summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2011-03-16 12:59:33 -0400
committerStephen Gallagher <sgallagh@redhat.com>2011-03-23 04:58:37 -0400
commit7196eba0014cfd954ab86bf86ae5e151ed9d7600 (patch)
tree2a80c8d59a484506f0d8a57a3f1476ea90f954d8 /src
parent0c9ebc7363f47b153b1ca6087447d2fb492f9eb7 (diff)
downloadsssd-7196eba0014cfd954ab86bf86ae5e151ed9d7600.tar.gz
sssd-7196eba0014cfd954ab86bf86ae5e151ed9d7600.tar.bz2
sssd-7196eba0014cfd954ab86bf86ae5e151ed9d7600.zip
RFC2307bis: Ignore aliases for groups
Groups in ldap with multiple values for their groupname attribute will now be compared against the RDN of the entry to determine the "primary" group name. We will save only this primary group name to the ldb cache.
Diffstat (limited to 'src')
-rw-r--r--src/providers/ldap/sdap_async_accounts.c40
1 files changed, 26 insertions, 14 deletions
diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c
index afa28670..0784965a 100644
--- a/src/providers/ldap/sdap_async_accounts.c
+++ b/src/providers/ldap/sdap_async_accounts.c
@@ -836,9 +836,9 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx,
const char *name;
int ret;
- ret = sysdb_attrs_get_string(attrs,
- opts->group_map[SDAP_AT_GROUP_NAME].sys_name,
- &name);
+ ret = sysdb_attrs_primary_name(ctx, attrs,
+ opts->group_map[SDAP_AT_GROUP_NAME].name,
+ &name);
if (ret != EOK) {
goto fail;
}
@@ -2232,7 +2232,9 @@ static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx,
state->grp_attrs = grp_attrs;
state->op = NULL;
- ret = sysdb_attrs_get_string(user, SYSDB_NAME, &state->username);
+ ret = sysdb_attrs_primary_name(sysdb, user,
+ opts->user_map[SDAP_AT_USER_NAME].name,
+ &state->username);
if (ret != EOK) {
DEBUG(1, ("User entry had no username\n"));
talloc_free(req);
@@ -2834,11 +2836,12 @@ static struct tevent_req *sdap_nested_group_process_send(
*/
key.type = HASH_KEY_STRING;
- ret = sysdb_attrs_get_string(
- group,
- opts->group_map[SDAP_AT_GROUP_NAME].sys_name,
- &groupname);
- if (ret != EOK) goto immediate;
+ ret = sysdb_attrs_primary_name(sysdb, group,
+ opts->group_map[SDAP_AT_GROUP_NAME].name,
+ &groupname);
+ if (ret != EOK) {
+ goto immediate;
+ }
key.str = talloc_strdup(state, groupname);
if (!key.str) {
@@ -3802,8 +3805,11 @@ static errno_t rfc2307bis_nested_groups_step(struct tevent_req *req)
goto error;
}
- ret = sysdb_attrs_get_string(state->groups[state->group_iter],
- SYSDB_NAME, &name);
+ ret = sysdb_attrs_primary_name(
+ state->sysdb,
+ state->groups[state->group_iter],
+ state->opts->group_map[SDAP_AT_GROUP_NAME].name,
+ &name);
if (ret != EOK) {
goto error;
}
@@ -3842,7 +3848,8 @@ static errno_t rfc2307bis_nested_groups_step(struct tevent_req *req)
DEBUG(6, ("Saving incomplete group [%s] to the sysdb\n",
groupnamelist[0]));
- ret = sdap_add_incomplete_groups(state->sysdb, state->dom, groupnamelist,
+ ret = sdap_add_incomplete_groups(state->sysdb, state->opts,
+ state->dom, groupnamelist,
grouplist, 1);
if (ret != EOK) {
goto error;
@@ -4051,12 +4058,17 @@ static errno_t rfc2307bis_nested_groups_update_sysdb(
}
in_transaction = true;
- ret = sysdb_attrs_get_string(state->groups[state->group_iter],
- SYSDB_NAME, &name);
+ ret = sysdb_attrs_primary_name(
+ state->sysdb,
+ state->groups[state->group_iter],
+ state->opts->group_map[SDAP_AT_GROUP_NAME].name,
+ &name);
if (ret != EOK) {
goto error;
}
+ DEBUG(6, ("Processing group [%s]\n", name));
+
attrs = talloc_array(tmp_ctx, const char *, 2);
if (!attrs) {
ret = ENOMEM;