Hi,
the attached patches implement
https://fedorahosted.org/sssd/ticket/2553.
I'm sorry the patches took so long, but only during testing I realized the
deleting of users not updated by the wildcard lookup is flawed. In case
there were more entries in cache that match the wildcard than the limit
on the wildcard search, we might be deleting legitimate entries that might
contain cached credentials..
What I did instead was never remove any entries during wildcard lookups,
but instead, only return entries that were updated during the wildcard
lookup in the cache_req. That way, stale entries would be deleted by a
direct lookup (maybe as a result of getpwuid when examining a file) or
can be deleted by the cleanup task.
I'm a bit nervous about the LDAP changes, please review ruthlessly :-)
I would also like for the option defaults to be carefully checked during
review.
One question about the by-name-and-domain lookups -- should we check the
domain we receive from the cache_req is the same as we requested?
btw I really like how the cache_req and the infopipe code are structured. It
was quite easy to extend without any hacks.