diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-24 17:11:06 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-26 21:02:19 +0100 |
commit | 6826edf9cbda1b26300340e9e83f7bb491562d00 (patch) | |
tree | c2d8c1422391fa03a6f4bd7c0e537df4e3233e17 /src/ldb_modules | |
parent | 3d97f2645356adca1e9e6eeca4f735a1acbed15d (diff) | |
download | sssd-6826edf9cbda1b26300340e9e83f7bb491562d00.tar.gz sssd-6826edf9cbda1b26300340e9e83f7bb491562d00.tar.bz2 sssd-6826edf9cbda1b26300340e9e83f7bb491562d00.zip |
MEMBEROF: Do not add the ghost attribute to self
When a nested group with ghost users is added, its ghost attribute should
propagate within the nested group structure much like the memberuid
attribute. Unlike the memberuid attribute, the ghost attribute is only
semi-managed by the memberof plugin and added manually to the original
entry.
This bug caused LDB errors saying that attribute or value already exists
when a group with a ghost user was added to the hierarchy as groups were
updated with an attribute they already had.
Diffstat (limited to 'src/ldb_modules')
-rw-r--r-- | src/ldb_modules/memberof.c | 12 |
1 files changed, 1 insertions, 11 deletions
diff --git a/src/ldb_modules/memberof.c b/src/ldb_modules/memberof.c index f0b5b72e..b884228d 100644 --- a/src/ldb_modules/memberof.c +++ b/src/ldb_modules/memberof.c @@ -813,7 +813,7 @@ static int mbof_add_operation(struct mbof_add_operation *addop) el = ldb_msg_find_element(addop->entry, DB_GHOST); if (el) { for (i = 0; i < el->num_values; i++) { - /* add memberuid to all group's parents */ + /* add ghost to all group's parents */ for (j = 0; j < parents->num; j++) { ret = mbof_append_muop(add_ctx, &add_ctx->muops, &add_ctx->num_muops, @@ -826,16 +826,6 @@ static int mbof_add_operation(struct mbof_add_operation *addop) } } - /* now add memberuid to the group itself */ - ret = mbof_append_muop(add_ctx, &add_ctx->muops, - &add_ctx->num_muops, - LDB_FLAG_MOD_ADD, - addop->entry_dn, - (char *)el->values[i].data, - DB_GHOST); - if (ret != LDB_SUCCESS) { - return ret; - } } } |