On Fri, Jun 06, 2014 at 07:24:14PM +0200, Sumit Bose wrote: > Hi, > > I've created a design page about enhancing the extdom plugin to send the > list of groups of a user together with the POSIX data to IPA clients > with SSSD at > > http://www.freeipa.org/page/V4/Extdom_plugin_enhancement_grouplist > > For your convenience the text can be found below as well. > > Comments and suggestions are welcome. > > bye, > Sumit
I'm in favor of detecting the OID as well. If we can't detect the presence of the OID (maybe because the admin messed up with permissions to read the rootDSE), too bad, but you'd still get the full group memberships on login through the PAC responder. The LDAP error codes seem fragile and moreover we will run into the same issue later when/if we decide to extend the plugin further. As said earlier in a different thread, I don't think you need to worry about the FQDN format. I haven't tested that myself today, but I think we even disallow other formats in the server mode, because the slapi-nis plugin for legacy clients looks for "@" unconditionally. We should only warn and fail if the admin configured a custom FQDN in sssd.conf, I think. _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel