On Mon, Nov 26, 2012 at 12:00:44AM +0100, Jakub Hrozek wrote:
The memberof plugin did only expand the ghost users attribute to
parents when adding a nested group, but didn't implement the reverse
This bug resulted in users being reported as group members even
after the direct parent went away as the expanded ghost attributes were
never removed from the parent entry.
There seems to be a lot of similarlity between memberuid and ghost
attributes in the memberof plugin. Maybe the code would benefit from
soem more generic functions? But given the time contrainst, I would
prefer the refactoring to happend post-1.9.3.
We had a long discussion on the IRC with Simo. The tl;dr version is that
we should also expire parent groups when deleting their ghost attributes
to make sure that if the deleted attribute was in fact a direct member
of the parent group in addition to being inherited from the nested
group, the direct membership would be updated on the next lookup.