Blame SOURCES/slapi-0020-Use-extended-SSSD-API-to-signal-that-an-entry-should.patch

9c73bd
From 4cd8ef26ceb3f28d103d9b8381b025d9d3f087e5 Mon Sep 17 00:00:00 2001
9c73bd
From: Alexander Bokovoy <abokovoy@redhat.com>
9c73bd
Date: Thu, 7 Dec 2017 12:41:15 +0200
9c73bd
Subject: [PATCH] Use extended SSSD API to signal that an entry should not be
9c73bd
 cached anymore
9c73bd
9c73bd
When ID override is changed, we remove affected entry from the schema
9c73bd
compat subtrees. However, we should also signal to SSSD that ID override
9c73bd
did change and thus SSSD should stop caching the entry. As result, next
9c73bd
look up of the affected entry should cause a refresh of the data in
9c73bd
SSSD.
9c73bd
9c73bd
This is important for cases when group membership changes for AD users.
9c73bd
---
9c73bd
 src/back-sch.c | 12 ++++++++++++
9c73bd
 1 file changed, 12 insertions(+)
9c73bd
9c73bd
diff --git a/src/back-sch.c b/src/back-sch.c
9c73bd
index 1998765..4612051 100644
9c73bd
--- a/src/back-sch.c
9c73bd
+++ b/src/back-sch.c
9c73bd
@@ -2207,6 +2207,18 @@ backend_entry_evict_if_related(const char *group, const char *set, bool_t flag,
9c73bd
 
9c73bd
 		/* An entry corresponding to our target is found, evict it */
9c73bd
 		map_data_unset_entry(state, group, set, id);
9c73bd
+
9c73bd
+		/* Signal to SSSD that this entry is not cached anymore */
9c73bd
+		switch(set_data->check_nsswitch) {
9c73bd
+                case SCH_NSSWITCH_USER:
9c73bd
+			backend_nss_evict_user(state->nss_context, original_uid);
9c73bd
+			break;
9c73bd
+		case SCH_NSSWITCH_GROUP:
9c73bd
+			backend_nss_evict_group(state->nss_context, original_uid);
9c73bd
+			break;
9c73bd
+		default:
9c73bd
+			break;
9c73bd
+		}
9c73bd
 	}
9c73bd
 
9c73bd
 	slapi_ch_free_string(&id;;
9c73bd
-- 
9c73bd
2.14.3
9c73bd