Learn more about these different git repos.
Other Git URLs
We propagate the ghost users within the nested group structure in order for the parent groups to inherit members from their siblings inside the memberof plugin. However, the memberof plugin does not implement the reverse operation - deleting the members when the sibling is removed from the directory.
This leads to users being reported as group members forever if their direct parent is removed from LDAP.
Steps to reproduce:
1. create two groups - mid and top
2. create a user
3. make the user a direct member of mid group
4. add the mid group as a member of top level group
5. getent group top
-- you should see the user reported as a member
6. delete the mid group
7. sss_cache -g mid to speed force a lookup from LDAP next time
8. getent group mid to attempt the LDAP lookup
-- the LDAP lookup will fail and will remove the group from the directory
9. getent group top
mid is no longer present, so top should not contain mid's members
top still contains the members inherited from mid
owner: somebody => jhrozek
patch: 0 => 1
status: new => assigned
milestone: NEEDS_TRIAGE => SSSD 1.9.3
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=880159
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=880159 880159]
resolution: => fixed
status: assigned => closed
Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.9.3
to comment on this ticket.