On Thu, Feb 09, 2012 at 06:05:30PM +0100, Jan Zelený wrote: > > > On Thu, 2012-02-09 at 13:46 +0100, Jakub Hrozek wrote: > > > > On Tue, Feb 07, 2012 at 01:40:39PM +0100, Jan Zelený wrote: > > > > > With all these changes happening in last two weeks, the IPA hosts > > > > > code was messy at best. This patch sorts out some of the mess. I > > > > > already did some testing: SELinux and HBAC seem to be working > > > > > correctly. Honza, please take a look and test this patch with your > > > > > SSH-related code. That is the last code that uses host fetching. > > > > > > > > > > If this patch makes it to master, I plan to do some more cleanup in > > > > > the HBAC code which is closely related to the code this patch > > > > > cleans. > > > > > > > > > > Thanks > > > > > Jan > > > > > > > > None of the new options is documented or has a configAPI entry. If > > > > that's intentional to avoid breaking string freeze, then there should > > > > be a ticket to track adding them. > > > > > > They still need to be in the sssd.api.d/sssd-ipa.conf file. We can omit > > > the strings from SSSDConfig.py to avoid breaking string freeze I guess. > > > But the API needs to not choke on them if they're specified in the > > > config file. > > > > > > Is this change necessary for the 1.8.0 release, or can we just fix it > > > properly (with option changes) in 1.9.0? > > > > I guess we can leave it for 1.9, the current state isn't breaking anything > > AFAIK. > > > > > > ...or... > > > > > > > > I was actually thinking if we want to document the IPA attribute maps > > > > at all. The options clutter the manual page and their value is > > > > questionable. Would anyone oppose *removing* all the attribute maps > > > > from the IPA manual page? Or at the very least moving them into some > > > > section down at the bottom where noone would be confused by the > > > > options. > > > > > > I'm in favor of removing any manpage entries that are of neglibible > > > utility (in 1.9.0, not 1.8.0). > > > > Agreed. I'll file a ticket for that. > > > > I'll send updated patch for master in a moment > > Filed ticket https://fedorahosted.org/sssd/ticket/1187 > > Patches are in attachment. > > Jan
The patch works fine but have you considered moving "sdap_attr_map *selinuxuser_map", host_map and hostgroup_map into struct ipa_options? It seems odd that the search bases are in struct ipa_options but maps are in sdap_options. Also ipa_options seems like a better fit for IPA-specific data. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
