Endi Sukma Dewata wrote:
On 6/13/2011 6:00 PM, Rob Crittenden wrote:
Endi Sukma Dewata wrote:
On 6/13/2011 2:45 PM, Rob Crittenden wrote:
Indirect membership is calculated by looking at each member and pulling
all the memberof out of it. What was missing was doing nested searches
on any members in that member group.
So if group2 was a member of group1 and group3 was a member of
group2 we
would miss group3 as being an indirect member of group1.
I updated the nesting test to do deeper nested testing. I confirmed
that
this test failed with the old code and works with the new.
ticket https://fedorahosted.org/freeipa/ticket/1273
NACK. If a user is an indirect member of a group via 2 different paths,
the user will be listed twice. Here is a test scenario:
Group 1 has 2 members: group 2 and group 3.
User X is a member of both group 2 and group 3.
Group 1's indirect members should only list the user X once. Currently
it is listed twice.
Patch and test case updated.
NACK. If there's a circular membership the code will run into an
infinite loop. Here's a test scenario:
Group 1 has 2 members: group 2 and group 3.
Group 2 is a member of group 3.
Group 3 is a member of group 2.
Run ipa group-show on group 1, the command doesn't return until it's
killed.
I think the solution will be to deny creating circular groups.
rob
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
