diff options
author | Pavel Reichl <preichl@redhat.com> | 2014-08-21 19:03:08 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-09-04 12:54:49 +0200 |
commit | 89f0313c25b18ec8922e7aa145c5ed2297d276e7 (patch) | |
tree | 569343516fc232d4331ece0c47d7576ab323244d | |
parent | 6f96c60b9da622d7acb6702e522864e923936866 (diff) | |
download | sssd-89f0313c25b18ec8922e7aa145c5ed2297d276e7.tar.gz sssd-89f0313c25b18ec8922e7aa145c5ed2297d276e7.tar.xz sssd-89f0313c25b18ec8922e7aa145c5ed2297d276e7.zip |
AD: process non-posix nested groups w/o tokenGroups
When initgr is performed for AD not supporting tokenGroups, do not
filter out groups without gid attribute or with gid equal to zero.
Resolves:
https://fedorahosted.org/sssd/ticket/2343
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index d3d09cdb2..7db280435 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -1587,11 +1587,7 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send( "(%s=*))", opts->group_map[SDAP_AT_GROUP_OBJECTSID].name); } else { - /* When not ID-mapping, make sure there is a non-NULL UID */ - state->base_filter = talloc_asprintf_append(state->base_filter, - "(&(%s=*)(!(%s=0))))", - opts->group_map[SDAP_AT_GROUP_GID].name, - opts->group_map[SDAP_AT_GROUP_GID].name); + state->base_filter = talloc_asprintf_append(state->base_filter, ")"); } if (!state->base_filter) { talloc_zfree(req); |