diff options
author | Sumit Bose <sbose@redhat.com> | 2013-08-06 12:17:39 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-19 22:32:34 +0200 |
commit | 15b5d885e28afcd6c3c19f900eea2a8e00c3e6d3 (patch) | |
tree | c7a7dc5c11a797150319727c5eae2cf0bc547ded | |
parent | f9091077bfbb09f052d08e25ac5e00af0baa6dfb (diff) | |
download | sssd-15b5d885e28afcd6c3c19f900eea2a8e00c3e6d3.tar.gz sssd-15b5d885e28afcd6c3c19f900eea2a8e00c3e6d3.tar.bz2 sssd-15b5d885e28afcd6c3c19f900eea2a8e00c3e6d3.zip |
sdap_add_incomplete_groups: use fully qualified name if needed
For subdomains the group names must be expanded to fully qualified names
to be able to find existing groups or properly add new ones.
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 02158a6f..513de274 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -50,6 +50,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, time_t now; char *sid_str; bool use_id_mapping; + char *tmp_name; /* There are no groups in LDAP but we should add user to groups ?? */ if (ldap_groups_count == 0) return EOK; @@ -65,14 +66,23 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, mi = 0; for (i=0; groupnames[i]; i++) { + tmp_name = sss_get_domain_name(tmp_ctx, groupnames[i], domain); + if (tmp_name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + ("Failed to format original name [%s]\n", groupnames[i])); + ret = ENOMEM; + goto done; + } + ret = sysdb_search_group_by_name(tmp_ctx, sysdb, domain, - groupnames[i], NULL, &msg); + tmp_name, NULL, &msg); if (ret == EOK) { continue; } else if (ret == ENOENT) { - DEBUG(7, ("Group #%d [%s] is not cached, need to add a fake entry\n", - i, groupnames[i])); - missing[mi] = groupnames[i]; + missing[mi] = talloc_steal(missing, tmp_name); + DEBUG(7, ("Group #%d [%s][%s] is not cached, " \ + "need to add a fake entry\n", + i, groupnames[i], missing[mi])); mi++; continue; } else if (ret != ENOENT) { |