diff options
| author | Michal Zidek <mzidek@redhat.com> | 2014-09-10 12:56:54 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-09-15 10:13:00 +0200 |
| commit | 7ba70236daccb48432350147d0560b3302518cee (patch) | |
| tree | bc39a26bce57ae6361af1b99bd9d4128208df9ad /src/providers/ldap/ldap_id.c | |
| parent | 6f91c61426c8cfbfec52d5e77ae4650007694e69 (diff) | |
| download | sssd-7ba70236daccb48432350147d0560b3302518cee.tar.gz sssd-7ba70236daccb48432350147d0560b3302518cee.tar.xz sssd-7ba70236daccb48432350147d0560b3302518cee.zip | |
Use the alternative objectclass in group maps.
Use the alternative group objectclass in queries.
Fixes:
https://fedorahosted.org/sssd/ticket/2436
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers/ldap/ldap_id.c')
| -rw-r--r-- | src/providers/ldap/ldap_id.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index eb349f3cc..e8b3a0e1e 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -540,6 +540,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, enum idmap_error_code err; char *sid; const char *member_filter[2]; + char *oc_list; req = tevent_req_create(memctx, &state, struct groups_get_state); if (!req) return NULL; @@ -645,21 +646,26 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, goto done; } + oc_list = sdap_make_oc_list(state, ctx->opts->group_map); + if (oc_list == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create objectClass list.\n"); + ret = ENOMEM; + goto done; + } + if (state->use_id_mapping || filter_type == BE_FILTER_SECID) { /* When mapping IDs or looking for SIDs, we don't want to limit * ourselves to groups with a GID value */ state->filter = talloc_asprintf(state, - "(&(%s=%s)(objectclass=%s)(%s=*))", - attr_name, clean_name, - ctx->opts->group_map[SDAP_OC_GROUP].name, + "(&(%s=%s)(%s)(%s=*))", + attr_name, clean_name, oc_list, ctx->opts->group_map[SDAP_AT_GROUP_NAME].name); } else { state->filter = talloc_asprintf(state, - "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))", - attr_name, clean_name, - ctx->opts->group_map[SDAP_OC_GROUP].name, + "(&(%s=%s)(%s)(%s=*)(&(%s=*)(!(%s=0))))", + attr_name, clean_name, oc_list, ctx->opts->group_map[SDAP_AT_GROUP_NAME].name, ctx->opts->group_map[SDAP_AT_GROUP_GID].name, ctx->opts->group_map[SDAP_AT_GROUP_GID].name); |