diff options
author | Sumit Bose <sbose@redhat.com> | 2013-04-19 12:22:03 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-05-02 19:33:56 +0200 |
commit | 1ae6d34788fd6ac2278be52b60d77c77073d98f3 (patch) | |
tree | 04138c422f8c6fe60eeb9aaeec5e3cda18e84046 /src/providers/ldap/sdap_async_users.c | |
parent | 5a6e3cb57cf2d8d4118b58be0574cccea171ca19 (diff) | |
download | sssd-1ae6d34788fd6ac2278be52b60d77c77073d98f3.tar.gz sssd-1ae6d34788fd6ac2278be52b60d77c77073d98f3.tar.bz2 sssd-1ae6d34788fd6ac2278be52b60d77c77073d98f3.zip |
LDAP: always store SID if available
Currently the string representation of a SID is only stored in the cache
for debugging purpose if SID based ID-mapping is used. This patch
unconditionally stores the SID if available to allow SID-to-name
mappings from the cache.
Diffstat (limited to 'src/providers/ldap/sdap_async_users.c')
-rw-r--r-- | src/providers/ldap/sdap_async_users.c | 42 |
1 files changed, 30 insertions, 12 deletions
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index ccd2f24e..68e646cb 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -132,22 +132,40 @@ int sdap_save_user(TALLOC_CTX *memctx, if (el->num_values == 0) shell = NULL; else shell = (const char *)el->values[0].data; + /* Always store SID string if available */ + ret = sdap_attrs_get_sid_str(tmpctx, opts->idmap_ctx, attrs, + opts->user_map[SDAP_AT_USER_OBJECTSID].sys_name, + &sid_str); + if (ret == EOK) { + ret = sysdb_attrs_add_string(user_attrs, SYSDB_SID_STR, sid_str); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not add SID string: [%s]\n", + strerror(ret))); + goto done; + } + } else if (ret == ENOENT) { + DEBUG(SSSDBG_TRACE_ALL, ("objectSID: not available for group [%s].\n", + name)); + sid_str = NULL; + } else { + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not identify objectSID: [%s]\n", + strerror(ret))); + sid_str = NULL; + } + + /* Retrieve or map the UID as appropriate */ if (use_id_mapping) { - DEBUG(SSSDBG_TRACE_LIBS, - ("Mapping user [%s] objectSID to unix ID\n", name)); - ret = sdap_attrs_get_sid_str( - tmpctx, opts->idmap_ctx, attrs, - opts->user_map[SDAP_AT_USER_OBJECTSID].sys_name, - &sid_str); - if (ret != EOK) goto done; + if (sid_str == NULL) { + DEBUG(SSSDBG_MINOR_FAILURE, ("SID not available, cannot map a " \ + "unix ID to user [%s].\n", name)); + ret = ENOENT; + goto done; + } - /* Add string representation to the cache for easier - * debugging - */ - ret = sysdb_attrs_add_string(user_attrs, SYSDB_SID_STR, sid_str); - if (ret != EOK) goto done; + DEBUG(SSSDBG_TRACE_LIBS, + ("Mapping user [%s] objectSID [%s] to unix ID\n", name, sid_str)); /* Convert the SID into a UNIX user ID */ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &uid); |