diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-09-26 13:37:30 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-09-27 15:52:13 +0200 |
commit | 1b870ffa7910879f9310db453a31ab6f06392b9b (patch) | |
tree | 8f4e18dee218a8f49a9fe318b73e63fe0765f351 /src | |
parent | d3e1d88ce7de3216a862b9fe78dc5aa94dcbc14b (diff) | |
download | sssd-1b870ffa7910879f9310db453a31ab6f06392b9b.tar.gz sssd-1b870ffa7910879f9310db453a31ab6f06392b9b.tar.bz2 sssd-1b870ffa7910879f9310db453a31ab6f06392b9b.zip |
LDAP: Allow searching subdomain during RFC2307bis initgroups
Related: https://fedorahosted.org/sssd/ticket/2070
Until now, the POSIX-compliant initgroups would only be able to search
the parent domain. Since we want to allow using POSIX attributes from AD
subdomains as well, we should allow searching a custom sdap_domain.
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 157cf744..e8de8d5c 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -1482,8 +1482,7 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send( TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, - struct sysdb_ctx *sysdb, - struct sss_domain_info *dom, + struct sdap_domain *sdom, struct sdap_handle *sh, const char *name, const char *orig_dn) @@ -1500,8 +1499,8 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send( state->ev = ev; state->opts = opts; - state->sysdb = sysdb; - state->dom = dom; + state->sysdb = sdom->dom->sysdb; + state->dom = sdom->dom; state->sh = sh; state->op = NULL; state->name = name; @@ -1509,7 +1508,7 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send( state->num_direct_parents = 0; state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); state->base_iter = 0; - state->search_bases = opts->sdom->group_search_bases; + state->search_bases = sdom->group_search_bases; state->orig_dn = orig_dn; if (!state->search_bases) { @@ -1541,8 +1540,9 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send( ret = sss_filter_sanitize(state, orig_dn, &clean_orig_dn); if (ret != EOK) goto done; - use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx, - dom->domain_id); + use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping( + opts->idmap_ctx, + sdom->dom->domain_id); state->base_filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)", @@ -2571,6 +2571,7 @@ struct sdap_get_initgr_state { struct sysdb_ctx *sysdb; struct sdap_options *opts; struct sss_domain_info *dom; + struct sdap_domain *sdom; struct sdap_handle *sh; struct sdap_id_ctx *id_ctx; struct sdap_id_conn_ctx *conn; @@ -2617,6 +2618,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, state->opts = id_ctx->opts; state->dom = sdom->dom; state->sysdb = sdom->dom->sysdb; + state->sdom = sdom; state->sh = sh; state->id_ctx = id_ctx; state->conn = conn; @@ -2873,8 +2875,8 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) state->timeout); } else { subreq = sdap_initgr_rfc2307bis_send( - state, state->ev, state->opts, state->sysdb, - state->dom, state->sh, + state, state->ev, state->opts, + state->sdom, state->sh, cname, orig_dn); } if (!subreq) { |