diff options
| author | Sumit Bose <sbose@redhat.com> | 2015-12-21 15:51:09 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-01-12 10:03:47 +0100 |
| commit | 9a2f018c0f68a3ada4cea4128a861a7f85893f22 (patch) | |
| tree | 504802987478d333a2814685d962d3568e876a8d | |
| parent | a1c6869c67fcf4971ac843315b97bf46893ca92d (diff) | |
| download | sssd-9a2f018c0f68a3ada4cea4128a861a7f85893f22.tar.gz sssd-9a2f018c0f68a3ada4cea4128a861a7f85893f22.tar.xz sssd-9a2f018c0f68a3ada4cea4128a861a7f85893f22.zip | |
ldap: remove originalMeberOf if there is no memberOf
Since originalMemerberOf is not mapped directly to an original attribute
and is handled specially it is not automatically removed if there is no
memberOf in the original object anymore. This patch put
originalMemerberOf on the list of attribute which should be removed in
that case.
Resolves https://fedorahosted.org/sssd/ticket/2917
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
| -rw-r--r-- | src/providers/ipa/ipa_s2n_exop.c | 12 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_common.c | 8 |
2 files changed, 18 insertions, 2 deletions
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index d101a437d..1d233cd52 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -1764,6 +1764,8 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, struct sysdb_attrs *gid_override_attrs = NULL; char ** exop_grouplist; struct ldb_message *msg; + struct ldb_message_element *el = NULL; + const char *missing[] = {NULL, NULL}; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -1993,6 +1995,12 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, } } + ret = sysdb_attrs_get_el_ext(attrs->sysdb_attrs, + SYSDB_ORIG_MEMBEROF, false, &el); + if (ret == ENOENT) { + missing[0] = SYSDB_ORIG_MEMBEROF; + } + ret = sysdb_transaction_start(dom->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); @@ -2004,7 +2012,9 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, attrs->a.user.pw_uid, gid, attrs->a.user.pw_gecos, attrs->a.user.pw_dir, attrs->a.user.pw_shell, - NULL, attrs->sysdb_attrs, NULL, + NULL, attrs->sysdb_attrs, + missing[0] == NULL ? NULL + : discard_const(missing), dom->user_timeout, now); if (ret == EEXIST && dom->mpg == true) { /* This handles the case where getgrgid() was called for diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 35de9c0a7..27b62a635 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -780,7 +780,7 @@ errno_t list_missing_attrs(TALLOC_CTX *mem_ctx, /* Allocate the maximum possible values for missing_attrs, to * be on the safe side */ - missing = talloc_array(tmp_ctx, char *, attr_count); + missing = talloc_array(tmp_ctx, char *, attr_count + 2); if (!missing) { ret = ENOMEM; goto done; @@ -831,6 +831,12 @@ errno_t list_missing_attrs(TALLOC_CTX *mem_ctx, /* Attribute could not be found. Add to the missing list */ missing[k] = talloc_steal(missing, sysdb_name); k++; + + /* Remove originalMemberOf as well if MemberOf is missing */ + if (strcmp(sysdb_name, SYSDB_MEMBEROF) == 0) { + missing[k] = talloc_strdup(missing, SYSDB_ORIG_MEMBEROF); + k++; + } } } |