diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2011-08-04 16:55:36 +0200 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-08-04 14:48:32 -0400 |
| commit | 86d77907310fa939fe89884fbbdf2142c06a420e (patch) | |
| tree | ed88d61576af4194ab24bdf735fe6b9fb564f3f8 | |
| parent | 8b6801a0b180ef87118e8f071eb2eeea4607baf1 (diff) | |
| download | sssd-86d77907310fa939fe89884fbbdf2142c06a420e.tar.gz sssd-86d77907310fa939fe89884fbbdf2142c06a420e.tar.xz sssd-86d77907310fa939fe89884fbbdf2142c06a420e.zip | |
Fix returning groups when gidNumber attribute is not ordered
https://fedorahosted.org/sssd/ticket/951
| -rw-r--r-- | src/providers/ldap/ldap_id.c | 4 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_id_enum.c | 6 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_accounts.c | 4 |
3 files changed, 10 insertions, 4 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 85d4aa0e5..be347e178 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -346,10 +346,12 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, goto fail; } - base_filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(%s>=1))", + base_filter = talloc_asprintf(state, + "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))", attr_name, clean_name, ctx->opts->group_map[SDAP_OC_GROUP].name, ctx->opts->group_map[SDAP_AT_GROUP_NAME].name, + ctx->opts->group_map[SDAP_AT_GROUP_GID].name, ctx->opts->group_map[SDAP_AT_GROUP_GID].name); talloc_zfree(clean_name); if (!base_filter) { diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c index 68d113bf9..40f3a2b67 100644 --- a/src/providers/ldap/ldap_id_enum.c +++ b/src/providers/ldap/ldap_id_enum.c @@ -573,10 +573,11 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx, if (ctx->srv_opts && ctx->srv_opts->max_group_value && !purge) { base_filter = talloc_asprintf( state, - "(&(objectclass=%s)(%s=*)(%s=*)(%s>=%s)(!(%s=%s)))", + "(&(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0)))(%s>=%s)(!(%s=%s)))", ctx->opts->group_map[SDAP_OC_GROUP].name, ctx->opts->group_map[SDAP_AT_GROUP_NAME].name, ctx->opts->group_map[SDAP_AT_GROUP_GID].name, + ctx->opts->group_map[SDAP_AT_GROUP_GID].name, ctx->opts->group_map[SDAP_AT_GROUP_USN].name, ctx->srv_opts->max_group_value, ctx->opts->group_map[SDAP_AT_GROUP_USN].name, @@ -584,9 +585,10 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx, } else { base_filter = talloc_asprintf( state, - "(&(objectclass=%s)(%s=*)(%s=*))", + "(&(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))", ctx->opts->group_map[SDAP_OC_GROUP].name, ctx->opts->group_map[SDAP_AT_GROUP_NAME].name, + ctx->opts->group_map[SDAP_AT_GROUP_GID].name, ctx->opts->group_map[SDAP_AT_GROUP_GID].name); } if (!base_filter) { diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c index 40e121504..09501329b 100644 --- a/src/providers/ldap/sdap_async_accounts.c +++ b/src/providers/ldap/sdap_async_accounts.c @@ -2357,11 +2357,13 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, return NULL; } - filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(%s>=1))", + filter = talloc_asprintf(state, + "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))", opts->group_map[SDAP_AT_GROUP_MEMBER].name, clean_name, opts->group_map[SDAP_OC_GROUP].name, opts->group_map[SDAP_AT_GROUP_NAME].name, + opts->group_map[SDAP_AT_GROUP_GID].name, opts->group_map[SDAP_AT_GROUP_GID].name); if (!filter) { talloc_zfree(req); |