On (31/08/16 13:24), Simo Sorce wrote:
>On Wed, 2016-08-31 at 17:41 +0200, Michal Židek wrote:
>> Hi,
>>
>> here is patch for ticket #3161.
>>
>> See more in the ticket description.
>>
>> I was thinking why we originally replaced
>> the lists and I think it comes from confusion
>> on how we handle the same keys in single
>> GPO ini file, however that is handled by
>> libini not by SSSD.
>
>Sorry to come to this late, but do you have a documentation reference
>that says that merging is the correct behavior ?
>I forgot a lot about how multiple GPOs are supposed to be merged but I
>seem to recall there may be a policy that actually controls how merging
>is done.
>
>CCing Günther who has worked around GPO processing a few years ago.
>
I do not think either that patch is correct.
Downstream test failed for me.
I am not sure whetther following part would be helpful
but here is a simplified bash version.
Unfortunatelly, I do not know what is allowed by
"SSSD Site Policy" and "SSSD Domain Policy"
# Link a GPO object
# Args: order gpo_name target
# Example: gpo_link "SSSD Domain GPO" "DC=example,DC=com"
function gpo_link()
# Unlink a GPO object
# Args: gpo_name target
# Example: gpo_unlink "SSSD Domain GPO" "DC=example,DC=com" ... N
function gpo_unlink()
# The order in which the gpos are link does matter, so its relinked.
gpo_unlink "SSSD Site Policy" "Default-First-Site-Name"
gpo_link "SSSD Domain Policy" "$AD_SERVER1_BASEDN"
gpo_link "SSSD Site Policy" "Default-First-Site-Name"
CCing Stephen who helped with GPO in past and reviewed gpo test-cases
LS
_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]
