#2294 In sssd.conf, setting "ldap_group_nesting_level = 0" does not appear to work
Closed: Fixed None Opened 6 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1082633

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:
On rhel6.4 configured as AD client using sssd, running
ssd-1.9.2-129.el6_5.4.x86_64 ( with RFC2307bis).  With ldap_group_nesting_level
= 0   should block the nesting operations.  However it seems that sssd is
ignoring the this value set for option.


Version-Release number of selected component (if applicable):
ssd-1.9.2-129.el6_5.4.x86_64

How reproducible:
Always



Steps to Reproduce:
1. in the sssd.conf ,   in the domain section,  define the following parameter

ldap_group_nesting_level = 0

2. restart the sssd service,
3. Create or modify userA  and  Group_A, Group_B, Group_C.
4. Make Group_B  member of Group_A & Group_C member of Group_B
5. With User_A member of Group_C,  the id
Actual results:
With ldap_group_nesting set to "0",   run  '$ id UserA'
and the output will show GroupA, GroupB, GroupC

Expected results:

UserA in GroupC =  Without Nesting should show C only
UserA in GroupB =  Without Nesting should show B only



Additional info:

Here is a preliminary patch written when triaging the case originally:
http://fedorapeople.org/cgit/jhrozek/public_git/sssd.git/log/?h=nesting

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.6

Fields changed

owner: somebody => jhrozek

Fields changed

owner: jhrozek => preichl
status: new => assigned

Fields changed

patch: 0 => 1

Pushed to master:
- 69994ad
- c30f1d0
- 3c18993
and to sssd-1-11:
- 4221bd7
- 98052f6
- e97a7f5

_comment0: Pushed to master:
69994ad
c30f1d0
3c18993
and to sssd-1-11:
4221bd7
98052f6
e97a7f5
=> 1401729487304105
resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to preichl
- Issue set to the milestone: SSSD 1.11.6

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3336

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata