On Thu, Dec 08, 2011 at 12:49:56PM -0500, Dmitri Pal wrote:
> On 12/08/2011 06:49 AM, Jakub Hrozek wrote:
> > On Thu, Dec 08, 2011 at 12:34:38PM +0100, Jakub Hrozek wrote:
> >> On Thu, Dec 08, 2011 at 11:02:05AM +0100, Jakub Hrozek wrote:
> >>> [PATCH 1/6] sss_utf8_tolower utility function+unit tests
> >>> This will be used later on to lowercase the usernames. Also includes
> >>> unit tests for the whole sss_utf8 module.
> >>>
> >>> [PATCH 2/6] Responders: Split getting domain by name into separate
> >>> function
> >>> A utility function originally written for the SUDO responder, but it
> >>> turns out it's useful earlier
> >>>
> >>> [PATCH 3/6] Use the case sensitivity flag in responders
> >>> Reads the configuration option and includes its handling in the
> >>> responders.
> >>> Unfortunately some parts like negative cache are more complex because one
> >>> domain can be case sensitive and another insensitive during multidomain
> >>> searches.
> >>>
> >>> [PATCH 4/6] Refactor saving sdap entities
> >>> There was too much code duplication between
> >>> sdap_save_{user,group,netgroup}
> >>> and my later patch would add even more. This patch removes the most
> >>> egregious
> >>> cases.
> >>>
> >>> [PATCH 5/6] Use the case sensitivity flag in the LDAP provider
> >>> When saving users,groups and netgroups, saves the lowercase version of
> >>> the name as an alias in addition to the original name that is still
> >>> stored as name as well as part of RDN.
> >>>
> >>> [PATCH 6/6] Use the case sensitivity flag in the simple access provider
> >>> Performs string comparisons in case sensitive or insensitive manner
> >>> depending on the configuration.
> >> I realized that dragging talloc into sss_utf8 (and by extension into
> >> libipa_hbac) is a bad idea, so I split the tolower function into one
> >> that does just tolower using the native library underneath it and a
> >> separate talloc wrapper.
> >>
> >> I also added a simple access provider unit test for case insensitivity.
> > One more thing - there's no support for proxy and LOCAL providers. I can
> > see value in implementing support for proxy when the overall approach is
> > deemed
> > correct, but I think we could defer the LOCAL support and just ignore
> > the flag in the LOCAL provider (and document that it's ignored
> > obviously)
>
> If we decide that this is the right thing can we open corresponding
> tickets and BZ, please?
Sure, I'll open the tickets if needed. There already is a bugzilla
(#735827)
_______________________________________________
sssd-devel mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/sssd-devel
