Request all group attributes during initgroups processing

We tried to be too clever and only requested the name of the group,
but we require the objectClass to validate the results.

https://fedorahosted.org/sssd/ticket/622

2 files changed, 7 insertions, 5 deletions

diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index d52dcec5b..0c90773a5 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -619,6 +619,7 @@ static void groups_by_user_done(struct tevent_req *subreq)
         return;
     }
 
+    state->dp_error = DP_ERR_OK;
     tevent_req_done(req);
 }
 
diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c
index 8999ba015..4db4a4ccd 100644
--- a/src/providers/ldap/sdap_async_accounts.c
+++ b/src/providers/ldap/sdap_async_accounts.c
@@ -1042,7 +1042,8 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx,
     struct tevent_req *req, *subreq;
     struct sdap_initgr_rfc2307_state *state;
     const char *filter;
-    const char *attrs[2];
+    const char **attrs;
+    errno_t ret;
 
     req = tevent_req_create(memctx, &state, struct sdap_initgr_rfc2307_state);
     if (!req) return NULL;
@@ -1059,12 +1060,12 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx,
         return NULL;
     }
 
-    attrs[0] = talloc_strdup(state, opts->group_map[SDAP_AT_GROUP_NAME].name);
-    if (!attrs[0]) {
-        talloc_zfree(req);
+    ret = build_attrs_from_map(state, opts->group_map,
+                               SDAP_OPTS_GROUP, &attrs);
+    if (ret != EOK) {
+        talloc_free(req);
         return NULL;
     }
-    attrs[1] = NULL;
 
     filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))",
                              opts->group_map[SDAP_AT_GROUP_MEMBER].name,