Martin Kosek wrote:
How to test:

1) Add some nested membership relationships:
$ ipa group-add --desc=foo group1
$ ipa group-add --desc=foo group2
$ ipa user-add --first=Foo --last=Bar foobar

$ ipa role-add-member helpdesk --groups=group2
$ ipa group-add-member group2 --groups=group1
$ ipa group-add-member group1 --users=foobar

2) Start receiving all SCOPE_SUBTREE (scope=2) searches in LDAP:
# tail -f /var/log/dirsrv/slapd-IDM-LAB-BOS-REDHAT-COM/access | grep SRCH | grep 
"scope=2" | grep -v krbprincipalaux

3) Do some -show commands to see the unnecessary SCOPE_SUBTREE (scope=2)
searches we do to get memberships:

$ ipa role-show helpdesk --all --raw
$ ipa user-show foobar --all --raw
etc.

Martin

ACK, pushed to master and ipa-2-1

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to