[Freeipa-devel] [PATCH] Avoid listing a group as a memberOf itself
Nathan Kinder
nkinder at redhat.com
Mon Apr 7 20:22:15 UTC 2008
Geert Jansen wrote:
> Nathan Kinder wrote:
>> If you create a circular grouping, a group will be listed as a
>> memberOf itself.
>>
>> We just need to do a check when processing any type of operation to
>> see if
>> we're attempting to use a group's DN as the value of memberOf on
>> itself. We
>> had a check like that for a fixup operation, but it needed to be
>> moved up in the
>> code so it's used for any operations.
>
> I'm not familiar with the directory server code at all, so forgive me
> if this is obvious. Does your patch prevent memberships such as a -> b
> -> a?
No, it doesn't prevent you from creating any sort of loop with your
member attribute values. The memberOf plug-in will detect loops to
avoid recursive memberOf values though.
-NGK
>
> Regards,
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080407/09b822de/attachment.bin>
More information about the Freeipa-devel
mailing list