diff options
| author | Sumit Bose <sbose@redhat.com> | 2015-04-29 16:46:14 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-05-06 11:05:44 +0200 |
| commit | 874ce9f485bf217cf120278de88c32bd8b450c33 (patch) | |
| tree | 121d590baf07a41cba907e09f1ec1a132b926b8d /src/providers/ldap/sdap_async_initgroups.c | |
| parent | 7a2980496f615e2dc82f991842d9ce83c34efa30 (diff) | |
| download | sssd-874ce9f485bf217cf120278de88c32bd8b450c33.tar.gz sssd-874ce9f485bf217cf120278de88c32bd8b450c33.tar.xz sssd-874ce9f485bf217cf120278de88c32bd8b450c33.zip | |
IPA: allow initgroups by UUID for FreeIPA users
If a FreeIPA user is searched with the help of an override name the UUID
from the override anchor is used to search the user. Currently the
initgroups request only allows searches by SID or name. With this patch
a UUID can be used as well.
Related to https://fedorahosted.org/sssd/ticket/2642
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 0f9c28eb52d2b45c8a97f709308dc11377831b8c)
(cherry picked from commit 3b00bcd8b6d53d33207005c4e7a631b6a241d300)
Diffstat (limited to 'src/providers/ldap/sdap_async_initgroups.c')
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 5c5be5eab..4f775d76b 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2667,6 +2667,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, const char *name, + int name_type, const char *extra_value, const char **grp_attrs) { @@ -2716,10 +2717,17 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) { search_attr = state->opts->user_map[SDAP_AT_USER_PRINC].name; - } else if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_SID) == 0) { - search_attr = state->opts->user_map[SDAP_AT_USER_OBJECTSID].name; } else { - search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name; + switch (name_type) { + case BE_FILTER_SECID: + search_attr = state->opts->user_map[SDAP_AT_USER_OBJECTSID].name; + break; + case BE_FILTER_UUID: + search_attr = state->opts->user_map[SDAP_AT_USER_UUID].name; + break; + default: + search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name; + } } state->user_base_filter = |