[Freeipa-devel] [PATCH] Avoid listing a group as a memberOf itself
gjansen at redhat.com
Mon Apr 7 20:27:36 UTC 2008
Nathan Kinder wrote:
>> I'm not familiar with the directory server code at all, so forgive me
>> if this is obvious. Does your patch prevent memberships such as a ->
>> b -> a?
> No, it doesn't prevent you from creating any sort of loop with your
> member attribute values. The memberOf plug-in will detect loops to
> avoid recursive memberOf values though.
Should we detect these kinds of loops to protect buggy clients that do
not expect this? I know the PADL nss_ldap has proper loop detection for
this but other os's may not.
More information about the Freeipa-devel