> On Tue, Feb 07, 2012 at 04:35:21PM +0100, Jan Zelený wrote: > > If all triplets of a netgroup are removed from LDAP server record, this > > change won't be projected to the sysdb and all triplets will remain > > there. The same situation will happen when removing all netgroup > > members. > > > > This patch fixes these bugs and provides the possibility to fix similar > > issues elsewhere. > > > > https://fedorahosted.org/sssd/ticket/1136 > > > > Thanks > > Jan > > I think that situations like this was the reason we use the > list_missing_attrs() function and then remove the "extra" attributes during > save. I see that list_missing_attrs() is used only when saving users and > services, not netgroups. Have you reproduced the bug with users or > groups? (I see the patch also touches sdap_save_user()) > > Using list_missing_attrs() and extending sysdb_add_netgroup() (maybe > with a sysdb_store_user() so the code is similar to users) seems like > the proper fix to me.
I looked at the code and I believe the best solution is actually to switch the original approach you are referring to to this new one I'm proposing. The entity (user/group/netgroup) in sysdb will always have only those attributes set by sdap_attrs_add_*. Therefore it is IMO better to delete it directly when preparing the replace operation instead of searching for these attributes afterwards. This would also mean that the flag I'm setting is redundant and the operation can be performed every time. Is there any case which I'm missing and which would make my approach unusable? Thanks Jan
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
