summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-08-06 12:17:39 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-08-19 22:32:34 +0200
commit15b5d885e28afcd6c3c19f900eea2a8e00c3e6d3 (patch)
treec7a7dc5c11a797150319727c5eae2cf0bc547ded /src
parentf9091077bfbb09f052d08e25ac5e00af0baa6dfb (diff)
downloadsssd-15b5d885e28afcd6c3c19f900eea2a8e00c3e6d3.tar.gz
sssd-15b5d885e28afcd6c3c19f900eea2a8e00c3e6d3.tar.bz2
sssd-15b5d885e28afcd6c3c19f900eea2a8e00c3e6d3.zip
sdap_add_incomplete_groups: use fully qualified name if needed
For subdomains the group names must be expanded to fully qualified names to be able to find existing groups or properly add new ones.
Diffstat (limited to 'src')
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c18
1 files changed, 14 insertions, 4 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 02158a6f..513de274 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -50,6 +50,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
time_t now;
char *sid_str;
bool use_id_mapping;
+ char *tmp_name;
/* There are no groups in LDAP but we should add user to groups ?? */
if (ldap_groups_count == 0) return EOK;
@@ -65,14 +66,23 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
mi = 0;
for (i=0; groupnames[i]; i++) {
+ tmp_name = sss_get_domain_name(tmp_ctx, groupnames[i], domain);
+ if (tmp_name == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Failed to format original name [%s]\n", groupnames[i]));
+ ret = ENOMEM;
+ goto done;
+ }
+
ret = sysdb_search_group_by_name(tmp_ctx, sysdb, domain,
- groupnames[i], NULL, &msg);
+ tmp_name, NULL, &msg);
if (ret == EOK) {
continue;
} else if (ret == ENOENT) {
- DEBUG(7, ("Group #%d [%s] is not cached, need to add a fake entry\n",
- i, groupnames[i]));
- missing[mi] = groupnames[i];
+ missing[mi] = talloc_steal(missing, tmp_name);
+ DEBUG(7, ("Group #%d [%s][%s] is not cached, " \
+ "need to add a fake entry\n",
+ i, groupnames[i], missing[mi]));
mi++;
continue;
} else if (ret != ENOENT) {