sdap: properly handle binary objectGuid attribute

Although in the initial processing SSSD treats the binary value right at
some point it mainly assumes that it is a string. Depending on the value
this might end up with the correct binary value stored in the cache but
in most cases there will be only a broken entry in the cache.

This patch converts the binary value into a string representation which
is described in [MS-DTYP] and stores the result in the cache.

Resolves https://fedorahosted.org/sssd/ticket/2588

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 4619742836ec22edf8f9d274d928bc896c5b0883)

1 files changed, 6 insertions, 1 deletions

diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 2fd235f28..96617aecc 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -196,8 +196,13 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
                     original_dn = NULL;
                 }
 
+                ret = sysdb_handle_original_uuid(
+                                   opts->group_map[SDAP_AT_GROUP_UUID].def_name,
+                                   ldap_groups[ai],
+                                   opts->group_map[SDAP_AT_GROUP_UUID].sys_name,
+                                   ldap_groups[ai], "uniqueIDstr");
                 ret = sysdb_attrs_get_string(ldap_groups[ai],
-                                             SYSDB_UUID,
+                                             "uniqueIDstr",
                                              &uuid);
                 if (ret) {
                     DEBUG(SSSDBG_FUNC_DATA,