New SSS_NSS_GETORIGBYUSERNAME_WITH_GROUPS 'sss_client' command#8800
Draft
alexey-tikhonov wants to merge 6 commits into
Draft
New SSS_NSS_GETORIGBYUSERNAME_WITH_GROUPS 'sss_client' command#8800alexey-tikhonov wants to merge 6 commits into
SSS_NSS_GETORIGBYUSERNAME_WITH_GROUPS 'sss_client' command#8800alexey-tikhonov wants to merge 6 commits into
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
alexey-tikhonov
force-pushed
the
SSS_NSS_GETORIGBYUSERNAME-ext
branch
2 times, most recently
from
a8f2f1a to
6b320ed
Compare
alexey-tikhonov
changed the title
SSS_NSS_GETORIGBYUSERNAME response to include group membership (group names)SSS_NSS_GETORIGBYUSERNAME_WITH_GROUPS 'sss_client' command
alexey-tikhonov
force-pushed
the
SSS_NSS_GETORIGBYUSERNAME-ext
branch
from
6b320ed to
de1be54
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
alexey-tikhonov
force-pushed
the
SSS_NSS_GETORIGBYUSERNAME-ext
branch
2 times, most recently
from
dce3be9 to
26576dc
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
Helper to be used in a following patch.
alexey-tikhonov
force-pushed
the
SSS_NSS_GETORIGBYUSERNAME-ext
branch
2 times, most recently
from
b022c5b to
d802114
Compare
alexey-tikhonov
force-pushed
the
SSS_NSS_GETORIGBYUSERNAME-ext
branch
from
d802114 to
21245a6
Compare
alexey-tikhonov
force-pushed
the
SSS_NSS_GETORIGBYUSERNAME-ext
branch
from
21245a6 to
c3ed275
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
alexey-tikhonov
force-pushed
the
SSS_NSS_GETORIGBYUSERNAME-ext
branch
from
c3ed275 to
d5f9d7c
Compare
alexey-tikhonov
force-pushed
the
SSS_NSS_GETORIGBYUSERNAME-ext
branch
from
d5f9d7c to
6e9b5cf
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
alexey-tikhonov
force-pushed
the
SSS_NSS_GETORIGBYUSERNAME-ext
branch
from
6e9b5cf to
ae485f3
Compare
Member
Author
|
/gemini review |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
alexey-tikhonov
force-pushed
the
SSS_NSS_GETORIGBYUSERNAME-ext
branch
from
ae485f3 to
ffed5fa
Compare
New NSS responder command similar to `getorigbyusername()` but additionally returns group membership names as key-value pairs in the response. The IPA extdom plugin currently resolves user group memberships via N+2 NSS round-trips: getorigbyusername (1), getgrouplist (1), then getgrgid per GID (N). New command returns "groupMembership" kv pairs with fully qualified group names directly in the 'getorigbyusername_with_groups' response, allowing to reduce the interaction to a single call. New command handler uses a two-phase flow: 1. CACHE_REQ_USER_BY_NAME to fetch user attributes 2. CACHE_REQ_INITGROUPS to ensure group cache freshness The fill function then reads groups from sysdb and appends them using the shared `nss_protocol_resolve_initgr_group()` helper. Assisted-By: Claude Code (Opus 4.6) Resolves: SSSD#3835
alexey-tikhonov
force-pushed
the
SSS_NSS_GETORIGBYUSERNAME-ext
branch
from
ffed5fa to
5298419
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
New NSS responder command similar to
getorigbyusername()but additionallyreturns group membership names as key-value pairs in the response.
The IPA extdom plugin currently resolves user group memberships via N+2
NSS round-trips: getorigbyusername (1), getgrouplist (1), then getgrgid
per GID (N). New command returns "groupMembership" kv pairs with
fully qualified group names directly in the 'getorigbyusername_with_groups'
response, allowing to reduce the interaction to a single call.
New command handler uses a two-phase flow:
The fill function then reads groups from sysdb and appends them using
the shared
nss_protocol_resolve_initgr_group()helper.