History log of /sssd/src/tests/cmocka/test_sysdb_subdomains.c
Revision Date Author Comments Expand
24d8c85fae253f988165c112af208198cf48eef6 03-Nov-2016 Jakub Hrozek <jhrozek@redhat.com>

SYSDB: Augment sysdb_try_to_find_expected_dn to match search base as well In cases where the domain name in sssd.conf does not match the AD domain, our previous matching process wouldn't match. This patch augments the matching as follows: - the search base is known to sysdb_try_to_find_expected_dn and is expected to be non-NULL - the existing matching is ran first - during the search base, matching, all the non-DC components are stripped from the search base to 'canonicalize' the search base - if only a single entry that matches with a non-DC DN component (matching with a DC component would mean the DN comes from a different domain) then this entry is a match and is returned Resolves: https://fedorahosted.org/sssd/ticket/3199 Reviewed-by: Sumit Bose <sbose@redhat.com>

20348a30feb4be619b3b691c24c9be8131507c46 18-Jul-2016 Sumit Bose <sbose@redhat.com>

sysdb: make subdomain calls aware of upn_suffixes sysdb_subdomain_store() and sysdb_update_subdomains() can now update upn_suffixes as well. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

132b31fd5fb74a7627896cdceaf29c7601ed4795 18-Jul-2016 Sumit Bose <sbose@redhat.com>

sysdb: add UPN suffix support for the master domain sysdb_master_domain_update() and sysdb_master_domain_add_info() are now aware of the UPN suffix attribute. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

5ff7a765434ed0b4d37564ade26d7761d06f81c3 01-Mar-2016 Sumit Bose <sbose@redhat.com>

sdap: improve filtering of multiple results in GC lookups The Global Catalog of AD contains some information about all users and groups in an AD forest. Users from different domain in the forest can have the same name. The most obvious example is the Administrator user which is present in all domains. Although SSSD uses a domain specific search base for looking up users in the GC the search might still return multiple results if there is a user with the same name in one of the child (or grand-child ...) domains because of the hierarchic nature of the LDAP tree. Limiting the search depth would not help because users can be created in deeply nested OUs. Currently SSSD expects in this case that the user object is store in CN=Users or below. This works for all default users like Administrator but in general users can be created anywhere in the directory tree. If a user is created outside of CN=Users and there is a user with the same name in a child domain the initgroups command to look up the group-memberships of the user fails because it is not clear which of the two results should be used (initgroups for the child domain user works fine). This patch adds an additional scheme to select the right result based on the domain component attribute name 'dc'. This attribute indicates an additional component in the domain name and hence a child domain. So as long as the result contains a dc component following out search base it cannot be the object we are looking for. This scheme includes the old CN=Users based one but since it is more expensive I kept the old scheme which so far worked all the time and only use the new one if the old one fails. Resolves https://fedorahosted.org/sssd/ticket/2961 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

06d4c022874d4f12d70e79c3c749d52fe020dad6 14-Nov-2015 Lukas Slebodnik <lslebodn@redhat.com>

test_sysdb_subdomains: Do not use assignment in assertions Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

b5825c74b6bf7a99ae2172392dbecb51179013a6 21-Sep-2015 Jakub Hrozek <jhrozek@redhat.com>

UTIL: Convert domain->disabled into tri-state with domain states Required for: https://fedorahosted.org/sssd/ticket/2637 This is a first step towards making it possible for domain to be around, but not contacted by Data Provider. Also explicitly create domains as active, previously we only relied on talloc_zero marking dom->disabled as false. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

50c9d542e8bf641412debaa82a4dcf67ddb72258 18-Sep-2015 Lukas Slebodnik <lslebodn@redhat.com>

tests: Use unique name for TEST_PATH We had a cases in patch where two tests were using the same TEST_PATH and therefore they were stepping each other to the same files which caused failures. These failures are not easy to reproduce. This patch uses macro BASE_FILE_STEM for unique name. It should prevent copy&paste problem resulting to intermittent failures. @see also https://www.gnu.org/software/make/manual/html_node/Automatic-Variables.html Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

b50baee36c9ba9e1dd3f6b9c1356482aecd08128 14-Jun-2015 Jakub Hrozek <jhrozek@redhat.com>

SYSDB: Add a forest root attribute to sss_domain_info Instead of complex forest root search methods, establish forest root during subdomain list update. The subdomain code can then just use the forest_root pointer. Reviewed-by: Sumit Bose <sbose@redhat.com>

9af86b9c936d07cff9d0c2054acde908749ea522 14-Jun-2015 Jakub Hrozek <jhrozek@redhat.com>

SYSDB: Add realm to sysdb_master_domain_add_info Adding realm to both master domain and subdomain will make it easier to set and select forest roots. Even master domains can be forest members, it's preferable to avoid special-casing as much as possible. Includes a unit test. Reviewed-by: Sumit Bose <sbose@redhat.com>

526a15438525417cd701f837d7085b7f8c8a6325 14-Jun-2015 Jakub Hrozek <jhrozek@redhat.com>

TESTS: Add a test for sysdb_subdomains.c The sysdb_subdomains.c module should have its own sysdb test, not share the generic sysdb one. Reviewed-by: Sumit Bose <sbose@redhat.com>