On 03/23/2012 08:52 AM, Sumit Bose wrote:
> these two patches introduce a new extended operation to the IPA server
> which can be used by clients in the IPA domain to obtain information
> about users and groups from trusted domains. Currently this exop is used
> by the sssd sub-domain patch to map user names from a trusted AD domain
> to a SID and back. There is also some code for other kind of requests
> which might become useful in future, e.g. with trusted IPA domain.
Are the mappings cached on the SSSD side?
> I added some unit test and added check for the check unit test framework
> for C (http://check.sourceforge.net/) which is used by sssd as well. I
> modified the spec file that the test is run during the build of the
> packages. I hope this is ok.
> The patches depend on the idmap library patch which was ACKed recently
> on sssd-devel and as mentioned before the sub-domain patches on
> sssd-devel can only be fully tested with an IPA server which has these
> patches applied.
> Since Alexander is currently rewriting parts of the ipa-adtrust-install
> utility I stand back from adding activation code for the exop to
> ipa-adtrust-install and will send a patch when Alexander's changes are
> available. So currently extdom-extop-conf.ldif has to be loaded manually
> after replacing $SUFFIX to activate the new exop.
> Freeipa-devel mailing list
Sr. Engineering Manager IPA project,
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-devel mailing list