summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2015-08-18 18:31:57 +0200
committerJakub Hrozek <jhrozek@redhat.com>2015-08-18 18:31:57 +0200
commit3eea4ba04c6dea6cd61c38a31f981c4677b1726c (patch)
tree358eaa64b7cee777abbb1d6f00e7863076c17307
parentf76e117aa55dbd035f02a0ea462f60e5809200d8 (diff)
downloadsssd-aramco.zip
sssd-aramco.tar.gz
sssd-aramco.tar.xz
IPA: Save groups as non-expired with ignore_group_membersaramco
-rw-r--r--src/providers/ldap/sdap_async.h11
-rw-r--r--src/providers/ldap/sdap_async_groups.c2
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c26
3 files changed, 32 insertions, 7 deletions
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index 09bc0d6..4ead706 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -94,6 +94,17 @@ struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx,
int sdap_get_users_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx, char **timestamp);
+int sdap_save_groups(TALLOC_CTX *memctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *dom,
+ struct sdap_options *opts,
+ struct sysdb_attrs **groups,
+ int num_groups,
+ bool populate_members,
+ hash_table_t *ghosts,
+ bool save_orig_member,
+ char **_usn_value);
+
struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
struct sdap_domain *sdom,
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index 525c6fa..b25bdb4 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -971,7 +971,7 @@ fail:
/* ==Generic-Function-to-save-multiple-groups============================= */
-static int sdap_save_groups(TALLOC_CTX *memctx,
+int sdap_save_groups(TALLOC_CTX *memctx,
struct sysdb_ctx *sysdb,
struct sss_domain_info *dom,
struct sdap_options *opts,
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index ffb8f7e..1f06e01 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -647,12 +647,26 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb,
}
in_transaction = true;
- ret = sdap_add_incomplete_groups(sysdb, domain, opts, groupnamelist,
- groups, count);
- if (ret != EOK) {
- DEBUG(SSSDBG_TRACE_FUNC, "Could not add incomplete groups [%d]: %s\n",
- ret, strerror(ret));
- goto done;
+ if (domain->ignore_group_members == true && opts->schema_type == SDAP_SCHEMA_IPA_V1) {
+ /* If groupmembers are ignored, there's no point in saving the groups
+ * as incomplete, at least not for the IPA schema. We're able to dereference
+ * the objects, so let's be done with it
+ */
+ ret = sdap_save_groups(tmp_ctx, sysdb, domain, opts,
+ groups, count, false, NULL, true,
+ NULL);
+ if (ret != EOK) {
+ goto done;
+ }
+ } else {
+ ret = sdap_add_incomplete_groups(sysdb, domain, opts, groupnamelist,
+ groups, count);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Could not add incomplete groups [%d]: %s\n",
+ ret, strerror(ret));
+ goto done;
+ }
}
ret = sysdb_transaction_commit(sysdb);