Hi,
this series of patches continue the work Stephen has started in "[PATCHES] Support for netgroups in the NSS client and responder".
We decided to try to be as compatible to nss_ldap as possible, i.e. we do not any group unrolling or loop detection inside of sssd, but rely on glibc. To achieve this I added support to return netgroup member groups to the client and glibc. This is mostly done in 0003 and 0006. 0007 and 0008 add the necessary support to the LDAP provider.
There is one difference to nss_ldap. If a netgroup member is not specified by a plain name but by a DN nss_ldap just returns the DN string to glibc and then glibc searches for a netgroup where the name is the returned DN. Even nss_ldap cannot find a matching netgroup for this name. If sssd detects a DN in the member list it tries to translate it to the corresponding name of the netgroup. If this fails it will return the full DN.
The patches 0001 and 0002 fixes two errors in Stephen's patches.
bye, Sumit