On Wed, Feb 26, 2014 at 11:14:33AM -0500, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/26/2014 10:08 AM, Jakub Hrozek wrote:
> On Mon, Feb 24, 2014 at 07:47:08PM +0100, Jakub Hrozek wrote:
>> The attached patch addresses:
>>
https://fedorahosted.org/sssd/ticket/2235
>>
>> The memberof example was misleading and was making aministrators
>> think that the ldap_access_filter can resolve nested group
>> memberships.
>>
>> The alternative I was considering was changing the example to use
>> a different attribute altogether, but I was struggling to come up
>> with an example that wouldn't be too artificial (like
>> ldap_access_filter=/bin/bash).
>
> Stephen's review seems to be stuck in mailman queue, so I'm sending
> a patch that contains his suggestion as a reply to myself.
>
> The employeeType attribute Stephen suggested is a good choice, I
> think.
>
If we're changing the cited example, I'm not sure we need to call out
the memberOf example anymore.
Hmm, initially I wanted to keep it in, because memberOf is what I see
used mostly in the field but you're right that when I don't think about
the context of the change and just read the man page text, it is
confusing to start talking about memberOf.
Another iteration of the patch is attached.