diff options
| -rw-r--r-- | src/db/sysdb.h | 1 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_users.c | 33 |
2 files changed, 23 insertions, 11 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 7045edf7..53fb8603 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -105,6 +105,7 @@ #define SYSDB_UUID "uniqueID" #define SYSDB_SID "objectSID" #define SYSDB_PRIMARY_GROUP "ADPrimaryGroupID" +#define SYSDB_PRIMARY_GROUP_GIDNUM "origPrimaryGroupGidNumber" #define SYSDB_SID_STR "objectSIDString" #define SYSDB_UPN "userPrincipalName" #define SYSDB_CCACHE_FILE "ccacheFile" diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 07ddb622..353dc399 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -269,19 +269,30 @@ int sdap_save_user(TALLOC_CTX *memctx, } if (use_id_mapping) { - if (IS_SUBDOMAIN(dom) == false) { - ret = sdap_get_idmap_primary_gid(opts, attrs, sid_str, dom_sid_str, - &gid); - if (ret) { - DEBUG(SSSDBG_CRIT_FAILURE, - ("Cannot get the GID for [%s] in domain [%s].\n", - user_name, dom->name)); - goto done; - } - } else { + ret = sdap_get_idmap_primary_gid(opts, attrs, sid_str, dom_sid_str, + &gid); + if (ret) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Cannot get the GID for [%s] in domain [%s].\n", + user_name, dom->name)); + goto done; + } + + if (IS_SUBDOMAIN(dom)) { /* For subdomain users, only create the private group as - * the subdomain is an MPG domain + * the subdomain is an MPG domain. + * But we have to save the GID of the original primary group + * becasuse otherwise this information might be lost because + * typically (Unix and AD) the user is not listed in his primary + * group as a member. */ + ret = sysdb_attrs_add_uint32(user_attrs, SYSDB_PRIMARY_GROUP_GIDNUM, + (uint32_t) gid); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_uint32 failed.\n")); + goto done; + } + gid = 0; } |