simple provider: support subdomain users

Resolves:
https://fedorahosted.org/sssd/ticket/2034

1 files changed, 10 insertions, 5 deletions

diff --git a/src/providers/simple/simple_access.c b/src/providers/simple/simple_access.c
index 46e6dde1..46b045e5 100644
--- a/src/providers/simple/simple_access.c
+++ b/src/providers/simple/simple_access.c
@@ -141,13 +141,18 @@ static errno_t simple_access_parse_names(TALLOC_CTX *mem_ctx,
         }
 
         if (domain == NULL || strcasecmp(domain, be_ctx->domain->name) == 0) {
-            /* main domain, remember the name without domain part */
+            /* This object belongs to main SSSD domain. Those users and groups
+             * are stored without domain part, so we will strip it off.
+             * */
             out[i] = talloc_move(out, &name);
         } else {
-            DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown domain in %s. "
-                  "Check you configuration.\n", list[i]));
-            ret = EINVAL;
-            goto done;
+            /* Subdomain users and groups are stored as fully qualified names,
+             * thus we will remember the domain part.
+             *
+             * Since subdomains may come and go, we will look for their
+             * existence later, during each access check.
+             */
+            out[i] = talloc_move(out, &list[i]);
         }
     }