jhrozek commented on a pull request """ On Tue, Aug 30, 2016 at 11:47:09AM -0700, lslebodn wrote: > Please provide a test-case (probably a hierarchy of groups)
I was able to reproduce with: $ ipa group-show group20 Group name: group20 GID: 935600011 Member groups: group10, group11 Indirect Member users: user1 $ ipa group-show group10 Group name: group10 GID: 935600008 Member users: user1 Member of groups: group20 $ ipa group-show group11 Group name: group11 GID: 935600009 Member users: user1 Member of groups: group20 Before the patch, group20 wasn't resolved, after the patch it was. btw I had this group hierarhcy pre-created on my test IPA server which makes me wonder a bit how we didn't see this bug before, I'm sure I created it for some reason. Also I'm surprised a lot none of the downstream tests we were running caught the bug. About the discussion I saw on #sssd in backscroll, the rfc2307bis schema only uses the member attribute because IIRC the RFC doesn't talk about memberof at all. But in IPA, we know the specifics on the schema, so we are able to dereference the memberof attribute to get a complete list of all groups with one call. """ See the full comment at https://github.com/SSSD/sssd/pull/7#issuecomment-243553980
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
