29 May
2012
29 May
'12
5:04 a.m.
On Tue, May 29, 2012 at 10:56:51AM +0200, Jan Zelený wrote:
On Mon, May 28, 2012 at 05:11:07PM +0200, Jan Zelený wrote:
The first patch (#131) adds the functionality and updates all parts of code which use it.
The second patch (#132) utilizes the exclusion when retrieving data for initgroups.
This breaks nested group processing in the IPA provider. We use the member attribute there to construct correct memberships between groups.
I'm pretty sure I tested IPA provider and everything was ok. Are you sure this applies to initgroups operation?
Thanks Jan
Yes, see sdap_initgr_store_user_memberships and sdap_initgr_nested_get_direct_parents