On Mon, 2018-09-24 at 16:44 +0200, Michael Ströder wrote: > On 9/24/18 4:22 PM, Simo Sorce wrote: > > For groups I would expect us to merge memberships in rfc2307 mode, > > If you really want to implement such merging then please disable > it by default. So that it must be explicitly enabled after careful > consideration.
Yes it would have to be optional and disabled by default, we do not want to promote bad practices. What we can do to make the code more predictable (albeit slower) is to always "reverse resolve" by gid (and by name) whenever a search by name (or by gid) is performed, so duplicates are always consistently dealt with (either first in alphabetic order only or always completely fail to accept a group with duplicate gid (or name). This check can be optimized on servers that support dereference controls. Simo. -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
