On Wed, 2014-06-18 at 14:50 +0200, Sumit Bose wrote: > On Tue, Jun 17, 2014 at 04:44:20PM -0400, Yassir Elley wrote: > > > > > > ----- Original Message ----- > > > > > > > > > ----- Original Message ----- > > > > On Sun, Jun 15, 2014 at 07:08:55PM -0400, Yassir Elley wrote: > > > > > > > > > > > > > > > * You suggested using the name of the DC that SSSD is currently > > > > > connected > > > > > to in the smb uri (rather than the domain.name, which will require > > > > > libsmbclient to perform a DNS resolution). Is there an easy way to get > > > > > the > > > > > name of the DC that SSSD is currently connected to? I am having > > > > > trouble > > > > > finding it. > > > > > > > > > > > > > In struct ad_gpo_access_state you have a member struct sdap_id_conn_ctx > > > > *conn. conn->service->uri is the LDAP uri for the current connection. > > > > You can use calls from OpenLDAP or ldb to split it into components, picj > > > > the hostname and create the smb uri. > > > > > > > > In general the uri should always be available since you read the GPO > > > > data from LDAP before doing the smb operations. Nevertheless you can > > > > call be_resolve_server_send() to make sure it is set, see e.g. > > > > auth_get_server() how to use it. > > > > > > > > HTH > > > > > > > > bye, > > > > Sumit > > > > _______________________________________________ > > > > sssd-devel mailing list > > > > sssd-devel@lists.fedorahosted.org > > > > https://lists.fedorahosted.org/mailman/listinfo/sssd-devel > > > > > > > > > > I have attached a revised patch that modifies the smb uri to use the > > > server > > > name rather than the domain name. > > > > > > Thanks, > > > Yassir. > > > _______________________________________________ > > > sssd-devel mailing list > > > sssd-devel@lists.fedorahosted.org > > > https://lists.fedorahosted.org/mailman/listinfo/sssd-devel > > > > > > > Oops. Forgot to attach the patch. > > > > Yassir. > > Thank you, the patch is working as expected and now uses the hostname to > connect to the DC. But please use e.g. ldap_url_parse() from OpenLDAP to > split the url and take the hostname from the lud_host member of typedef > struct ldap_url_desc. The LDAP url can contain port numbers which would > currently cause troubles with your scheme. > > As a general comment, please try to split your patches into smaller > units. This would help to review them especially to compare multiple > versions of a patch. > > I have not looked at the child code in details yet, but I would like to > suggest a change in the workflow. I think the child should only download > the gpo file and save it at some place, e.g. /var/lib/sss/gpo_cache/ and > then the backend will read an process it. This way you already have the > file available in the offline case. When calling the child the backend > should provide the smb url and a location to store the result. The child > can e.g. return a checksum for the file which the backend can save > together with the download time in the sysdb cache in a subtree below > cn=custom (grep sysdb.h for 'custom' to find the related sysdb calls). > With the download time it would be even possible to specific cache > lifetime during which the gpo file will not be downloaded again to save > bandwidth. But this should be optional. > > What do you think?
Looks like excellent advice all around to me. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
