URL: https://github.com/SSSD/sssd/pull/5613 Title: #5613: ipa: read auto_private_groups from id range if available
sumit-bose commented: """ Hi, thank you for the patches. So far I tested the `true` and `false` options in different trust setups and came across an issue if the trust is created with `--range-type=ipa-ad-trust-posix`. In this case only a single id-range for the forest root is created and the settings (basically the range-type) is inherited to all domains in the forest. This was done because we cannot know which POSIX IDs are used in which domain of the forest, so there will be an id-range for the whole forest which just blocks the given range of ID for other to use. If you now set `--auto-private-groups` to this id-range the patch currently only evaluats the option for the forest root, but the setting is not inherited to the other domains in the forest. A workaround is to add an id-range for each other domain in the forest but I think it would be better if the setting is inherited automatically if `--range-type=ipa-ad-trust-posix`. In `test_ipa_idmap.c` some test data is using `struct range_info` and the new `enum sss_domain_mpg_mode mpg_mode` is not initialized in the test data. bye, Sumit """ See the full comment at https://github.com/SSSD/sssd/pull/5613#issuecomment-832489140
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
