s3:winbind:idmap_ldap: warn about duplicate SID->XID mappings (bug #6387)

With the current infrastructure, we should not return error on
duplicate mappings but just warn instead (because an error would
trigger the attempt to create yet another mapping).

Michael

1 files changed, 11 insertions, 2 deletions

diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index 63108040fd..88ece8c7de 100644
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -1257,8 +1257,6 @@ again:
 			continue;
 		}
 
-		TALLOC_FREE(sidstr);
-
 		/* now try to see if it is a uid, if not try with a gid
 		 * (gid is more common, but in case both uidNumber and
 		 * gidNumber are returned the SID is mapped to the uid
@@ -1276,6 +1274,7 @@ again:
 		if ( ! tmp) { /* no ids ?? */
 			DEBUG(5, ("no uidNumber, "
 				  "nor gidNumber attributes found\n"));
+			TALLOC_FREE(sidstr);
 			continue;
 		}
 
@@ -1286,11 +1285,21 @@ again:
 			DEBUG(5, ("Requested id (%u) out of range (%u - %u). "
 				  "Filtered!\n", id,
 				  ctx->filter_low_id, ctx->filter_high_id));
+			TALLOC_FREE(sidstr);
 			TALLOC_FREE(tmp);
 			continue;
 		}
 		TALLOC_FREE(tmp);
 
+		if (map->status == ID_MAPPED) {
+			DEBUG(1, ("WARNING: duplicate %s mapping in LDAP. "
+			      "overwriting mapping %s -> %u with %s -> %u\n",
+			      (type == ID_TYPE_UID) ? "UID" : "GID",
+			      sidstr, map->xid.id, sidstr, id));
+		}
+
+		TALLOC_FREE(sidstr);
+
 		/* mapped */
 		map->xid.type = type;
 		map->xid.id = id;