URL: https://github.com/SSSD/sssd/pull/246 Title: #246: filter_users and filter_groups stop working properly in v 1.15
fidencio commented: """ On Tue, Apr 25, 2017 at 12:16 PM, Pavel Březina <notificati...@github.com> wrote: > Hi, we should solve this on cache_req level so we get the same resultt in > nss and ifp (and others) responders. What I had in mind was to create > another plugin function that will be called in the and of cache_req > process. I.e. something like this: > > /** * Filter the result through negative cache. * * This is useful for > plugins that don't use name as an input token but can be affected by > filter_users and filter_groups options. * * @return EOK If the object is > not found. * @return EEXIST If the object is found in negative cache. * > @return Other errno code in case of an error. */typedef errno_t > (*cache_req_ncache_filter_fn)(struct sss_nc_ctx *ncache, > struct sss_domain_info *domain, > struct ldb_message *msg); > > In the end, we should iterate over the result and pass each ldb_message to > the function (if defined) and remove it from the result if it is present in > the negative cache. > I had the same thought Yesterday but for doing this I'd have to expose some internals from NSS responder in order to actually have the name and group relative to the searched id ... as it is, IMO, too intrusive at this point. As it's a regression, I really would prefer to keep the patch fixing the regression and introduce the new cache_req module later on (without being worried on breaking something else right now). Anyways, it's up to you. Would you prefer to have these changes done *now*? > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub > <https://github.com/SSSD/sssd/pull/246#issuecomment-296985950>, or mute > the thread > <https://github.com/notifications/unsubscribe-auth/AAG4epUZ7M2riOZzAKK1x_WutGz-jVNqks5rzcfkgaJpZM4NGkQK> > . > """ See the full comment at https://github.com/SSSD/sssd/pull/246#issuecomment-296994965
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
