#960 ldap_*_search_base doesn't fully limit the group / netgroup search base correctly
Closed: Fixed None Opened 8 years ago by prefect.

A group within the ldap_group_search_base can contain a member group which is outside this search base. When SSSD then pulls down the members of that parent group it should not expand the group outside of the group search base. Currently this appears to get resolved, meaning groups from outside of the group search base are expanded.


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.7.0

We need to modify the RFC2307bis processing so that it checks whether groups in the 'member' attribute fall within the group search base. If they do not, they should be skipped.

owner: somebody => pbrezina

Fields changed

status: new => assigned

I just found out that similar issue is in netgroups code, please fix it there as well.

summary: ldap_group_search_base doesn't fully limit the group search base correctly => ldap_*_search_base doesn't fully limit the group / netgroup search base correctly

Fields changed

patch: 0 => 1

Fields changed

resolution: => fixed
status: assigned => closed

Metadata Update from @prefect:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.7.0

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2002

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata