|
 |
ad2a64 |
From 4cd8ef26ceb3f28d103d9b8381b025d9d3f087e5 Mon Sep 17 00:00:00 2001
|
|
|
ad2a64 |
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
ad2a64 |
Date: Thu, 7 Dec 2017 12:41:15 +0200
|
|
|
ad2a64 |
Subject: [PATCH] Use extended SSSD API to signal that an entry should not be
|
|
|
ad2a64 |
cached anymore
|
|
|
ad2a64 |
|
|
|
ad2a64 |
When ID override is changed, we remove affected entry from the schema
|
|
|
ad2a64 |
compat subtrees. However, we should also signal to SSSD that ID override
|
|
|
ad2a64 |
did change and thus SSSD should stop caching the entry. As result, next
|
|
|
ad2a64 |
look up of the affected entry should cause a refresh of the data in
|
|
|
ad2a64 |
SSSD.
|
|
|
ad2a64 |
|
|
|
ad2a64 |
This is important for cases when group membership changes for AD users.
|
|
|
ad2a64 |
---
|
|
|
ad2a64 |
src/back-sch.c | 12 ++++++++++++
|
|
|
ad2a64 |
1 file changed, 12 insertions(+)
|
|
|
ad2a64 |
|
|
|
ad2a64 |
diff --git a/src/back-sch.c b/src/back-sch.c
|
|
|
ad2a64 |
index 1998765..4612051 100644
|
|
|
ad2a64 |
--- a/src/back-sch.c
|
|
|
ad2a64 |
+++ b/src/back-sch.c
|
|
|
ad2a64 |
@@ -2207,6 +2207,18 @@ backend_entry_evict_if_related(const char *group, const char *set, bool_t flag,
|
|
|
ad2a64 |
|
|
|
ad2a64 |
/* An entry corresponding to our target is found, evict it */
|
|
|
ad2a64 |
map_data_unset_entry(state, group, set, id);
|
|
|
ad2a64 |
+
|
|
|
ad2a64 |
+ /* Signal to SSSD that this entry is not cached anymore */
|
|
|
ad2a64 |
+ switch(set_data->check_nsswitch) {
|
|
|
ad2a64 |
+ case SCH_NSSWITCH_USER:
|
|
|
ad2a64 |
+ backend_nss_evict_user(state->nss_context, original_uid);
|
|
|
ad2a64 |
+ break;
|
|
|
ad2a64 |
+ case SCH_NSSWITCH_GROUP:
|
|
|
ad2a64 |
+ backend_nss_evict_group(state->nss_context, original_uid);
|
|
|
ad2a64 |
+ break;
|
|
|
ad2a64 |
+ default:
|
|
|
ad2a64 |
+ break;
|
|
|
ad2a64 |
+ }
|
|
|
ad2a64 |
}
|
|
|
ad2a64 |
|
|
|
ad2a64 |
slapi_ch_free_string(&id;;
|
|
|
ad2a64 |
--
|
|
|
ad2a64 |
2.14.3
|
|
|
ad2a64 |
|