#1668 delete operation is not implemented for ghost users
Closed: Fixed None Opened 10 years ago by jhrozek.

We propagate the ghost users within the nested group structure in order for the parent groups to inherit members from their siblings inside the memberof plugin. However, the memberof plugin does not implement the reverse operation - deleting the members when the sibling is removed from the directory.

This leads to users being reported as group members forever if their direct parent is removed from LDAP.

Steps to reproduce:
1. create two groups - mid and top
2. create a user
3. make the user a direct member of mid group
4. add the mid group as a member of top level group
5. getent group top
-- you should see the user reported as a member
6. delete the mid group
7. sss_cache -g mid to speed force a lookup from LDAP next time
8. getent group mid to attempt the LDAP lookup
-- the LDAP lookup will fail and will remove the group from the directory
9. getent group top

mid is no longer present, so top should not contain mid's members

top still contains the members inherited from mid

Fields changed

owner: somebody => jhrozek
patch: 0 => 1
status: new => assigned

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.3

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.9.3

5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2710

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.