On Thu, 09 Sep 2010 09:18:12 -0400 Stephen Gallagher <sgall...@redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 09/09/2010 09:14 AM, Ralf Haferkamp wrote: > > Hi, > > > > Is it really the intended behaviour of the sssd LDAP backend (I am > > running the current code from the master branch) to only return the > > group members that are already cached in sysdb and to silently > > ignore everything else? E.g. when I start sssd with empty caches > > and do a "getent group <random-ldap-group>" I will only get back > > the group without any members. Somehow I think this can't be > > intended :) > > > > I have started working on a patch to let sssd look up the > > non-cached users via LDAP (and save them into the cache). Find it > > attached. Note: That patch is not really complete (e.g. it doesn't > > handle rfc2307 groups correctly). But before putting more effort > > into this I like to make sure that I am not trying to fix a > > "feature" here. > > No, it is not intentional that groups should be missing users. This is > definitely a bug. Please file a ticket upstream. It is intended if enumerations are off. Thee reason is that you may end up effectively doing full user enumerations otherwise if you have a big group that contain all users. Not only that but it would be an inefficient enumeration as it would be repeated multiple times for each group. And if you have a *lot* of users this would defeat the point of disabling enumerations, making performances actually worse. So please do not change this without proper discussion. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel