sssd.git - sssd with jhrozek's patches

diff options

author	Sumit Bose <sbose@redhat.com>	2013-12-10 10:14:28 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2013-12-19 20:14:18 +0100
commit	8d55e0fffd29184d44cb49eaab2ca3a4226e0123 (patch)
tree	5046f405274bf0dc3f5c026a3ac84f06a0288560 /src/providers/ldap/sdap_async_initgroups.c
parent	6385798f807d370fe6685653e337f65bf59f21bc (diff)
download	sssd-8d55e0fffd29184d44cb49eaab2ca3a4226e0123.tar.gz sssd-8d55e0fffd29184d44cb49eaab2ca3a4226e0123.tar.xz sssd-8d55e0fffd29184d44cb49eaab2ca3a4226e0123.zip

AD: filter domain local groups for trusted/sub domains

In Active Directory groups with a domain local scope should only be used inside of the specific domain. Since SSSD read the group memberships from LDAP server of the user's domain the domain local groups are included in the LDAP result. Those groups should be filtered out if the domain is a sub/trusted domain, i.e. is not the domain the client running SSSD is joined to. The groups will still be in the cache but marked as non-POSIX groups and no GID will be assigned. Fixes https://fedorahosted.org/sssd/ticket/2178

Diffstat (limited to 'src/providers/ldap/sdap_async_initgroups.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: