On Tue, Oct 15, 2013 at 09:30:26PM +0200, Jakub Hrozek wrote: > On Mon, Oct 14, 2013 at 10:41:46AM +0200, Pavel Březina wrote: > > On 10/12/2013 04:43 PM, JR Aquino wrote: > > >This feels like a valid bug/typo. > > > > > >I think it may be worth a ticket > > > > Hi, > > Benjamin is correct that it is a query to SSSD cache (sysdb). LDAP > > attributes are mapped to sysdb attributes on the fly. Sysdb schema > > doesn't necessarily have to correspond with LDAP schema. > > > > I don't recall specifically whether this was a design decision or it > > is a typo, although the way how I feel it now, I think it is a > > design decision since we always refer to sudo "rules" not "roles". > > > > I don't think it is something that should be changed. > > I think we should document (blog post? Yassir's document?) that the cache > itself uses LDAP-like searches, so any debug message you see coming from > a sysdb_* function is really a cache search, not an LDAP search. > > We could also improve our debug messages by making sure it's clear they > are really searching the server, currently I think we only use > sdap_generic_search_ext() for a real network search.
Just as an additional point, the IPA native schema uses the "ipaSudoRule" objectclass. _______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
