idmap: allow ranges with external mapping to overlap

If POSIX IDs are managed externally e.g. by AD it might be possible that
the IDs are centrally manages for the whole forest. Hence there might
not be a single ID range for each member domain in the forest but only a
single ID range for the whole forest. This means that we have to allow
collisions if ID ranges in this case.

Unit tests are added to make sure that the collisions are only allowed
for external mappings.

1 files changed, 7 insertions, 5 deletions

diff --git a/src/lib/idmap/sss_idmap.c b/src/lib/idmap/sss_idmap.c
index 89c55fc95..17bd5779e 100644
--- a/src/lib/idmap/sss_idmap.c
+++ b/src/lib/idmap/sss_idmap.c
@@ -357,11 +357,13 @@ static enum idmap_error_code dom_check_collision(
         /* TODO: if both ranges have the same ID check if an update is
          * needed. */
 
-        /* check if ID ranges overlap */
-        if ((new_dom->range->min >= dom->range->min
-                && new_dom->range->min <= dom->range->max)
-            || (new_dom->range->max >= dom->range->min
-                && new_dom->range->max <= dom->range->max)) {
+        /* Check if ID ranges overlap.
+         * ID ranges with external mapping may overlap. */
+        if ((!new_dom->external_mapping && !dom->external_mapping)
+            && ((new_dom->range->min >= dom->range->min
+                    && new_dom->range->min <= dom->range->max)
+                || (new_dom->range->max >= dom->range->min
+                    && new_dom->range->max <= dom->range->max))) {
             return IDMAP_COLLISION;
         }