On Thu, Feb 09, 2012 at 06:24:33PM +0100, Jan Zelený wrote: > > On Tue, Feb 07, 2012 at 04:35:21PM +0100, Jan Zelený wrote: > > > If all triplets of a netgroup are removed from LDAP server record, this > > > change won't be projected to the sysdb and all triplets will remain > > > there. The same situation will happen when removing all netgroup > > > members. > > > > > > This patch fixes these bugs and provides the possibility to fix similar > > > issues elsewhere. > > > > > > https://fedorahosted.org/sssd/ticket/1136 > > > > > > Thanks > > > Jan > > > > I think that situations like this was the reason we use the > > list_missing_attrs() function and then remove the "extra" attributes during > > save. I see that list_missing_attrs() is used only when saving users and > > services, not netgroups. Have you reproduced the bug with users or > > groups? (I see the patch also touches sdap_save_user()) > > > > Using list_missing_attrs() and extending sysdb_add_netgroup() (maybe > > with a sysdb_store_user() so the code is similar to users) seems like > > the proper fix to me. > > I looked at the code and I believe the best solution is actually to switch > the > original approach you are referring to to this new one I'm proposing. > > The entity (user/group/netgroup) in sysdb will always have only those > attributes set by sdap_attrs_add_*. Therefore it is IMO better to delete it > directly when preparing the replace operation instead of searching for these > attributes afterwards. This would also mean that the flag I'm setting is > redundant and the operation can be performed every time. Is there any case > which I'm missing and which would make my approach unusable? >
You'd have to also take care of options that are passed to sysdb_save_* directly not set into the attrs array with sdap_attrs_add - that's attributes like loginShell or gecos. So instead of calling list_missing_attrs() on one place just before the sysdb_save_* function, you'd have to check all the attributes manually and that's quite error-prone. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
