URL: https://github.com/SSSD/sssd/pull/300 Title: #300: LDAP: Fix nesting level comparison
justin-stephenson commented: """ @fidencio to test this I used Active Directory as a basic LDAP server and created a user(posixuser), a parent group(posixgrp), and a nested group(nestedgrp). posixuser is a member of posixgrp and posixgrp is a member of nestedgrp. I manually added uid/gid attributes to the user and each group and used the following SSSD configuration: ``` [domain/LDAP] id_provider = ldap auth_provider = ldap ldap_uri = ldap://justin-ad2012r2.ad.jstephen ldap_search_base = dc=ad,dc=jstephen ldap_schema = rfc2307bis ldap_tls_reqcert = never cache_credentials = true ldap_group_nesting_level = 0 ldap_user_object_class = person ldap_group_object_class = group ldap_default_bind_dn = CN=Administrator,CN=Users,DC=AD,DC=JSTEPHEN ldap_default_authtok = mypassword timeout = 3600 debug_level = 9 ``` After the patch, the parent groups of posixgrp should not be searched - this line should **not** be in the logs: `[sssd[be[LDAP]]] [rfc2307bis_nested_groups_next_base] (0x0400): Searching for parent groups of group [CN=posixgrp,CN=Users,DC=AD,DC=JSTEPHEN] with base [dc=ad,dc=jstephen]` """ See the full comment at https://github.com/SSSD/sssd/pull/300#issuecomment-311692281
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org