Hi, we're using FreeIPA as LDAP backend and have met an issue with indirect group membership of users.
Indirect group membership means that user is member of group in LDAP but this group has additional attribute(s) defining that group is member of another group also. In example: # developers, groups, accounts, company.com dn: cn=developers,cn=groups,cn=accounts,dc=company,dc=com member: uid=name.surname,cn=users,cn=accounts,dc=company,dc=com member: uid=other.surname,cn=users,cn=accounts,dc=company,dc=com objectClass: top objectClass: groupofnames objectClass: nestedgroup objectClass: ipausergroup objectClass: ipaobject objectClass: posixgroup description: Developers cn: developers ipaUniqueID: aaa-bbb-12313f0b2a57 gidNumber: 394200323 memberOf: cn=rwicinga,cn=groups,cn=accounts,dc=company,dc=com memberOf: cn=swengineers,cn=groups,cn=accounts,dc=company,dc=com and so on And then, not surprisingly, user "name.surname" has listed group developers in icingaweb2, there is no groups rwicinga and/or swengineers although that user is member of them. Any hint how to prepare filter or is this usecase even supported? Thank you, regards .zp. -- Zdenek Pizl [email protected]
_______________________________________________ icinga-users mailing list [email protected] https://lists.icinga.org/mailman/listinfo/icinga-users
