We were testing an environment where a number Active Directory global groups were mapped to a single Unix group. If a user belongs to several groups that map to the same gid, that gid would be repeated in the groups list, taking up however many slots were required. With a 16 group limit, this can cause a problem. Example: Given active directory group AD_G1 is mapped to gid 20001, AD_G2 is mapped to 20001, G1 is a local group with gid 2001, and myUser belongs to Domain User, AD_G1, AD_G2, and G1. Running "id -a myUser" gives: uid=10000(myUser) gid=20000(Domain User) groups=20001(G1),20001(G1),20001(G1) Due to the linux base function, this would apply to all unix os.
Created attachment 437 [details] Patch to prevent return of duplicate gid's. Patch modifies function _nss_winbind_initgroups_dyn in nsswitch/winbind_nss_linux.c to check that a newly found gid is not already present in the return list.
Created attachment 459 [details] Fixed previous patch to search only assigned elements, not entire gid array length.
Fixed for 3.0.3rc1
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.