#2235 MAN: Remove misleading memberof example from ldap_access_filter example
Closed: Fixed None Opened 5 years ago by jhrozek.

The example in man sssd-ldap uses the memberof attribute. That's fine per se, but many customers apparently think sssd can use the ldap_access_filter for nested groups, even if AD doesn't have transitive memberof attribute as IPA does. This causes a lot of user confusion.

We should change the example in the manpage and add a note that sssd-simple should be used for nested groups.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.5

Bumping the priority as this patch was requested by downstream.

priority: major => critical

Fields changed

owner: somebody => jhrozek
patch: 0 => 1
status: new => assigned

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.11.5

2 years ago

Login to comment on this ticket.