.
If we process group that contains only users, we errornously
return ENOMEM.
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1894
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously an sdap_id_ctx was always tied to one domain with a single
set of search bases. But with the introduction of Global Catalog
lookups, primary domain and subdomains might have different search
bases.
This patch introduces a new structure sdap_domain that contains an sssd
domain or subdomain and a set of search bases. With this patch, there is
only one sdap_domain that describes the primary domain.
|
| | |
|
|
|
https://fedorahosted.org/sssd/ticket/1784
1. initialization (main-req), returns members of input group
2. evaluate group members (group)
3. perform individual search (no-deref) or dereference attribute (deref)
4a. no-deref
1. perform a lookup depending on the type of the member object
2. all direct members are evaluated first
3. then we step down in nesting level and evaluate nested groups
4b. deref
1. perform a dereference lookup on member attribute
2. all direct members are evaluated first
3. then we step down in nesting level and evaluate nested groups
Tevent request flow:
main-req
|
group
|------------------------|
no-deref deref
| |
|----|------|---------| |
user group unknown recurse recurse
/ \ | | | ... | | | ...
user group group group
|
