On 6/13/2011 10:28 PM, Rob Crittenden wrote:
Endi Sukma Dewata wrote:
NACK. If there's a circular membership the code will run into an
infinite loop. Here's a test scenario:

Group 1 has 2 members: group 2 and group 3.
Group 2 is a member of group 3.
Group 3 is a member of group 2.
Run ipa group-show on group 1, the command doesn't return until it's

I think the solution will be to deny creating circular groups.

It might be possible to avoid infinite loop this way:

    for member in checkmembers:

            (result, truncated) = self.find_entries(...)

            for m in result[0][1].get('member', []):

                # make sure the member is only added once
                if m in checkmembers:


Endi S. Dewata

Freeipa-devel mailing list

Reply via email to