Description of problem: ipa group-show and group-find are only listing direct memberships and not the indirect membership from nested groups ... <snip> [root@dhcp-100-3-186 ipa-group-cli]# ipa group-show disneyworld Group name: disneyworld Description: Top Parent Group Member groups: animalkingdom, epcot Member users: wdisney [root@dhcp-100-3-186 ipa-group-cli]# ipa group-show epcot Group name: epcot Description: Park 2 Member groups: japan, germany Member users: euser1, euser2 [root@dhcp-100-3-186 ipa-group-cli]# ipa group-show germany Group name: germany Description: Country 1 Member users: guser1, guser2 [root@dhcp-100-3-186 ipa-group-cli]# ipa group-show japan Group name: japan Description: Country 2 Member users: juser1, juser2 [root@dhcp-100-3-186 ipa-group-cli]# ipa group-show animalkingdom Group name: animalkingdom Description: Park 1 Member groups: dinasaurs, fish Member users: trainer1, trainer2 [root@dhcp-100-3-186 ipa-group-cli]# ipa group-show dinasaurs Group name: dinasaurs Description: Animal type 1 Member users: trex, juser1 [root@dhcp-100-3-186 ipa-group-cli]# ipa group-show fish Group name: fish Description: Animal type 2 Member users: guser2, mdolphin </snip> Version-Release number of selected component (if applicable): ipa-server-1.91-0.2010091519git5fd09b0.fc12.i686 ipa-admintools-1.91-0.2010091519git5fd09b0.fc12.i686 How reproducible: always Steps to Reproduce: 1. add groups and user members as above description and show and/or find each group 2. 3. Actual results: groups only list direct user and group members. Expected results: parent groups would list all direct and indirect user and group members. Additional info:
From Rob: I was going to add this as a flag onto the show and find functions so we don't pay for membership by default, if that's ok. --members or something like that. Ticket opened: https://fedorahosted.org/freeipa/ticket/296 Note: We need to be consistent and do the same for other grouping objects.
master: c25d62965af9dffc655d659dfcd1f39e8d08e66c To test this do something like: * Create users user1 and user2 * Create groups g1 and g2 * Add user1 as a member of g1 * Add user2 as a member of g2 * Add g2 as a member of g1 * Show group g1, it should have 2 members: user1 and g2 and one indirect member g2