On Wed, 2012-03-14 at 21:17 +0100, Olivier wrote: > Ok, I see the logic now ( although I'm not completely > convinced from a practical point of view to be honnest : > a user name could be defined somewhere else, in a > referal ldap for example. In that case, should it be an > overall group consistency problem if a memberuid was > uknown because a referal server is not accessible ? ). > memberuid cannot be resolved through a referral as it cannot contain a DN :-) however if you use the "member" attribute and rfc2307bis you could end up chasing a referral that is temporarily broken. In that case you'd have a resolution issue, not an "unknown" member.
I am not sure how sssd would handle a referral problem in this case, hopefully it would recognize the problem and just use a previously cached value. If it is the first lookup it would have no choice but to pretend the member did not exist until the next lookup. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
