Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ad: gpo evalute host groups #7131

Closed
wants to merge 4 commits into from
Closed

ad: gpo evalute host groups #7131

wants to merge 4 commits into from

Conversation

sumit-bose
Copy link
Contributor

With this patch the group-memberships of the client running SSSD are
included in the evaluation of the security filtering. Similar as in AD the
host object is more or less handled as a user object which allows to skip
some code dedicated to computers only.

Resolves: #5708

(backport of #7107)

@sumit-bose
LDAP: make groups_by_user_send/recv public
799ce71 
Resolves: SSSD#5708

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 9b73614)
@sumit-bose
ad: gpo evalute host groups
107a950 
With this patch the group-memberships of the client running SSSD are
included in the evaluation of the security filtering. Similar as in AD
the host object is more or less handled as a user object which allows
to skip some code dedicated to computers only.

Resolves: SSSD#5708

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit c02e09a)
@sumit-bose
sysdb: remove sysdb_computer.[ch]
a7cc6c0 
The related calls are not needed anymore.

Resolves: SSSD#5708

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit ff23e7e)
@sumit-bose
sdap: add set_non_posix parameter
2b452ec 
This patch adds a new parameter set_non_posix to the user and group
lookup calls. Currently the domain type is used to determine if the
search should be restricted to POSIX objects or not. The new option
allows to drop this restriction explicitly to look up non-POSIX objects.

Resolves: SSSD#5708

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 5f63d9b)
@alexey-tikhonov alexey-tikhonov added the no-backport This should go to target branch only. label Jan 15, 2024
thalman
thalman approved these changes Jan 30, 2024
View reviewed changes
Copy link
Contributor

@thalman thalman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the backport.

@alexey-tikhonov
Copy link
Member

Pushed PR: #7131

  • sssd-2-8
    • 0338470 - sdap: add set_non_posix parameter
    • 597d193 - sysdb: remove sysdb_computer.[ch]
    • 5635a8c - ad: gpo evalute host groups
    • 2e02801 - LDAP: make groups_by_user_send/recv public

@alexey-tikhonov alexey-tikhonov mentioned this pull request Jan 31, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thalman thalman thalman approved these changes

@pbrezina pbrezina pbrezina approved these changes

Assignees

@thalman thalman

@pbrezina pbrezina

Labels
no-backport This should go to target branch only. Pushed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@sumit-bose @alexey-tikhonov @thalman @pbrezina