b22f24e LDAP: Only convert direct parents' ghost attribute to member

Authored and Committed by jhrozek 7 years ago
    LDAP: Only convert direct parents' ghost attribute to member
    
    https://fedorahosted.org/sssd/ticket/1612
    
    This patch changes the handling of ghost attributes when saving the
    actual user entry. Instead of always linking all groups that contained
    the ghost attribute with the new user entry, the original member
    attributes are now saved in the group object and the user entry is only
    linked with its direct parents.
    
    As the member attribute is compared against the originalDN of the user,
    if either the originalDN or the originalMember attributes are missing,
    the user object is linked with all the groups as a fallback.
    
    The original member attributes are only saved if the LDAP schema
    supports nesting.
    
        
file modified
+3 -0
file modified
+37 -8
file modified
+1 -1
file modified
+7 -6
file modified
+1 -1
file modified
+2 -1