[Freeipa-devel] [PATCH 154] ipa-kdb: map_groups() consider all results
Jakub Hrozek
jhrozek at redhat.com
Mon Feb 1 17:22:01 UTC 2016
On Tue, Jan 05, 2016 at 07:55:33PM +0100, Sumit Bose wrote:
> Hi,
>
> to find out to which local group a external user is mapped we do a
> dereference search over the external groups with the SIDs related to the
> external user. If a SID is mapped to more than one external group we
> currently consider only the first returned match. With this patch all
> results are taken into account. This makes sure all expected local group
> memberships are added to the PAC which resolves
> https://fedorahosted.org/freeipa/ticket/5573.
I tested with an AD user who was a member of several IPA external groups. All
groups were displayed. We also have positive feedback from several users
who applied this patch.
The code looks good to me as well, Sumit explained some parts I didn't
understand on IRC.
ACK from me..
More information about the Freeipa-devel
mailing list