From fd04fbbf93d33db729404cdc4408f59226025ea6 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 7 Aug 2013 12:12:48 +0200 Subject: save_rfc2307bis_user_memberships: use fq names for subdomains For subdomains the group names must be expanded to fully qualified names to be able to find existing groups or properly add new ones. --- src/providers/ldap/sdap_async_initgroups.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 513de274..9a46dc9b 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -1984,6 +1984,8 @@ errno_t save_rfc2307bis_user_memberships( char **add_groups; char **del_groups; bool in_transaction = false; + size_t c; + char *tmp_str; TALLOC_CTX *tmp_ctx = talloc_new(NULL); if(!tmp_ctx) { @@ -2019,6 +2021,20 @@ errno_t save_rfc2307bis_user_memberships( if (ret != EOK) { goto error; } + + if (IS_SUBDOMAIN(state->dom)) { + for (c = 0; ldap_grouplist[c] != NULL; c++) { + tmp_str = sss_tc_fqname(ldap_grouplist, state->dom->names, + state->dom, ldap_grouplist[c]); + if (tmp_str == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("sss_tc_fqname failed.\n")); + ret = ENOMEM; + goto error; + } + talloc_free(ldap_grouplist[c]); + ldap_grouplist[c] = tmp_str; + } + } } /* Find the differences between the sysdb and ldap lists -- cgit