diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2014-08-25 10:18:51 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-26 17:22:39 +0200 |
commit | 99f53d551a1db5d8023b4271eb691d554257624c (patch) | |
tree | 5eb05df62c5b915e10d3ed6ee4b850ecbdb62529 /src/providers/dp_refresh.c | |
parent | 174e9ec6f88d709b6e9481ed06a322c0fc495842 (diff) | |
download | sssd-99f53d551a1db5d8023b4271eb691d554257624c.tar.gz sssd-99f53d551a1db5d8023b4271eb691d554257624c.tar.xz sssd-99f53d551a1db5d8023b4271eb691d554257624c.zip |
SDAP: Update groups for user just once.
The function sdap_ad_tokengroups_update_members finds the differences between
list of groups from sysdb and list of groups from LDAP (input argument).
For each new group, connections are created between user and group. The other
connections are removed.
The problem was that in some cases function sdap_ad_tokengroups_update_members
was called twice (sdap_ad_tokengroups_initgr_posix_tg_done and
sdap_ad_tokengroups_initgr_posix_sids_done).
The first call created connection between user and groups resolved from
tokengroups and the second call update groups from missing SIDs, but previously
created connections were removed. The worst case was when there weren't any
missing groups. This behaviour caused missing groups in some cases (for users
in child ad domain)
This patch join array of groups obtained from token group and array of groups
obtained from missing SIDs. The function sdap_ad_tokengroups_update_members
is called just once with single array.
Resolves:
https://fedorahosted.org/sssd/ticket/2407
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers/dp_refresh.c')
0 files changed, 0 insertions, 0 deletions