From 31151541178e1ca23966db1d717913183c30cd80 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Fri, 27 Apr 2018 21:52:39 +0200
Subject: [PATCH] Improve docs/debug message about GC detection
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
---
 ...e-a-DEBUG-message-about-GC-detection.patch | 42 +++++++++++++++++++
 ...-MAN-Improve-docs-about-GC-detection.patch | 34 +++++++++++++++
 sssd.spec                                     |  3 ++
 3 files changed, 79 insertions(+)
 create mode 100644 0033-SDAP-Improve-a-DEBUG-message-about-GC-detection.patch
 create mode 100644 0034-MAN-Improve-docs-about-GC-detection.patch

diff --git a/0033-SDAP-Improve-a-DEBUG-message-about-GC-detection.patch b/0033-SDAP-Improve-a-DEBUG-message-about-GC-detection.patch
new file mode 100644
index 0000000..df640fd
--- /dev/null
+++ b/0033-SDAP-Improve-a-DEBUG-message-about-GC-detection.patch
@@ -0,0 +1,42 @@
+From ac1636acadcf8e799a93d799140e8ff2d533f313 Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek@redhat.com>
+Date: Tue, 23 Jan 2018 11:23:37 +0100
+Subject: [PATCH] SDAP: Improve a DEBUG message about GC detection
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+It was not entirely clear what the message means. We should improve the
+debug message to make it clear that all or none attributes should be
+replicated to the Global Catalog.
+
+This patch can be reverted once we fix
+https://pagure.io/SSSD/sssd/issue/3538 and only use the GC to look up
+the entry DN, not the entry itself.
+
+Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
+(cherry picked from commit 2d43eaf43540c375d39c5e1c2482595e919fb4df)
+---
+ src/providers/ldap/sdap_async.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
+index 76cfce207..1e77b1c3c 100644
+--- a/src/providers/ldap/sdap_async.c
++++ b/src/providers/ldap/sdap_async.c
+@@ -2720,7 +2720,11 @@ static void sdap_gc_posix_check_done(struct tevent_req *subreq)
+ 
+     /* Positive hit is definitive, no need to search other bases */
+     if (state->has_posix == true) {
+-        DEBUG(SSSDBG_FUNC_DATA, "Server has POSIX attributes\n");
++        DEBUG(SSSDBG_FUNC_DATA, "Server has POSIX attributes. Global Catalog will "
++                                "be used for user and group lookups. Note that if "
++                                "only a subset of POSIX attributes is present "
++                                "in GC, the non-replicated attributes are "
++                                "currently not read from the LDAP port\n");
+         tevent_req_done(req);
+         return;
+     }
+-- 
+2.14.3
+
diff --git a/0034-MAN-Improve-docs-about-GC-detection.patch b/0034-MAN-Improve-docs-about-GC-detection.patch
new file mode 100644
index 0000000..d9fe8d4
--- /dev/null
+++ b/0034-MAN-Improve-docs-about-GC-detection.patch
@@ -0,0 +1,34 @@
+From 1438765a294161b9b636e01ed86bc52c540183d3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
+Date: Thu, 12 Apr 2018 10:38:42 +0200
+Subject: [PATCH] MAN: Improve docs about GC detection
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Add the same note we have as part of our debug to the sssd-ad manual.
+
+Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
+Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
+(cherry picked from commit 4ab8734cc45fab2d1a0e690b566da1bda63df76c)
+---
+ src/man/sssd-ad.5.xml | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
+index be2593dca..f43c7fcf4 100644
+--- a/src/man/sssd-ad.5.xml
++++ b/src/man/sssd-ad.5.xml
+@@ -100,6 +100,9 @@ ldap_id_mapping = False
+             domains in the forest sequentially. Please note that the
+             <quote>cache_first</quote> option might be also helpful in
+             speeding up domainless searches.
++            Note that if only a subset of POSIX attributes is present in
++            the Global Catalog, the non-replicated attributes are currently
++            not read from the LDAP port.
+         </para>
+         <para>
+             Users, groups and other entities served by SSSD are always treated as
+-- 
+2.14.3
+
diff --git a/sssd.spec b/sssd.spec
index 8a0dfff..fdea454 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -74,6 +74,8 @@ Patch0029: 0029-nss-add-a-netgroup-counter-to-struct-nss_enum_index.patch
 Patch0030: 0030-sssctl-Showing-help-even-when-sssd-not-configured.patch
 Patch0031: 0031-sssctl-move-check-for-version-error-to-correct-place.patch
 Patch0032: 0032-MAN-Add-sss-certmap-man-page-regarding-priority-proc.patch
+Patch0033: 0033-SDAP-Improve-a-DEBUG-message-about-GC-detection.patch
+Patch0034: 0034-MAN-Improve-docs-about-GC-detection.patch
 
 Patch0502: 0502-SYSTEMD-Use-capabilities.patch
 Patch0503: 0503-Disable-stopping-idle-socket-activated-responders.patch
@@ -1290,6 +1292,7 @@ fi
                             configured
 - Resolves: upstream#3469 - extend sss-certmap man page regarding priority
                             processing
+- Improve docs/debug message about GC detection
 
 * Fri Mar 30 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-2
 - Resolves: upstream#3573 - sssd won't show netgroups with blank domain