On Mon, Oct 14, 2013 at 10:41:46AM +0200, Pavel Březina wrote: > On 10/12/2013 04:43 PM, JR Aquino wrote: > >This feels like a valid bug/typo. > > > >I think it may be worth a ticket > > Hi, > Benjamin is correct that it is a query to SSSD cache (sysdb). LDAP > attributes are mapped to sysdb attributes on the fly. Sysdb schema > doesn't necessarily have to correspond with LDAP schema. > > I don't recall specifically whether this was a design decision or it > is a typo, although the way how I feel it now, I think it is a > design decision since we always refer to sudo "rules" not "roles". > > I don't think it is something that should be changed.
I think we should document (blog post? Yassir's document?) that the cache itself uses LDAP-like searches, so any debug message you see coming from a sysdb_* function is really a cache search, not an LDAP search. We could also improve our debug messages by making sure it's clear they are really searching the server, currently I think we only use sdap_generic_search_ext() for a real network search. _______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
