LDAP: tokengroups do not work with id_provider=ldap

With plain LDAP provider we already have a sdap_handle, so it should be possible
that in the case where sdom->pvt == NULL sdap_id_op_connect_send() can be
skipped and sdap_get_ad_tokengroups_send() can be already send with the
sdap_handle passed to sdap_ad_tokengroups_initgr_mapping_send(). So we should
only fail if sdom->pvt == NULL and sh == NULL.

if find_subdomain_by_sid() failed we can check if there is only one domain in
the domain list (state->domain) and in this case continue with this domain since
the LDAP provider does not know about sub-domains and hence can only have one
configured domain.

Resolves:
https://fedorahosted.org/sssd/ticket/2345

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit b12e2500237f33c44807d7e5b377ec06007c7252)

1 files changed, 3 insertions, 2 deletions

diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index 2f568c472..6f3c8b8eb 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -515,7 +515,8 @@ static int sdap_save_group(TALLOC_CTX *memctx,
     /* If this object has a SID available, we will determine the correct
      * domain by its SID. */
     if (sid_str != NULL) {
-        subdomain = find_subdomain_by_sid(get_domains_head(dom), sid_str);
+        subdomain = sss_get_domain_by_sid_ldap_fallback(get_domains_head(dom),
+                                                        sid_str);
         if (subdomain) {
             dom = subdomain;
         } else {
@@ -539,7 +540,7 @@ static int sdap_save_group(TALLOC_CTX *memctx,
             goto done;
         }
 
-        DEBUG(SSSDBG_TRACE_ALL, "AD group [%s] has type flags %#x.",
+        DEBUG(SSSDBG_TRACE_ALL, "AD group [%s] has type flags %#x.\n",
                                  group_name, ad_group_type);
         /* Only security groups from AD are considered for POSIX groups.
          * Additionally only global and universal group are taken to account