On Tue, Jan 05, 2016 at 07:55:33PM +0100, Sumit Bose wrote: > Hi, > > to find out to which local group a external user is mapped we do a > dereference search over the external groups with the SIDs related to the > external user. If a SID is mapped to more than one external group we > currently consider only the first returned match. With this patch all > results are taken into account. This makes sure all expected local group > memberships are added to the PAC which resolves > https://fedorahosted.org/freeipa/ticket/5573.
I tested with an AD user who was a member of several IPA external groups. All groups were displayed. We also have positive feedback from several users who applied this patch. The code looks good to me as well, Sumit explained some parts I didn't understand on IRC. ACK from me.. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code