From b56b06e199f15a8a840b36bc7cb8010e39ae761d Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 12 Jun 2013 15:47:26 +0200 Subject: Replace SDAP_ID_MAPPING checks with sdap_idmap_domain_has_algorithmic_mapping Currently the decision if external or algorithmic mapping should be used in the LDAP or AD provider was based on the value of the ldap_id_mapping config option. Since now all information about ID mapping is handled by libsss_idmap the check for this options can be replace with a call which checks the state via libss_idmap. https://fedorahosted.org/sssd/ticket/1961 --- src/providers/ldap/sdap_async_initgroups.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'src/providers/ldap/sdap_async_initgroups.c') diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 7678c7b3..4c379fdf 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -49,7 +49,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, bool posix; time_t now; char *sid_str; - bool use_id_mapping = dp_opt_get_bool(opts->basic, SDAP_ID_MAPPING); + bool use_id_mapping; /* There are no groups in LDAP but we should add user to groups ?? */ if (ldap_groups_count == 0) return EOK; @@ -89,6 +89,9 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, goto done; } + use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx, + domain->domain_id); + ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -2522,6 +2525,8 @@ struct sdap_get_initgr_state { size_t user_base_iter; struct sdap_search_base **user_search_bases; + + bool use_id_mapping; }; static errno_t sdap_get_initgr_next_base(struct tevent_req *req); @@ -2590,6 +2595,10 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, return NULL; } + state->use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping( + state->opts->idmap_ctx, + state->dom->domain_id); + ret = sdap_get_initgr_next_base(req); done: @@ -2649,8 +2658,6 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) const char *orig_dn; const char *cname; bool in_transaction = false; - bool use_id_mapping = - dp_opt_get_bool(state->opts->basic, SDAP_ID_MAPPING); DEBUG(9, ("Receiving info for the user\n")); @@ -2753,7 +2760,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) return; } - if (use_id_mapping + if (state->use_id_mapping && state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) { /* Take advantage of AD's tokenGroups mechanism to look up all * parent groups in a single request. @@ -2835,7 +2842,6 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) char *dom_sid_str; char *group_sid_str; struct sdap_options *opts = state->opts; - bool use_id_mapping = dp_opt_get_bool(opts->basic, SDAP_ID_MAPPING); DEBUG(9, ("Initgroups done\n")); @@ -2852,7 +2858,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) case SDAP_SCHEMA_RFC2307BIS: case SDAP_SCHEMA_AD: - if (use_id_mapping + if (state->use_id_mapping && state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) { ret = sdap_get_ad_tokengroups_initgroups_recv(subreq); } @@ -2886,7 +2892,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) * the user may not be an explicit member of that group */ - if (use_id_mapping) { + if (state->use_id_mapping) { DEBUG(SSSDBG_TRACE_LIBS, ("Mapping primary group to unix ID\n")); -- cgit