<pre>Proposal to redesign the memberOf plugin (v1)
=============================================

Let us start with the following setup:

.. FIXME: This page is missing a image representing nestedgroups

::

    dn: name=Group A, cn=Groups, cn=default, cn=sysdb
    objectClass: group
    member: name=Group D, cn=Groups, cn=default, cn=sysdb
    member: name=User 1, cn=Users, cn=default, cn=sysdb
    member: name=User 2, cn=Users, cn=default, cn=sysdb
    member: name=User 3, cn=Users, cn=default, cn=sysdb
    member: name=User 4, cn=Users, cn=default, cn=sysdb
    member: name=User 5, cn=Users, cn=default, cn=sysdb
    memberOf: name=Group C, cn=Groups, cn=default, cn=sysdb

    dn: name=Group B, cn=Groups, cn=default, cn=sysdb
    objectClass: group
    member: name=Group D, cn=Groups, cn=default, cn=sysdb
    member: name=User 1, cn=Users, cn=default, cn=sysdb
    member: name=User 2, cn=Users, cn=default, cn=sysdb
    memberOf: name=Group C, cn=Groups, cn=default, cn=sysdb

    dn: name=Group C, cn=Groups, cn=default, cn=sysdb
    objectClass: group
    member: name=Group A, cn=Groups, cn=default, cn=sysdb
    member: name=Group B, cn=Groups, cn=default, cn=sysdb
    member: name=Group F, cn=Groups, cn=default, cn=sysdb
    member: name=User 3, cn=Users, cn=default, cn=sysdb

    dn: name=Group D, cn=Groups, cn=default, cn=sysdb
    objectClass: group
    member: name=User 4, cn=Users, cn=default, cn=sysdb
    memberOf: name=Group A, cn=Groups, cn=default, cn=sysdb
    memberOf: name=Group B, cn=Groups, cn=default, cn=sysdb
    memberOf: name=Group C, cn=Groups, cn=default, cn=sysdb

    dn: name=Group E, cn=Groups, cn=default, cn=sysdb
    objectClass: group
    member: name=User 5, cn=Users, cn=default, cn=sysdb
    memberOf: name=Group B, cn=Groups, cn=default, cn=sysdb
    memberOf: name=Group C, cn=Groups, cn=default, cn=sysdb
    memberOf: name=Group F, cn=Groups, cn=default, cn=sysdb

    dn: name=Group F, cn=Groups, cn=default, cn=sysdb
    objectClass: group
    memberOf: name=Group C, cn=Groups, cn=default, cn=sysdb


    dn: name=User 1, cn=Users, cn=default, cn=sysdb
    objectClass: user
    memberOf: name=Group A, cn=Groups, cn=default, cn=sysdb
    memberOf: name=Group B, cn=Groups, cn=default, cn=sysdb
    memberOf: name=Group C, cn=Groups, cn=default, cn=sysdb

    dn: name=User 2, cn=Users, cn=default, cn=sysdb
    objectClass: user
    memberOf: name=Group A, cn=Groups, cn=default, cn=sysdb
    memberOf: name=Group B, cn=Groups, cn=default, cn=sysdb
    memberOf: name=Group C, cn=Groups, cn=default, cn=sysdb

    dn: name=User 3, cn=Users, cn=default, cn=sysdb
    objectClass: user
    memberOf: name=Group A, cn=Groups, cn=default, cn=sysdb
    memberOf: name=Group C, cn=Groups, cn=default, cn=sysdb

    dn: name=User 4, cn=Users, cn=default, cn=sysdb
    objectClass: user
    memberOf: name=Group A, cn=Groups, cn=default, cn=sysdb
    memberOf: name=Group B, cn=Groups, cn=default, cn=sysdb
    memberOf: name=Group C, cn=Groups, cn=default, cn=sysdb
    memberOf: name=Group D, cn=Groups, cn=default, cn=sysdb

    dn: name=User 5, cn=Users, cn=default, cn=sysdb
    objectClass: user
    memberOf: name=Group A, cn=Groups, cn=default, cn=sysdb
    memberOf: name=Group B, cn=Groups, cn=default, cn=sysdb
    memberOf: name=Group C, cn=Groups, cn=default, cn=sysdb
    memberOf: name=Group E, cn=Groups, cn=default, cn=sysdb
    memberOf: name=Group F, cn=Groups, cn=default, cn=sysdb

Actions
-------

Add new member to a group with no parents
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We send an ldb message to add &#34;User 4&#34; to &#34;Group C&#34;

#. Check whether the member attribute matches the DN of Group C (it does
   not)
#. Examine &#34;Group C&#34; for memberOf attributes.
#. No memberOf attributes exist
#. Add memberOf(Group C) to &#34;User 4&#34;

Add new member to a group with parents
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We send an ldb message to add &#34;User 5&#34; to &#34;Group B&#34;

#. Check whether the member attribute matches the DN of Group C (it does
   not)
#. Examine &#34;Group B&#34; for memberOf attributes.
#. &#34;Group B&#34; has memberOf attributes: &#34;Group C&#34;
#. Check whether any of these memberOf values match &#34;User 5&#34; (none do)
#. Add memberOf(Group B) and memberOf(Group C) to &#34;User 4&#34; and return

.. Add new group to a group with no parents (no loops)
.. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
..
.. .. |image0| image:: https://fedorahosted.org/sssd/raw-attachment/wiki/DesignDocs/MemberOfv2/nestedgroups.png
..    :target: https://fedorahosted.org/sssd/attachment/wiki/DesignDocs/MemberOfv2/nestedgroups.png
</pre>