Re: [SSSD] sssd nested groups and users.
by Sergei V. Kovylov
2011/3/3 Sergei V. Kovylov <serejka(a)gmail.com>:
> 2011/3/3 Dmitri Pal <dpal(a)redhat.com>:
>> On 03/03/2011 10:43 AM, Sergei V. Kovylov wrote:
>>> Hi All.
>>> It looks like I found another bug in sssd(latest git version).
>>> As I wrote previously we are in proccess of migration from FDS v.1.2.3
>>> to latest stable version and I see strange behaviour if group is a
>>> member of another group and has the same member as parent one and
>>> returns from ldap as second entry (first entry is user) then sssd
>>> doesn't show the rest of memebers in parent group.
>>> For example:
>>> cn=GROUP1,ou=groups,dc=domain:
>>> uniquemember: uid=user1,ou=users1,dc=domain
>>> uniquemember: uid=user1,ou=users2,dc=domain
>>> uniquemember: uid=user1,ou=users2,dc=domain
>>
>> It looks like you did some substitutions of the real users in the mail.
>> Are you sure that the examples you sent correctly reflect the actual
>> situation?
>> The example as written does not make much sense.
Yes correct, I did.
Yes the situation is correct and I was really surprised about it.
Unfourtunately, debug mode shows nothing.
>
>>
>>> cn=GROUP2,ou=groups,dc=domain:
>>> uniquemember: uid=user1,ou=users1,dc=domain
>>> uniquemember: cn=GROUP1,ou=groups,dc=domain
>>>
>>> In this case sssd never sets all users in GROUP1, except user1, as
>>> members of GROUP2.
>>> BUT, if we have
>>> cn=GROUP1,ou=groups,dc=domain:
>>> uniquemember: uid=user1,ou=users1,dc=domain
>>> uniquemember: uid=user1,ou=users2,dc=domain
>>> uniquemember: uid=user1,ou=users2,dc=domain
>>>
>>> cn=GROUP2,ou=groups,dc=domain:
>>> uniquemember: cn=GROUP1,ou=groups,dc=domain
>>> uniquemember: uid=user1,ou=users1,dc=domain
>>>
>>> Then everything is correct.
>>> I'm still exploring this issue, but, as I'm not a developer of ssd, it
>>> takes some time to understand all internal mechanisms. So maybe you
>>> know about it already and have some steps to solve it.
>>> _______________________________________________
>>> sssd-devel mailing list
>>> sssd-devel(a)lists.fedorahosted.org
>>> https://fedorahosted.org/mailman/listinfo/sssd-devel
>>
>>
>> Let me rephrase the use case:
>> 1) There is a Group1 that has users u1,u2,u3,...
>> 2) There is a Group2 that has users u1,...
>> 3) Group2 is nested into Group1
>> 4) Issue: if while processing Group 1 the nested group Group 2 not
>> processed first (before other users) then users from Group 2 are not
>> seen. If the Group 2 happens to be processed before other users in Group
>> 1 then all members of Group 1 are shown correctly.
>>
>> Right?
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
Yes that's right.
13 years, 1 month
sssd nested groups and users.
by Sergei V. Kovylov
Hi All.
It looks like I found another bug in sssd(latest git version).
As I wrote previously we are in proccess of migration from FDS v.1.2.3
to latest stable version and I see strange behaviour if group is a
member of another group and has the same member as parent one and
returns from ldap as second entry (first entry is user) then sssd
doesn't show the rest of memebers in parent group.
For example:
cn=GROUP1,ou=groups,dc=domain:
uniquemember: uid=user1,ou=users1,dc=domain
uniquemember: uid=user1,ou=users2,dc=domain
uniquemember: uid=user1,ou=users2,dc=domain
cn=GROUP2,ou=groups,dc=domain:
uniquemember: uid=user1,ou=users1,dc=domain
uniquemember: cn=GROUP1,ou=groups,dc=domain
In this case sssd never sets all users in GROUP1, except user1, as
members of GROUP2.
BUT, if we have
cn=GROUP1,ou=groups,dc=domain:
uniquemember: uid=user1,ou=users1,dc=domain
uniquemember: uid=user1,ou=users2,dc=domain
uniquemember: uid=user1,ou=users2,dc=domain
cn=GROUP2,ou=groups,dc=domain:
uniquemember: cn=GROUP1,ou=groups,dc=domain
uniquemember: uid=user1,ou=users1,dc=domain
Then everything is correct.
I'm still exploring this issue, but, as I'm not a developer of ssd, it
takes some time to understand all internal mechanisms. So maybe you
know about it already and have some steps to solve it.
13 years, 1 month
