lslebodn commented on a pull request
"""
On (31/08/16 01:47), sumit-bose wrote:
On Wed, Aug 31, 2016 at 01:30:12AM -0700, Jakub Hrozek wrote:
> On Wed, Aug 31, 2016 at 12:36:37AM -0700, sumit-bose wrote:
> > On Tue, Aug 30, 2016 at 12:36:20PM -0700, Jakub Hrozek wrote:
> > > On Tue, Aug 30, 2016 at 11:47:09AM -0700, lslebodn wrote:
> > >
> > > About the discussion I saw on #sssd in backscroll, the rfc2307bis schema
> > > only uses the member attribute because IIRC the RFC doesn't talk about
> > > memberof at all. But in IPA, we know the specifics on the schema, so we
> > > are able to dereference the memberof attribute to get a complete list of
> > > all groups with one call.
> >
> > Unfortunately it is more complicated with IPA because memberOf only
> > contains the direct memberships, there is a second attribute
> > memberofindirect which hold the indirect memberships.
>
> This is only how IPA UI displays indirect memberships, if you check the
> memberships with ldapsearch, you'll see it's really only memberof.
bummer, you are right, I thought the --raw option of ipa user-show really
means 'raw' but it looks some of the values are still processed.
Sorry for the noise.
I haven't found any regression caused by this patch.
So at least; issues in ipa-trust test are not caused by this bug.
LS
"""
See the full comment at
https://github.com/SSSD/sssd/pull/7#issuecomment-243777706