URL: https://github.com/SSSD/sssd/pull/5693
Author: alexey-tikhonov
Title: #5693: Basics of 'subid ranges' support for IPA provider
Action: edited
Changed field: body
Original value:
"""
This is for preliminary review.
Limitations:
- only IPA provider
- single subid interval pair (subuid+subgid) per user
- idviews aren't supported
- only forward lookup (user -> subid)
Known TODOs:
- delete cached subid ranges in case "not found" on a server
- distinguish "user not found" vs "user doesn't have ranges defined"
To test:
- build shadow-utils from latest upstream (or get Fedora Rawhide build from
https://copr.fedorainfracloud.org/coprs/ipedrosa/subid_ranges/)
- build FreeIPA with https://github.com/freeipa/freeipa/pull/5713 (or ping me
for details of internal test setup)
- build SSSD with this PR (enabling `--with-subid`)
- edit /etc/nsswitch.conf: `subid: sss`
- use for example this
[utility](https://github.com/shadow-maint/shadow/blob/master/src/list_subid_ranges.c)
from shadow-utils upstream to fetch subid ranges from IPA server (or
`new?idmap`)
"""
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
