On (26/07/16 22:05), Sumit Bose wrote: >On Tue, Jul 26, 2016 at 06:06:48PM +0200, Jakub Hrozek wrote: >> On Tue, Jul 26, 2016 at 05:25:11PM +0200, Jakub Hrozek wrote: >> > On Tue, Jul 26, 2016 at 01:51:56PM +0200, Sumit Bose wrote: >> > > > > The third patch adds a sysdb call to recursively resolve all >> > > > > user-members of a group. Since the groups in SSSD's cache are >> > > > > hierarchically organized the member attribute only contains direct >> > > > > user and group members. To get all users the group members must be >> > > > > resolved recursively. >> > > > >> > > > Would dereferencing memberof:top-level-group yield different results? >> > > >> > > It worked in my testing but I have to admit that I'm not sure if it can >> > > be used reliable all the time, i.e. is independent of all the different >> > > lookup sequences you can have with nested groups. If you are sure it is >> > > reliable, the call can be simplified. >> > >> > This is how memberof is supposed to work. I haven't tested all >> > scenarios either (if there are some corner cases you'd like me to test, >> > just let me know), but if there are differences, I would say these would >> > be bugs in the memberof plugin and should be fixed. >> >> btw the patches seem to work fine, I tested getent passwd on an >> overriden user, getent group on a group this user is a memberof (both an >> AD group and an IPA group with an external group in it) and id of this >> user. >> >> All lookups show the expected data. Coverity is clean and CI passed. >> >> Therefore provisional ACK - the only remaining point remains the recursive >> member vs. memberof part. I don't mind accepting the patch as-is now, >> if we agree to open a ticket and switch to memberof later in 1.14. > >Please have a look at attached patch, it replaces the recursive member >based lookup by a (memberof=group_dn) search. It works well for me in >some basic tests. > >bye, >Sumit >
>From ee8ebcec8062d75e98da796b291973fd96d45b1c Mon Sep 17 00:00:00 2001 >From: Sumit Bose <sb...@redhat.com> >Date: Tue, 26 Jul 2016 21:30:41 +0200 >Subject: [PATCH] sysdb_get_user_members_recursively: use memberof search > >--- > src/db/sysdb_ops.c | 181 ++++------------------------------------ > src/tests/cmocka/test_nss_srv.c | 30 +++---- > 2 files changed, 33 insertions(+), 178 deletions(-) > Jakub, is there a reason why this patch has not been pushed to master yet? LS _______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
