diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-17 23:55:13 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-20 18:02:17 +0100 |
| commit | 8455d5ab61184e0d126fc074a9ce6e98391eb909 (patch) | |
| tree | 18ce853602a74e8fc581908d4ff2a83d46dc7dcd /src/responder/pac | |
| parent | 25285335d6d41400870e64f07904e899263699f5 (diff) | |
| download | sssd-8455d5ab61184e0d126fc074a9ce6e98391eb909.tar.gz sssd-8455d5ab61184e0d126fc074a9ce6e98391eb909.tar.bz2 sssd-8455d5ab61184e0d126fc074a9ce6e98391eb909.zip | |
LDAP: Only convert direct parents' ghost attribute to member
https://fedorahosted.org/sssd/ticket/1612
This patch changes the handling of ghost attributes when saving the
actual user entry. Instead of always linking all groups that contained
the ghost attribute with the new user entry, the original member
attributes are now saved in the group object and the user entry is only
linked with its direct parents.
As the member attribute is compared against the originalDN of the user,
if either the originalDN or the originalMember attributes are missing,
the user object is linked with all the groups as a fallback.
The original member attributes are only saved if the LDAP schema
supports nesting.
Diffstat (limited to 'src/responder/pac')
| -rw-r--r-- | src/responder/pac/pacsrv_cmd.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c index 202765a5..6b6a7a98 100644 --- a/src/responder/pac/pacsrv_cmd.c +++ b/src/responder/pac/pacsrv_cmd.c @@ -391,7 +391,7 @@ static errno_t save_pac_user(struct pac_req_ctx *pr_ctx) ret = sysdb_store_user(sysdb, pwd->pw_name, NULL, pwd->pw_uid, pwd->pw_gid, pwd->pw_gecos, pwd->pw_dir, - pwd->pw_shell, user_attrs, NULL, + pwd->pw_shell, NULL, user_attrs, NULL, pr_ctx->dom->user_timeout, 0); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_store_user failed [%d][%s].\n", |