Learn more about these different git repos.
Other Git URLs
We propagate the ghost users within the nested group structure in order for the parent groups to inherit members from their siblings inside the memberof plugin. However, the memberof plugin does not implement the reverse operation - deleting the members when the sibling is removed from the directory.
This leads to users being reported as group members forever if their direct parent is removed from LDAP.
Steps to reproduce: 1. create two groups - mid and top 2. create a user 3. make the user a direct member of mid group 4. add the mid group as a member of top level group 5. getent group top -- you should see the user reported as a member 6. delete the mid group 7. sss_cache -g mid to speed force a lookup from LDAP next time 8. getent group mid to attempt the LDAP lookup -- the LDAP lookup will fail and will remove the group from the directory 9. getent group top
Expected: mid is no longer present, so top should not contain mid's members
Actual: top still contains the members inherited from mid
Fields changed
owner: somebody => jhrozek patch: 0 => 1 status: new => assigned
milestone: NEEDS_TRIAGE => SSSD 1.9.3
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=880159
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=880159 880159]
resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.9.3
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2710
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.