On Tue, Jul 26, 2016 at 01:51:56PM +0200, Sumit Bose wrote: > > > The third patch adds a sysdb call to recursively resolve all > > > user-members of a group. Since the groups in SSSD's cache are > > > hierarchically organized the member attribute only contains direct > > > user and group members. To get all users the group members must be > > > resolved recursively. > > > > Would dereferencing memberof:top-level-group yield different results? > > It worked in my testing but I have to admit that I'm not sure if it can > be used reliable all the time, i.e. is independent of all the different > lookup sequences you can have with nested groups. If you are sure it is > reliable, the call can be simplified.
This is how memberof is supposed to work. I haven't tested all scenarios either (if there are some corner cases you'd like me to test, just let me know), but if there are differences, I would say these would be bugs in the memberof plugin and should be fixed. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
