summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPavel Reichl <preichl@redhat.com>2014-08-21 19:03:08 +0100
committerJakub Hrozek <jhrozek@redhat.com>2014-09-04 12:54:49 +0200
commit89f0313c25b18ec8922e7aa145c5ed2297d276e7 (patch)
tree569343516fc232d4331ece0c47d7576ab323244d
parent6f96c60b9da622d7acb6702e522864e923936866 (diff)
downloadsssd-89f0313c25b18ec8922e7aa145c5ed2297d276e7.tar.gz
sssd-89f0313c25b18ec8922e7aa145c5ed2297d276e7.tar.xz
sssd-89f0313c25b18ec8922e7aa145c5ed2297d276e7.zip
AD: process non-posix nested groups w/o tokenGroups
When initgr is performed for AD not supporting tokenGroups, do not filter out groups without gid attribute or with gid equal to zero. Resolves: https://fedorahosted.org/sssd/ticket/2343
Diffstat
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c6
1 files changed, 1 insertions, 5 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index d3d09cdb2..7db280435 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -1587,11 +1587,7 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send(
"(%s=*))",
opts->group_map[SDAP_AT_GROUP_OBJECTSID].name);
} else {
- /* When not ID-mapping, make sure there is a non-NULL UID */
- state->base_filter = talloc_asprintf_append(state->base_filter,
- "(&(%s=*)(!(%s=0))))",
- opts->group_map[SDAP_AT_GROUP_GID].name,
- opts->group_map[SDAP_AT_GROUP_GID].name);
+ state->base_filter = talloc_asprintf_append(state->base_filter, ")");
}
if (!state->base_filter) {
talloc_zfree(req);
generated by cgit (git 2.34.1) at 2024-04-25 01:39:36 +0000