On Fri, Jan 23, 2015 at 09:54:51PM +0100, Jakub Hrozek wrote:
> On Fri, Jan 23, 2015 at 09:26:27PM +0100, Jakub Hrozek wrote:
> > On Fri, Jan 23, 2015 at 04:39:03PM +0100, Sumit Bose wrote:
> > > Hi,
> > >
> > > this patch fixes an issue with the handling of universal groups. You can
> > > reproduce it with the following steps either with the AD provider in an
> > > AD forest with multiple domains or with the IPA provider and trust to an
> > > AD forest with multiple domains and a universal group:
> > > - start with an empty cache
> > > - getent group universal_gr...@dom1.ad
> > > - ldbsearch -H /path/to/cache name=universal_gr...@dom1.ad
> > >
> > > the cached object only has ghost members because no users are resolved
> > >
> > > - getent passwd group_mem...@dom2.ad
> > > - ldbsearch -H /path/to/cache name=universal_gr...@dom1.ad
> > >
> > > if a group member from a different domain than the group itself is
> > > resolved the ghost entry is not removed.
> > >
> > > bye,
> > > Sumit
> >
> > ACK
> >
> > tested on an IPA server with trusts.
>
> * master: fc2146c108e28d50bbf691925cedf9592142dd14
> * sssd-1-12: 20f4640cd4dbec3a91b615611a4adc418ffae91c
I forgot to send the CI link along with the ACK:
http://sssd-ci.idm.lab.eng.brq.redhat.com:8080/job/ci/662/
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
