diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2015-07-16 17:07:31 +0300 |
|---|---|---|
| committer | Alexander Bokovoy <abokovoy@redhat.com> | 2015-07-28 15:37:24 +0300 |
| commit | 9666cede23d150326b65c7fb6c7f760fe515b7e4 (patch) | |
| tree | 79b39e2d1bbed7be7db72f46c3397268da5db8d2 | |
| parent | 6573f91c95f7a353ad3bdf2fe95b0c15932aa097 (diff) | |
| download | slapi-nis-9666cede23d150326b65c7fb6c7f760fe515b7e4.tar.gz slapi-nis-9666cede23d150326b65c7fb6c7f760fe515b7e4.tar.xz slapi-nis-9666cede23d150326b65c7fb6c7f760fe515b7e4.zip | |
slapi-nis: don't search in SSSD when memberUid has no '@' separator
In the case there are no groups in cn=groups map that have certain
memberUid as a member, we look at possibility that this user might
be coming from a trusted AD forest. However, all users from trusted
AD forests do have '@' separator in the name between the user name
and the domain.
In case there is no '@' separator, consider such search as not valid
for lookups in SSSD.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1243823
| -rw-r--r-- | src/back-sch-nss.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/back-sch-nss.c b/src/back-sch-nss.c index f8177d7..16d4164 100644 --- a/src/back-sch-nss.c +++ b/src/back-sch-nss.c @@ -140,9 +140,12 @@ backend_search_filter_has_cn_uid(Slapi_Filter *filter, void *arg) } slapi_ch_free_string(&memberUid); } + config->name_set = TRUE; + config->search_members = TRUE; + } else { + /* there is no '@' in the memberUid name, it is not a trusted AD forest's user */ + config->wrong_search = TRUE; } - config->name_set = TRUE; - config->search_members = TRUE; } else if ((0 == strcasecmp(filter_type, "objectClass")) && (0 == bvstrcasecmp(bval, "posixGroup"))) { config->search_group = TRUE; |