From 3111d78001f458cfcaf81123a1d1c23d5927a6c2 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Mon, 25 May 2009 11:54:43 +0200
Subject: s3:winbind:idmap_ldap: warn about duplicate SID->XID mappings (bug
 #6387)

With the current infrastructure, we should not return error on
duplicate mappings but just warn instead (because an error would
trigger the attempt to create yet another mapping).

Michael
---
 source3/winbindd/idmap_ldap.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'source3/winbindd')

diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index 63108040fd..88ece8c7de 100644
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -1257,8 +1257,6 @@ again:
 			continue;
 		}
 
-		TALLOC_FREE(sidstr);
-
 		/* now try to see if it is a uid, if not try with a gid
 		 * (gid is more common, but in case both uidNumber and
 		 * gidNumber are returned the SID is mapped to the uid
@@ -1276,6 +1274,7 @@ again:
 		if ( ! tmp) { /* no ids ?? */
 			DEBUG(5, ("no uidNumber, "
 				  "nor gidNumber attributes found\n"));
+			TALLOC_FREE(sidstr);
 			continue;
 		}
 
@@ -1286,11 +1285,21 @@ again:
 			DEBUG(5, ("Requested id (%u) out of range (%u - %u). "
 				  "Filtered!\n", id,
 				  ctx->filter_low_id, ctx->filter_high_id));
+			TALLOC_FREE(sidstr);
 			TALLOC_FREE(tmp);
 			continue;
 		}
 		TALLOC_FREE(tmp);
 
+		if (map->status == ID_MAPPED) {
+			DEBUG(1, ("WARNING: duplicate %s mapping in LDAP. "
+			      "overwriting mapping %s -> %u with %s -> %u\n",
+			      (type == ID_TYPE_UID) ? "UID" : "GID",
+			      sidstr, map->xid.id, sidstr, id));
+		}
+
+		TALLOC_FREE(sidstr);
+
 		/* mapped */
 		map->xid.type = type;
 		map->xid.id = id;
-- 
cgit