summaryrefslogtreecommitdiff
path: root/src/ldb_modules
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2012-11-24 17:11:06 +0100
committerJakub Hrozek <jhrozek@redhat.com>2012-11-26 21:02:19 +0100
commit6826edf9cbda1b26300340e9e83f7bb491562d00 (patch)
treec2d8c1422391fa03a6f4bd7c0e537df4e3233e17 /src/ldb_modules
parent3d97f2645356adca1e9e6eeca4f735a1acbed15d (diff)
downloadsssd-6826edf9cbda1b26300340e9e83f7bb491562d00.tar.gz
sssd-6826edf9cbda1b26300340e9e83f7bb491562d00.tar.bz2
sssd-6826edf9cbda1b26300340e9e83f7bb491562d00.zip
MEMBEROF: Do not add the ghost attribute to self
When a nested group with ghost users is added, its ghost attribute should propagate within the nested group structure much like the memberuid attribute. Unlike the memberuid attribute, the ghost attribute is only semi-managed by the memberof plugin and added manually to the original entry. This bug caused LDB errors saying that attribute or value already exists when a group with a ghost user was added to the hierarchy as groups were updated with an attribute they already had.
Diffstat (limited to 'src/ldb_modules')
-rw-r--r--src/ldb_modules/memberof.c12
1 files changed, 1 insertions, 11 deletions
diff --git a/src/ldb_modules/memberof.c b/src/ldb_modules/memberof.c
index f0b5b72e..b884228d 100644
--- a/src/ldb_modules/memberof.c
+++ b/src/ldb_modules/memberof.c
@@ -813,7 +813,7 @@ static int mbof_add_operation(struct mbof_add_operation *addop)
el = ldb_msg_find_element(addop->entry, DB_GHOST);
if (el) {
for (i = 0; i < el->num_values; i++) {
- /* add memberuid to all group's parents */
+ /* add ghost to all group's parents */
for (j = 0; j < parents->num; j++) {
ret = mbof_append_muop(add_ctx, &add_ctx->muops,
&add_ctx->num_muops,
@@ -826,16 +826,6 @@ static int mbof_add_operation(struct mbof_add_operation *addop)
}
}
- /* now add memberuid to the group itself */
- ret = mbof_append_muop(add_ctx, &add_ctx->muops,
- &add_ctx->num_muops,
- LDB_FLAG_MOD_ADD,
- addop->entry_dn,
- (char *)el->values[i].data,
- DB_GHOST);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
}
}