diff options
author | Sumit Bose <sbose@redhat.com> | 2013-08-06 12:17:39 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-19 22:32:34 +0200 |
commit | 15b5d885e28afcd6c3c19f900eea2a8e00c3e6d3 (patch) | |
tree | c7a7dc5c11a797150319727c5eae2cf0bc547ded /src | |
parent | f9091077bfbb09f052d08e25ac5e00af0baa6dfb (diff) | |
download | sssd-15b5d885e28afcd6c3c19f900eea2a8e00c3e6d3.tar.gz sssd-15b5d885e28afcd6c3c19f900eea2a8e00c3e6d3.tar.bz2 sssd-15b5d885e28afcd6c3c19f900eea2a8e00c3e6d3.zip |
sdap_add_incomplete_groups: use fully qualified name if needed
For subdomains the group names must be expanded to fully qualified names
to be able to find existing groups or properly add new ones.
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 02158a6f..513de274 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -50,6 +50,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, time_t now; char *sid_str; bool use_id_mapping; + char *tmp_name; /* There are no groups in LDAP but we should add user to groups ?? */ if (ldap_groups_count == 0) return EOK; @@ -65,14 +66,23 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, mi = 0; for (i=0; groupnames[i]; i++) { + tmp_name = sss_get_domain_name(tmp_ctx, groupnames[i], domain); + if (tmp_name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + ("Failed to format original name [%s]\n", groupnames[i])); + ret = ENOMEM; + goto done; + } + ret = sysdb_search_group_by_name(tmp_ctx, sysdb, domain, - groupnames[i], NULL, &msg); + tmp_name, NULL, &msg); if (ret == EOK) { continue; } else if (ret == ENOENT) { - DEBUG(7, ("Group #%d [%s] is not cached, need to add a fake entry\n", - i, groupnames[i])); - missing[mi] = groupnames[i]; + missing[mi] = talloc_steal(missing, tmp_name); + DEBUG(7, ("Group #%d [%s][%s] is not cached, " \ + "need to add a fake entry\n", + i, groupnames[i], missing[mi])); mi++; continue; } else if (ret != ENOENT) { |