Learn more about these different git repos.
Other Git URLs
When a user is both a member of group and the group's parent and then removed from the top group, he loses the memberof attribute towards the top group.
This is trivially reproducable with the local back end:
sss_useradd test1 sss_groupadd topgr sss_groupadd midgr sss_groupmod -a topgr midgr sss_usermod -a midgr user1 sss_usermod -a topgr user1
Now the topgr has member attribute towards both midgr and user1 and midgr contains user1 as member, too. The user1 also contains memberof to both topgr and midgr. The cache looks like this:
dn: name=midgr,cn=groups,cn=local,cn=sysdb createTimestamp: 1353063124 name: midgr objectClass: group isPosix: TRUE gidNumber: 1001 lastUpdate: 1353063124 dataExpireTimestamp: 0 memberof: name=topgr,cn=groups,cn=local,cn=sysdb member: name=user1,cn=users,cn=local,cn=sysdb memberuid: user1 distinguishedName: name=midgr,cn=groups,cn=local,cn=sysdb dn: name=topgr,cn=groups,cn=local,cn=sysdb createTimestamp: 1353063101 name: topgr objectClass: group isPosix: TRUE gidNumber: 1000 lastUpdate: 1353063101 dataExpireTimestamp: 0 member: name=midgr,cn=groups,cn=local,cn=sysdb member: name=user1,cn=users,cn=local,cn=sysdb memberuid: user1 distinguishedName: name=topgr,cn=groups,cn=local,cn=sysdb
After we remove user1 from the top group:
sss_usermod -r topgr user1
He loses his memberof attribute:
dn: name=user1,cn=users,cn=local,cn=sysdb createTimestamp: 1353063663 fullName: user1 gecos: user1 homeDirectory: /home/user1 loginShell: /bin/bash name: user1 objectClass: user uidNumber: 1003 gidNumber: 1003 memberof: name=midgr,cn=groups,cn=local,cn=sysdb distinguishedName: name=user1,cn=users,cn=local,cn=sysdb
Because midgr is still a member of topgr, he should have retained memberof into the top group.
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.9.4
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=881762
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=881762 881762]
owner: somebody => simo status: new => assigned
milestone: SSSD 1.9.4 => SSSD 1.10 beta
selected: => Not need
Moving tickets that are not a priority for SSSD 1.10 into the next release.
milestone: SSSD 1.10 beta => SSSD 1.11 beta
mark: => 0
Not a priority for 1.13. It would be better to ditch the memberof plugin completely.
changelog: => owner: simo => somebody priority: major => trivial review: => 0 status: assigned => new
milestone: SSSD 1.13 beta => SSSD 1.13 backlog
Mass-moving tickets not planned for any immediate release and re-setting priority.
milestone: SSSD 1.13 backlog => SSSD Deferred priority: trivial => major
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD Patches welcome
Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfill this request I am closing the issue as wontfix.
If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.
Thank you for understanding.
Metadata Update from @pbrezina: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2696
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.