Re: [SSSD] [PATCH] MEMBEROF: Implement delete operation for ghost users

On Mon, Nov 26, 2012 at 12:00:44AM +0100, Jakub Hrozek wrote: > https://fedorahosted.org/sssd/ticket/1668 > > The memberof plugin did only expand the ghost users attribute to > parents when adding a nested group, but didn't implement the reverse > operation. > > This bug resulted in users being reported as group members even > after the direct parent went away as the expanded ghost attributes were > never removed from the parent entry. > > There seems to be a lot of similarlity between memberuid and ghost > attributes in the memberof plugin. Maybe the code would benefit from > soem more generic functions? But given the time contrainst, I would > prefer the refactoring to happend post-1.9.3. We had a long discussion on the IRC with Simo. The tl;dr version is that we should also expire parent groups when deleting their ghost attributes to make sure that if the deleted attribute was in fact a direct member of the parent group in addition to being inherited from the nested group, the direct membership would be updated on the next lookup.