diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2012-04-22 15:14:22 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-05-03 14:09:14 -0400 |
commit | 2aae75b167f1d9d5cf65d5529c585cfb18c6207b (patch) | |
tree | d1b60cfa4055c3eb25043021afc49fc163993a90 /src/providers/ldap/ldap_id.c | |
parent | 28f9836c888ce351400f8d1fd42eac905ce99f1d (diff) | |
download | sssd-2aae75b167f1d9d5cf65d5529c585cfb18c6207b.tar.gz sssd-2aae75b167f1d9d5cf65d5529c585cfb18c6207b.tar.xz sssd-2aae75b167f1d9d5cf65d5529c585cfb18c6207b.zip |
LDAP: Allow looking up ID-mapped groups by name
Diffstat (limited to 'src/providers/ldap/ldap_id.c')
-rw-r--r-- | src/providers/ldap/ldap_id.c | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index a210a472d..98f99019b 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -335,6 +335,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, const char *attr_name; char *clean_name; int ret; + bool use_id_mapping = dp_opt_get_bool(ctx->opts->basic, SDAP_ID_MAPPING); req = tevent_req_create(memctx, &state, struct groups_get_state); if (!req) return NULL; @@ -367,18 +368,26 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, goto fail; } - ret = sss_filter_sanitize(state, name, &clean_name); - if (ret != EOK) { - goto fail; - } - state->filter = talloc_asprintf(state, - "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))", - attr_name, clean_name, - ctx->opts->group_map[SDAP_OC_GROUP].name, - ctx->opts->group_map[SDAP_AT_GROUP_NAME].name, - ctx->opts->group_map[SDAP_AT_GROUP_GID].name, - ctx->opts->group_map[SDAP_AT_GROUP_GID].name); + if (use_id_mapping) { + /* When mapping IDs, we don't want to limit ourselves + * to groups with a GID value + */ + + state->filter = talloc_asprintf(state, + "(&(%s=%s)(objectclass=%s)(%s=*))", + attr_name, clean_name, + ctx->opts->group_map[SDAP_OC_GROUP].name, + ctx->opts->group_map[SDAP_AT_GROUP_NAME].name); + } else { + state->filter = talloc_asprintf(state, + "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))", + attr_name, clean_name, + ctx->opts->group_map[SDAP_OC_GROUP].name, + ctx->opts->group_map[SDAP_AT_GROUP_NAME].name, + ctx->opts->group_map[SDAP_AT_GROUP_GID].name, + ctx->opts->group_map[SDAP_AT_GROUP_GID].name); + } talloc_zfree(clean_name); if (!state->filter) { DEBUG(2, ("Failed to build filter\n")); |