[Samba] Re: Winbind and AD groups containing groups
Charles Gruener
cjg9411 at rit.edu
Mon Nov 13 16:37:06 GMT 2006
>Michael Schurter wrote:
>> On Fri, 2006-11-10 at 12:34 -0600, Rex Dieter wrote:
>>> Gerald (Jerry) Carter wrote:
>>>> Charles, This is a known issue at the moment. If we did
>>>> a limited amount of nested group expansion (one level for
>>>> example, would that be ok)?
>>> For our deployment usecase, we'd need an absolute minimum of 3 levels of
>>> expansion, depending on the definition of level. For us we have:
>>
>> Could the level of recursion be a configuration parameter and just
>> default to 0? That would seem ideal as it would keep backwards
>> compatibility and offer the greatest level of control.
>
>Possibility. Myself and another dev here at Centeris
>are looking into this.
I know that in my case, I'd need a large level of recursion, say about 5 or
7 groups deep. What I don't understand is that "wbinfo -r username"
correctly returns all the groups the user belongs to. Couldn't this
information somehow be used to solve this issue?
Charles
More information about the samba
mailing list