sssd.git - sssd with jhrozek's patches

diff options

author	Sumit Bose <sbose@redhat.com>	2015-01-22 21:20:25 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-01-26 23:41:13 +0100
commit	63748c69a2c6785d949c82f94749704e0408e5a7 (patch)
tree	68b843753dba9485c9edf0a613d6f3555e71806c /src/monitor
parent	e438fbf102c3d787902504bdae177e84230cbbc9 (diff)
download	sssd-63748c69a2c6785d949c82f94749704e0408e5a7.tar.gz sssd-63748c69a2c6785d949c82f94749704e0408e5a7.tar.xz sssd-63748c69a2c6785d949c82f94749704e0408e5a7.zip

IPA: resolve IPA group-memberships for AD users

So far only for initgroups requests the IPA group memberships where resolved for AD users and due to 6fac5e5f0c54a0f92872ce1450606cfcb577a920 those memberships are not overridden by other request. But it turned out that the originalMemberOf attributes related to the IPA group memberships can be overridden by user lookups. Since the originalMemberOf attribute is important in the HBAC evaluation this patch makes sure that the originalMemberOf attribute is not removed but updated during user lookups. Related to https://fedorahosted.org/sssd/ticket/2560 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Diffstat (limited to 'src/monitor')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: