[Freeipa-devel] [PATCH] 798 Fix indirect member calculation
Endi Sukma Dewata
edewata at redhat.com
Tue Jun 14 00:00:41 UTC 2011
On 6/13/2011 6:00 PM, Rob Crittenden wrote:
> Endi Sukma Dewata wrote:
>> On 6/13/2011 2:45 PM, Rob Crittenden wrote:
>>> Indirect membership is calculated by looking at each member and pulling
>>> all the memberof out of it. What was missing was doing nested searches
>>> on any members in that member group.
>>>
>>> So if group2 was a member of group1 and group3 was a member of group2 we
>>> would miss group3 as being an indirect member of group1.
>>>
>>> I updated the nesting test to do deeper nested testing. I confirmed that
>>> this test failed with the old code and works with the new.
>>>
>>> ticket https://fedorahosted.org/freeipa/ticket/1273
>>
>> NACK. If a user is an indirect member of a group via 2 different paths,
>> the user will be listed twice. Here is a test scenario:
>>
>> Group 1 has 2 members: group 2 and group 3.
>> User X is a member of both group 2 and group 3.
>> Group 1's indirect members should only list the user X once. Currently
>> it is listed twice.
>
> Patch and test case updated.
NACK. If there's a circular membership the code will run into an
infinite loop. Here's a test scenario:
Group 1 has 2 members: group 2 and group 3.
Group 2 is a member of group 3.
Group 3 is a member of group 2.
Run ipa group-show on group 1, the command doesn't return until it's killed.
--
Endi S. Dewata
More information about the Freeipa-devel
mailing list