summaryrefslogtreecommitdiff
path: root/src/providers/ldap/sdap_async_users.c
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2012-11-17 23:55:13 +0100
committerJakub Hrozek <jhrozek@redhat.com>2012-11-20 18:02:17 +0100
commit8455d5ab61184e0d126fc074a9ce6e98391eb909 (patch)
tree18ce853602a74e8fc581908d4ff2a83d46dc7dcd /src/providers/ldap/sdap_async_users.c
parent25285335d6d41400870e64f07904e899263699f5 (diff)
downloadsssd-8455d5ab61184e0d126fc074a9ce6e98391eb909.tar.gz
sssd-8455d5ab61184e0d126fc074a9ce6e98391eb909.tar.bz2
sssd-8455d5ab61184e0d126fc074a9ce6e98391eb909.zip
LDAP: Only convert direct parents' ghost attribute to member
https://fedorahosted.org/sssd/ticket/1612 This patch changes the handling of ghost attributes when saving the actual user entry. Instead of always linking all groups that contained the ghost attribute with the new user entry, the original member attributes are now saved in the group object and the user entry is only linked with its direct parents. As the member attribute is compared against the originalDN of the user, if either the originalDN or the originalMember attributes are missing, the user object is linked with all the groups as a fallback. The original member attributes are only saved if the LDAP schema supports nesting.
Diffstat (limited to 'src/providers/ldap/sdap_async_users.c')
-rw-r--r--src/providers/ldap/sdap_async_users.c22
1 files changed, 17 insertions, 5 deletions
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index e2e7b72d..5304c624 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -47,6 +47,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
const char *gecos;
const char *homedir;
const char *shell;
+ const char *orig_dn;
uid_t uid;
gid_t gid, primary_gid;
struct sysdb_attrs *user_attrs;
@@ -241,12 +242,23 @@ int sdap_save_user(TALLOC_CTX *memctx,
goto fail;
}
- ret = sdap_attrs_add_string(attrs, SYSDB_ORIG_DN,
- "original DN",
- name, user_attrs);
- if (ret != EOK) {
+ ret = sysdb_attrs_get_el(attrs, SYSDB_ORIG_DN, &el);
+ if (ret) {
goto fail;
}
+ if (!el || el->num_values == 0) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("originalDN is not available for [%s].\n", name));
+ } else {
+ orig_dn = (const char *) el->values[0].data;
+ DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding originalDN [%s] to attributes "
+ "of [%s].\n", orig_dn, name));
+
+ ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_DN, orig_dn);
+ if (ret) {
+ goto fail;
+ }
+ }
ret = sysdb_attrs_get_el(attrs, SYSDB_MEMBEROF, &el);
if (ret) {
@@ -358,7 +370,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
DEBUG(6, ("Storing info for user %s\n", name));
ret = sysdb_store_user(ctx, name, pwd, uid, gid, gecos, homedir, shell,
- user_attrs, missing, cache_timeout, now);
+ orig_dn, user_attrs, missing, cache_timeout, now);
if (ret) goto fail;
if (_usn_value) {