#2294 In sssd.conf, setting "ldap_group_nesting_level = 0" does not appear to work
Closed: Fixed None Opened 5 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1082633

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:
On rhel6.4 configured as AD client using sssd, running
ssd-1.9.2-129.el6_5.4.x86_64 ( with RFC2307bis).  With ldap_group_nesting_level
= 0   should block the nesting operations.  However it seems that sssd is
ignoring the this value set for option.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. in the sssd.conf ,   in the domain section,  define the following parameter

ldap_group_nesting_level = 0

2. restart the sssd service,
3. Create or modify userA  and  Group_A, Group_B, Group_C.
4. Make Group_B  member of Group_A & Group_C member of Group_B
5. With User_A member of Group_C,  the id
Actual results:
With ldap_group_nesting set to "0",   run  '$ id UserA'
and the output will show GroupA, GroupB, GroupC

Expected results:

UserA in GroupC =  Without Nesting should show C only
UserA in GroupB =  Without Nesting should show B only

Additional info:

Here is a preliminary patch written when triaging the case originally:

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.6

Fields changed

owner: somebody => jhrozek

Fields changed

owner: jhrozek => preichl
status: new => assigned

Fields changed

patch: 0 => 1

Pushed to master:
- 69994ad
- c30f1d0
- 3c18993
and to sssd-1-11:
- 4221bd7
- 98052f6
- e97a7f5

_comment0: Pushed to master:
and to sssd-1-11:
=> 1401729487304105
resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to preichl
- Issue set to the milestone: SSSD 1.11.6

2 years ago

Login to comment on this ticket.