diff options
author | Michal Zidek <mzidek@redhat.com> | 2014-09-10 12:56:54 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-09-15 10:19:03 +0200 |
commit | 9e99c000a4e2647328e71b4db272b4b73a7189c5 (patch) | |
tree | ed051990771205e7d596a4fcc8143252a0a00012 /src/providers/ldap/sdap_async_initgroups_ad.c | |
parent | cfa74fcb5f6ba23f41a9ddaa76c3ebae6156da86 (diff) | |
download | sssd-9e99c000a4e2647328e71b4db272b4b73a7189c5.tar.gz sssd-9e99c000a4e2647328e71b4db272b4b73a7189c5.tar.xz sssd-9e99c000a4e2647328e71b4db272b4b73a7189c5.zip |
Use the alternative objectclass in group maps.
Use the alternative group objectclass in queries.
Fixes:
https://fedorahosted.org/sssd/ticket/2436
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 7ba70236daccb48432350147d0560b3302518cee)
Diffstat (limited to 'src/providers/ldap/sdap_async_initgroups_ad.c')
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups_ad.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index 574579d9e..15855b4e3 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -70,6 +70,7 @@ sdap_get_ad_match_rule_initgroups_send(TALLOC_CTX *mem_ctx, struct sdap_ad_match_rule_initgr_state *state; const char **filter_members; char *sanitized_user_dn; + char *oc_list; req = tevent_req_create(mem_ctx, &state, struct sdap_ad_match_rule_initgr_state); @@ -122,13 +123,19 @@ sdap_get_ad_match_rule_initgroups_send(TALLOC_CTX *mem_ctx, /* Craft a special filter according to * http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475%28v=vs.85%29.aspx */ + oc_list = sdap_make_oc_list(state, state->opts->group_map); + if (oc_list == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create objectClass list.\n"); + ret = ENOMEM; + goto immediate; + } + state->base_filter = talloc_asprintf(state, - "(&(%s:%s:=%s)(objectClass=%s))", + "(&(%s:%s:=%s)(%s))", state->opts->group_map[SDAP_AT_GROUP_MEMBER].name, SDAP_MATCHING_RULE_IN_CHAIN, - sanitized_user_dn, - state->opts->group_map[SDAP_OC_GROUP].name); + sanitized_user_dn, oc_list); talloc_zfree(sanitized_user_dn); if (!state->base_filter) { ret = ENOMEM; |