Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1064908 - MAN: Remove misleading memberof example from ldap_access_filter example
Summary: MAN: Remove misleading memberof example from ldap_access_filter example
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-02-13 14:24 UTC by Dmitri Pal
Modified: 2014-06-18 04:06 UTC (History)
6 users (show)

Fixed In Version: sssd-1.11.2-50.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-13 13:18:49 UTC


Attachments (Terms of Use)

Description Dmitri Pal 2014-02-13 14:24:32 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2235

The example in man sssd-ldap uses the memberof attribute. That's fine per se, but many customers apparently think sssd can use the ldap_access_filter for nested groups, even if AD doesn't have transitive memberof attribute as IPA does. This causes a lot of user confusion.

We should change the example in the manpage and add a note that sssd-simple should be used for nested groups.

Comment 1 Jakub Hrozek 2014-02-26 17:28:35 UTC
Fixed upstream:
    master: 604d46e028ab62f83060fb88bdd3319a31aca2d1
    sssd-1-11: 1e45bf20032b4d984e02487bb39cb61210063ea9

Comment 3 Kaushik Banerjee 2014-03-03 19:40:43 UTC
Verified in manpage of sssd-ldap with sssd version 1.11.2-50.el7

Comment 4 Ludek Smid 2014-06-13 13:18:49 UTC
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.


Note You need to log in before you can comment on or make changes to this bug.