Why does sssd ignores the group nesting level ( ldap_group_nesting_level) set to zero , in Red Hat Enterprise Linux 6?
Issue
-
To prevent sssd from performing nesting, setting up
ldap_group_nesting_level = 0in/etc/sssd/sssd.confdoes not have any effect. It seemssssdignore this option value and still does nesting operations. -
For example, on server, groups have below relation with each other:
GroupB is member of GroupA
GroupC is member of GroupB
UserA in GroupC = With nesting membership should show A,B, and C. Without Nesting should show C only
UserA in GroupB = With nesting membership should show A, and B. Without Nesting should show B only
- With ldap_group_nesting set to "0", if following command is executed:
$ id UserA
The output will show GroupA, GroupB, GroupC, but as mentioned above, it should only return GroupC.
Environment
- Red Hat Enterprise Linux 6.4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
