On Wed, Jul 27, 2016 at 11:54:16AM +0200, Lukas Slebodnik wrote: > ehlo, > > attached patch fixes acces denied after activating user in 389ds. > Jakub had some comments/ideas in ticket but I think it's better to discuss > about virtual attributes and timestamp cache on mailing list.
Yes, so the comment I have is that while this works, it might break some strange LDAP servers. We use modifyTimestamp as a 'positive' indicator that the entry has not changed -- if the modifyTimestamp didn't change, we consider the cached entry the same as what is on the server and only bump the timestamp cache. If the timestamp is different, we do a deep-comparison of cached attribute values with what is on the LDAP server and write the sysdb cache entry only if the attributes differ. I was wondering if we can use the modifyTimestamp at all, then, because even if it's the same, we might want to check the attributes to see if some of the values are different because some of the attributes might be this operational/virtual attribute.. _______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
