Re: [SSSD] [PATCH] LDAP: Use domain-specific name where appropriate

Tue, 23 Jul 2013 07:14:14 -0700 

On Tue, 23 Jul 2013, Jakub Hrozek wrote:

The subdomain users user FQDN in their name attribute. However, handling
of whether to use FQDN in the LDAP code was not really good. This patch
introduces a utility function and converts code that was relying on
user/group names matching to this utility function.

This is a temporary fix until we can refactor the sysdb API in #2011.

Alexander, this patch fixed the username issues for me. I still see one
more problem -- on the first ID lookup, the user is reported as a member
of "Domain Users", but not on the subsequent lookups. This is unrelated
problem I'm looking into, but the attached patch is still correct.

Thanks. Now everything works except missing 'Domain users' group:

[root@master ~]# id administra...@ad.lan
uid=1442800500(administra...@ad.lan) gid=1442800500(administra...@ad.lan) 
группы=1442800500(administra...@ad.lan),1442800512(domain 
adm...@ad.lan),1442800519(enterprise adm...@ad.lan),1442800572(denied rodc 
password replication gr...@ad.lan),1442800518(schema 
adm...@ad.lan),1442800513(domain us...@ad.lan),1442800520(group policy creator 
own...@ad.lan)
[root@master ~]# id administra...@ad.lan
uid=1442800500(administra...@ad.lan) gid=1442800500(administra...@ad.lan) 
группы=1442800500(administra...@ad.lan),1442800520(group policy creator 
own...@ad.lan),1442800519(enterprise adm...@ad.lan),1442800512(domain 
adm...@ad.lan),1442800518(schema adm...@ad.lan),1442800572(denied rodc password 
replication gr...@ad.lan)
[root@master ~]# id administra...@ad.lan
uid=1442800500(administra...@ad.lan) gid=1442800500(administra...@ad.lan) 
группы=1442800500(administra...@ad.lan),1442800520(group policy creator 
own...@ad.lan),1442800519(enterprise adm...@ad.lan),1442800512(domain 
adm...@ad.lan),1442800518(schema adm...@ad.lan),1442800572(denied rodc password 
replication gr...@ad.lan)
[root@master ~]# python
Python 2.7.5 (default, Jul 8 2013, 09:48:59) [GCC 4.8.1 20130603 (Red Hat 4.8.1-1)] on linux2 
Type "help", "copyright", "credits" or "license" for more information.

import pysss
pysss.getgrouplist("administra...@ad.lan")

('administra...@ad.lan', 'group policy creator own...@ad.lan', 'enterprise 
adm...@ad.lan', 'domain adm...@ad.lan', 'schema adm...@ad.lan', 'denied rodc 
password replication gr...@ad.lan')


--
/ Alexander Bokovoy
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to