[Freeipa-devel] [PATCH 154] ipa-kdb: map_groups() consider all results
Alexander Bokovoy
abokovoy at redhat.com
Tue Feb 2 08:21:15 UTC 2016
On Mon, 01 Feb 2016, Jakub Hrozek wrote:
>On Tue, Jan 05, 2016 at 07:55:33PM +0100, Sumit Bose wrote:
>> Hi,
>>
>> to find out to which local group a external user is mapped we do a
>> dereference search over the external groups with the SIDs related to the
>> external user. If a SID is mapped to more than one external group we
>> currently consider only the first returned match. With this patch all
>> results are taken into account. This makes sure all expected local group
>> memberships are added to the PAC which resolves
>> https://fedorahosted.org/freeipa/ticket/5573.
>
>I tested with an AD user who was a member of several IPA external groups. All
>groups were displayed. We also have positive feedback from several users
>who applied this patch.
>
>The code looks good to me as well, Sumit explained some parts I didn't
>understand on IRC.
>
>ACK from me..
... and ACK from me too.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list