On Mon, Sep 24, 2018 at 11:46:08AM -0400, Simo Sorce wrote: > On Mon, 2018-09-24 at 16:44 +0200, Michael Ströder wrote: > > On 9/24/18 4:22 PM, Simo Sorce wrote: > > > For groups I would expect us to merge memberships in rfc2307 mode, > > > > If you really want to implement such merging then please disable > > it by default. So that it must be explicitly enabled after careful > > consideration. > > Yes it would have to be optional and disabled by default, we do not > want to promote bad practices. > > What we can do to make the code more predictable (albeit slower) is to > always "reverse resolve" by gid (and by name) whenever a search by name > (or by gid) is performed, so duplicates are always consistently dealt > with (either first in alphabetic order only or always completely fail > to accept a group with duplicate gid (or name).
btw this is what the proxy provider does (why only the proxy provider I don't know..maybe because there we don't have any other means to detect what kind of an object this is, like original DN) _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
