From 721241198c369596c4f13445c70f227b199fdcd0 Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Tue, 27 Aug 2013 14:02:42 +0200 Subject: simple provider: support subdomain users Resolves: https://fedorahosted.org/sssd/ticket/2034 --- src/providers/simple/simple_access.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/providers/simple/simple_access.c b/src/providers/simple/simple_access.c index 46e6dde1..46b045e5 100644 --- a/src/providers/simple/simple_access.c +++ b/src/providers/simple/simple_access.c @@ -141,13 +141,18 @@ static errno_t simple_access_parse_names(TALLOC_CTX *mem_ctx, } if (domain == NULL || strcasecmp(domain, be_ctx->domain->name) == 0) { - /* main domain, remember the name without domain part */ + /* This object belongs to main SSSD domain. Those users and groups + * are stored without domain part, so we will strip it off. + * */ out[i] = talloc_move(out, &name); } else { - DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown domain in %s. " - "Check you configuration.\n", list[i])); - ret = EINVAL; - goto done; + /* Subdomain users and groups are stored as fully qualified names, + * thus we will remember the domain part. + * + * Since subdomains may come and go, we will look for their + * existence later, during each access check. + */ + out[i] = talloc_move(out, &list[i]); } } -- cgit