jhrozek commented on a pull request """ On Wed, Aug 31, 2016 at 07:15:10AM -0700, lslebodn wrote: > On (31/08/16 01:47), sumit-bose wrote: > >On Wed, Aug 31, 2016 at 01:30:12AM -0700, Jakub Hrozek wrote: > >> On Wed, Aug 31, 2016 at 12:36:37AM -0700, sumit-bose wrote: > >> > On Tue, Aug 30, 2016 at 12:36:20PM -0700, Jakub Hrozek wrote: > >> > > On Tue, Aug 30, 2016 at 11:47:09AM -0700, lslebodn wrote: > >> > > > >> > > About the discussion I saw on #sssd in backscroll, the rfc2307bis > >> > > schema > >> > > only uses the member attribute because IIRC the RFC doesn't talk about > >> > > memberof at all. But in IPA, we know the specifics on the schema, so we > >> > > are able to dereference the memberof attribute to get a complete list > >> > > of > >> > > all groups with one call. > >> > > >> > Unfortunately it is more complicated with IPA because memberOf only > >> > contains the direct memberships, there is a second attribute > >> > memberofindirect which hold the indirect memberships. > >> > >> This is only how IPA UI displays indirect memberships, if you check the > >> memberships with ldapsearch, you'll see it's really only memberof. > > > >bummer, you are right, I thought the --raw option of ipa user-show really > >means 'raw' but it looks some of the values are still processed. > > > >Sorry for the noise. > > > I haven't found any regression caused by this patch. > So at least; issues in ipa-trust test are not caused by this bug. >
CI: http://sssd-ci.duckdns.org/logs/job/52/88/summary.html """ See the full comment at https://github.com/SSSD/sssd/pull/7#issuecomment-244052286
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org