Question: Merge groups with the same ids #167
Description
Hi, thank you for the nsscache, again, folks! I’d like to ask if I could make a PR with changes, that I have in my fork of nscache. It is a config flag, that turns on merging of the group members, if nsscache gets several groups with the same id from a source. I’ll give some context of why I needed that feature below.
I’ve implemented a layered concept of granting access to hosts. To grant an access to the host means to create user, provide an SSH pubkey and create or add this user to specific groups. Of course it is supported by a specific schema in LDAP (it’s used as a source) and search queries in nsscache configuration.
There are several layers (all hosts, a host of specific role and a specific host defined by FQDN), an access grant can be given at any layer. That leads to the case, where same groups can be referenced at any layer, with different number of members in them. If nsscache recieves groups with the same id, it prints warning message and drops one of them.
That’s why a made a change, to be able to provide a flag in configuration (like ldap.merge_groups_same_id = 1, or something like that) to change that behavior and to merge group members with similar ids.
Will such flag be useful in upstream? If yes, I’ll make a PR with this changes for review and merge. Thanks!