[Freeipa-devel] [PATCH] 0149: ipa-sam: ipa-sam: cache gid to sid and uid to sid requests in idmap cache
Sumit Bose
sbose at redhat.com
Wed Mar 12 10:02:02 UTC 2014
On Tue, Mar 11, 2014 at 11:04:29PM +0200, Alexander Bokovoy wrote:
> On Tue, 11 Mar 2014, Sumit Bose wrote:
> >On Tue, Mar 11, 2014 at 07:09:42PM +0200, Alexander Bokovoy wrote:
> >>Hi,
> >>
> >>
> >>Add idmap_cache calls to ipa-sam to prevent huge numbers of LDAP calls
> >>to the
> >>directory service for gid/uid<->sid resolution.
> >>
> >>Additionally, this patch further reduces number of queries by:
> >> - fast fail on uidNumber=0 which doesn't exist in FreeIPA,
> >> - return fallback group correctly when looking up user primary group as is
> >> done during init,
> >> - checking for group objectclass in case insensitive way
> >>
> >>Based on the patch by Jason Woods <devel at jasonwoods.me.uk>
> >>
> >>https://fedorahosted.org/freeipa/ticket/4234
> >>and
> >>https://bugzilla.redhat.com/show_bug.cgi?id=1073829
> >>https://bugzilla.redhat.com/show_bug.cgi?id=1074314
> >
> >I didn't had a chance to run some test so far, but here are my comments
> >for the code. I will run some tests tomorrow.
> Fixed the code according to the comments.
>
> I've also changed the patch author to Jason as majority of the work was
> done by him, I only made it closer to what is expected in Samba and
> FreeIPA.
Patch looks good and the basic functionality like adding a trust is
still working.
ACK
bye,
Sumit
>
> --
> / Alexander Bokovoy
More information about the Freeipa-devel
mailing list