summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-08-06 12:17:39 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-08-19 22:32:34 +0200
commit15b5d885e28afcd6c3c19f900eea2a8e00c3e6d3 (patch)
treec7a7dc5c11a797150319727c5eae2cf0bc547ded
parentf9091077bfbb09f052d08e25ac5e00af0baa6dfb (diff)
downloadsssd-15b5d885e28afcd6c3c19f900eea2a8e00c3e6d3.tar.gz
sssd-15b5d885e28afcd6c3c19f900eea2a8e00c3e6d3.tar.bz2
sssd-15b5d885e28afcd6c3c19f900eea2a8e00c3e6d3.zip
sdap_add_incomplete_groups: use fully qualified name if needed
For subdomains the group names must be expanded to fully qualified names to be able to find existing groups or properly add new ones.
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c18
1 files changed, 14 insertions, 4 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 02158a6f..513de274 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -50,6 +50,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
time_t now;
char *sid_str;
bool use_id_mapping;
+ char *tmp_name;
/* There are no groups in LDAP but we should add user to groups ?? */
if (ldap_groups_count == 0) return EOK;
@@ -65,14 +66,23 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
mi = 0;
for (i=0; groupnames[i]; i++) {
+ tmp_name = sss_get_domain_name(tmp_ctx, groupnames[i], domain);
+ if (tmp_name == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Failed to format original name [%s]\n", groupnames[i]));
+ ret = ENOMEM;
+ goto done;
+ }
+
ret = sysdb_search_group_by_name(tmp_ctx, sysdb, domain,
- groupnames[i], NULL, &msg);
+ tmp_name, NULL, &msg);
if (ret == EOK) {
continue;
} else if (ret == ENOENT) {
- DEBUG(7, ("Group #%d [%s] is not cached, need to add a fake entry\n",
- i, groupnames[i]));
- missing[mi] = groupnames[i];
+ missing[mi] = talloc_steal(missing, tmp_name);
+ DEBUG(7, ("Group #%d [%s][%s] is not cached, " \
+ "need to add a fake entry\n",
+ i, groupnames[i], missing[mi]));
mi++;
continue;
} else if (ret != ENOENT) {