On Wed, 16 Mar 2011 13:28:20 -0400 Stephen Gallagher <sgall...@redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Fixes https://fedorahosted.org/sssd/ticket/818 > > Patch 0001: Create sysdb_get_rdn() function > This function takes a DN formatted string and returns the RDN > value from it. Nack, please return both the value and the attribute name > Patch 0002: Add sysdb_attrs_primary_name() > This function will check a sysdb_attrs struct for the primary name > of the entity it represents. If there are multiple entries, it > will pick the one that matches the RDN. If none match, it will > throw an error. Nack please the attribute used in the RDN matches before checking the values. > Patch 0003: Handle multi-valued usernames correctly > Users in ldap with multiple values for their username attribute > will now be compared against the RDN of the entry to determine the > "primary" username. We will save all of the alternate names to the > ldb cache as well, so a lookup for any of them will return the > values for the primary name. > e.g. > getent passwd altusername > primaryuser:*:800014:800014:primaryuser:/home/primaryuser:/bin/sh Nack, turning SYSDB_NAME form a single valued attribute (as used throughout the code) to a multivalued attribute is a very dangerous proposition IMO. Although the current version of LDB always ends up returning values in the same order, fill_pwent() and other functions seem to be working only by accident now. I would rather use a different attribute name for aliases. This assuming we really want to allow aliases, I am personally still unconvinced it is a good idea. I would rather throw aliases away and allow only the canonical name to be stored in our cache. > Patch 0004: RFC2307: Handle multi-valued group names correctly > Groups in ldap with multiple values for their groupname attribute > will now be compared against the RDN of the entry to determine the > "primary" group name. We will save all of the alternate names to the > ldb cache as well, so a lookup for any of them will return the > values for the primary name. > e.g. > getent group altgroup > primarygroup:*:800014:member1,member2 > > Patch 0005: RFC2307bis: Handle multi-valued group names correctly > Groups in ldap with multiple values for their groupname attribute > will now be compared against the RDN of the entry to determine the > "primary" group name. We will save all of the alternate names to the > ldb cache as well, so a lookup for any of them will return the > values for the primary name. > e.g. > getent group altgroup > primarygroup:*:800014:member1,member2 > > > I tested with RFC2307, RFC2307bis and FreeIPA v2 data. I think the fact you are getting back the "right" name is happening by accident. Change the code to explicitly save the aliases first and add the canonical name last, and I think you will see the code to fail consistently to give you back the canonical name. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
