diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-17 23:55:13 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-20 18:02:17 +0100 |
commit | 8455d5ab61184e0d126fc074a9ce6e98391eb909 (patch) | |
tree | 18ce853602a74e8fc581908d4ff2a83d46dc7dcd /src/providers/ldap/sdap_async_users.c | |
parent | 25285335d6d41400870e64f07904e899263699f5 (diff) | |
download | sssd-8455d5ab61184e0d126fc074a9ce6e98391eb909.tar.gz sssd-8455d5ab61184e0d126fc074a9ce6e98391eb909.tar.bz2 sssd-8455d5ab61184e0d126fc074a9ce6e98391eb909.zip |
LDAP: Only convert direct parents' ghost attribute to member
https://fedorahosted.org/sssd/ticket/1612
This patch changes the handling of ghost attributes when saving the
actual user entry. Instead of always linking all groups that contained
the ghost attribute with the new user entry, the original member
attributes are now saved in the group object and the user entry is only
linked with its direct parents.
As the member attribute is compared against the originalDN of the user,
if either the originalDN or the originalMember attributes are missing,
the user object is linked with all the groups as a fallback.
The original member attributes are only saved if the LDAP schema
supports nesting.
Diffstat (limited to 'src/providers/ldap/sdap_async_users.c')
-rw-r--r-- | src/providers/ldap/sdap_async_users.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index e2e7b72d..5304c624 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -47,6 +47,7 @@ int sdap_save_user(TALLOC_CTX *memctx, const char *gecos; const char *homedir; const char *shell; + const char *orig_dn; uid_t uid; gid_t gid, primary_gid; struct sysdb_attrs *user_attrs; @@ -241,12 +242,23 @@ int sdap_save_user(TALLOC_CTX *memctx, goto fail; } - ret = sdap_attrs_add_string(attrs, SYSDB_ORIG_DN, - "original DN", - name, user_attrs); - if (ret != EOK) { + ret = sysdb_attrs_get_el(attrs, SYSDB_ORIG_DN, &el); + if (ret) { goto fail; } + if (!el || el->num_values == 0) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("originalDN is not available for [%s].\n", name)); + } else { + orig_dn = (const char *) el->values[0].data; + DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding originalDN [%s] to attributes " + "of [%s].\n", orig_dn, name)); + + ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_DN, orig_dn); + if (ret) { + goto fail; + } + } ret = sysdb_attrs_get_el(attrs, SYSDB_MEMBEROF, &el); if (ret) { @@ -358,7 +370,7 @@ int sdap_save_user(TALLOC_CTX *memctx, DEBUG(6, ("Storing info for user %s\n", name)); ret = sysdb_store_user(ctx, name, pwd, uid, gid, gecos, homedir, shell, - user_attrs, missing, cache_timeout, now); + orig_dn, user_attrs, missing, cache_timeout, now); if (ret) goto fail; if (_usn_value) { |