#1668 delete operation is not implemented for ghost users
Closed: Fixed None Opened 6 years ago by jhrozek.

We propagate the ghost users within the nested group structure in order for the parent groups to inherit members from their siblings inside the memberof plugin. However, the memberof plugin does not implement the reverse operation - deleting the members when the sibling is removed from the directory.

This leads to users being reported as group members forever if their direct parent is removed from LDAP.

Steps to reproduce:
1. create two groups - mid and top
2. create a user
3. make the user a direct member of mid group
4. add the mid group as a member of top level group
5. getent group top
-- you should see the user reported as a member
6. delete the mid group
7. sss_cache -g mid to speed force a lookup from LDAP next time
8. getent group mid to attempt the LDAP lookup
-- the LDAP lookup will fail and will remove the group from the directory
9. getent group top

Expected:
mid is no longer present, so top should not contain mid's members

Actual:
top still contains the members inherited from mid


Fields changed

owner: somebody => jhrozek
patch: 0 => 1
status: new => assigned

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.3

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.9.3

2 years ago

Login to comment on this ticket.

Metadata