diff options
| author | Lukas Slebodnik <lslebodn@redhat.com> | 2015-04-28 20:26:47 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-05-05 15:47:20 +0200 |
| commit | 21687d1d553579e81aa43bfa20f2e70fb39e8461 (patch) | |
| tree | 60224876dbd62a0ab180a11457505d9ec4e68211 | |
| parent | 582f6b1d15d216a39a66b70f0b3ecdf5b0f47673 (diff) | |
| download | sssd-21687d1d553579e81aa43bfa20f2e70fb39e8461.tar.gz sssd-21687d1d553579e81aa43bfa20f2e70fb39e8461.tar.xz sssd-21687d1d553579e81aa43bfa20f2e70fb39e8461.zip | |
SDAP: Fix id mapping with disabled subdomains
If subdomains are disabled "subdomain_provider = none"
then auto-discovery discovery of domain SID is disabled.
It is possible to configure options ldap_idmap_default_domain{,_sid}
and id mapping should work.
However value of option ldap_idmap_default_domain_sid was not assigned to
sss_domain_info for main domain. It was only used for initialisation of
sdap_idmap_ctx. As a result of this bug posix attributes were used in
ldap filter and id mapping worked just for users with posix attributes.
[be_get_account_info] (0x0100): Got request for [0x1001][1][name=user]
[be_req_set_domain] (0x0400):
Changing request domain from [EXAMPLE.TEST] to [EXAMPLE.TEST]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080):
Could not parse domain SID from [(null)]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080):
Could not parse domain SID from [(null)]
[sdap_search_user_next_base] (0x0400):
Searching for users with base [DC=EXAMPLE,DC=TEST]
[sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(sAMAccountName=hdpadmin)(objectclass=user)
(sAMAccountName=*)(&(uidNumber=*)(!(uidNumber=0))))]
[DC=EXAMPLE,DC=TEST].
[sdap_search_user_process] (0x0400): Search for users, returned 0 results.
[sdap_get_users_done] (0x0040): Failed to retrieve users
Resolves:
https://fedorahosted.org/sssd/ticket/2635
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
| -rw-r--r-- | src/providers/ldap/sdap_idmap.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_idmap.c b/src/providers/ldap/sdap_idmap.c index 0a82e61f7..dd959b2c1 100644 --- a/src/providers/ldap/sdap_idmap.c +++ b/src/providers/ldap/sdap_idmap.c @@ -288,6 +288,13 @@ sdap_idmap_init(TALLOC_CTX *mem_ctx, sid_str = dp_opt_get_string(idmap_ctx->id_ctx->opts->basic, SDAP_IDMAP_DEFAULT_DOMAIN_SID); if (sid_str) { + struct sss_domain_info *domain = idmap_ctx->id_ctx->be->domain; + domain->domain_id = talloc_strdup(domain, sid_str); + if (domain->domain_id == NULL) { + ret = ENOMEM; + goto done; + } + /* Set the default domain as slice 0 */ ret = sdap_idmap_add_domain(idmap_ctx, dom_name, sid_str, 0); |