AD: talk to GC first even for local domain objects

Related: https://fedorahosted.org/sssd/ticket/2070

Since we are recommending to configure the POSIX attributes so that they
are replicated to the Global Catalog, we can start connecting to the GC
by default even for local users. If the object is not matches in the GC,
there is a possibility to fall back to LDAP.

1 files changed, 7 insertions, 1 deletions

diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index f6d2eb810..d8e9b26c3 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -25,6 +25,7 @@
 #include "providers/ldap/sdap_async.h"
 #include "providers/ad/ad_subdomains.h"
 #include "providers/ad/ad_domain_info.h"
+#include "providers/ldap/sdap_idmap.h"
 #include "util/util_sss_idmap.h"
 #include <ctype.h>
 #include <ndr.h>
@@ -108,6 +109,7 @@ ad_subdom_store(struct ad_subdomains_ctx *ctx,
     struct ldb_message_element *el;
     char *sid_str;
     uint32_t trust_type;
+    bool mpg;
 
     tmp_ctx = talloc_new(NULL);
     if (tmp_ctx == NULL) {
@@ -158,9 +160,13 @@ ad_subdom_store(struct ad_subdomains_ctx *ctx,
         goto done;
     }
 
+    mpg = sdap_idmap_domain_has_algorithmic_mapping(
+                                             ctx->sdap_id_ctx->opts->idmap_ctx,
+                                             domain->domain_id);
+
     /* AD subdomains are currently all mpg and do not enumerate */
     ret = sysdb_subdomain_store(domain->sysdb, name, realm, flat, sid_str,
-                                true, false, NULL);
+                                mpg, false, NULL);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, ("sysdb_subdomain_store failed.\n"));
         goto done;