[Freeipa-devel] [PATCH] Avoid listing a group as a memberOf itself

Geert Jansen gjansen at redhat.com
Mon Apr 7 20:27:36 UTC 2008


Nathan Kinder wrote:
>>
>> I'm not familiar with the directory server code at all, so forgive me 
>> if this is obvious. Does your patch prevent memberships such as a -> 
>> b -> a?
> No, it doesn't prevent you from creating any sort of loop with your 
> member attribute values.  The memberOf plug-in will detect loops to 
> avoid recursive memberOf values though.

Should we detect these kinds of loops to protect buggy clients that do 
not expect this? I know the PADL nss_ldap has proper loop detection for 
this but other os's may not.

Geert




More information about the Freeipa-devel mailing list