jhrozek commented on a pull request """ On Wed, Aug 31, 2016 at 12:36:37AM -0700, sumit-bose wrote: > On Tue, Aug 30, 2016 at 12:36:20PM -0700, Jakub Hrozek wrote: > > On Tue, Aug 30, 2016 at 11:47:09AM -0700, lslebodn wrote: > > > > About the discussion I saw on #sssd in backscroll, the rfc2307bis schema > > only uses the member attribute because IIRC the RFC doesn't talk about > > memberof at all. But in IPA, we know the specifics on the schema, so we > > are able to dereference the memberof attribute to get a complete list of > > all groups with one call. > > Unfortunately it is more complicated with IPA because memberOf only > contains the direct memberships, there is a second attribute > memberofindirect which hold the indirect memberships.
This is only how IPA UI displays indirect memberships, if you check the memberships with ldapsearch, you'll see it's really only memberof. """ See the full comment at https://github.com/SSSD/sssd/pull/7#issuecomment-243695325
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
