URL: https://github.com/SSSD/sssd/pull/89
Title: #89: nss: rewrite nss responder so it uses cache_req
lslebodn commented:
"""
Few multi domain tests failed: The first one was related to enumeration. Other
failures probably as well.
```
[sssd
domains = LOCAL,LDAP
services = nss, pam
[nss]
filter_groups = root
filter_users = root
[pam]
[domain/LOCAL]
enumerate = TRUE
id_provider = local
max_id = 2010
min_id = 2000
use_fully_qualified_names = TRUE
[domain/LDAP]
cache_credentials = FALSE
enumerate = TRUE
id_provider = ldap
ldap_uri = ldaps://$SERVERS:636
ldap_tls_cacert = /etc/openldap/certs/cacert1.asc
ldap_user_search_base = ou=people,dc=example,dc=com
ldap_group_search_base = ou=groups,dc=example,dc=com
max_id = 1010
min_id = 1000
use_fully_qualified_names = TRUE
```
and related test:
```
//add 2 ldap users user1 puser2 and two local users
sss_useradd -u 2000 -h /home/user2000 -s /bin/bash user2000@LOCAL
sss_useradd -u 2001 -h /home/user2001 -s /bin/bash user2001@LOCAL
//wailt a bit for finished enumeration
sleep 10
getent -s sss passwd
# verify user enumeration
# Users that should be returned
RET=`getent -s sss passwd 2>&1`
for item in puser1@LDAP puser2@LDAP user2000@LOCAL user2001@LOCAL ; do
echo $RET | grep $item
if [ $? -ne 0 ] ; then
echo "ERROR: Expected $item user to be returned."
else
echo "Pass: $item user returned as expected."
fi
done
```
"""
See the full comment at
https://github.com/SSSD/sssd/pull/89#issuecomment-263638698
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
