diff options
author | Pavel Reichl <pavel.reichl@redhat.com> | 2013-11-14 21:34:51 +0000 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-12-02 04:57:56 +0100 |
commit | 3cf1217a277d1103a8956e33fc0a8464227e2dd2 (patch) | |
tree | 44460d53b44b469124d8817cce8617577ed952e8 /src/providers/ldap | |
parent | 44d60762a2ffe45b2dadf05634eefb2af2e3ce14 (diff) | |
download | sssd-3cf1217a277d1103a8956e33fc0a8464227e2dd2.tar.gz sssd-3cf1217a277d1103a8956e33fc0a8464227e2dd2.tar.xz sssd-3cf1217a277d1103a8956e33fc0a8464227e2dd2.zip |
SSSD: Improved domain detection
A bit more elegant way of detection of what domain the group member belongs to
Resolves:
https://fedorahosted.org/sssd/ticket/2132
Diffstat (limited to 'src/providers/ldap')
-rw-r--r-- | src/providers/ldap/ldap_common.c | 39 |
1 files changed, 28 insertions, 11 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index facf102ed..35ea81360 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -68,23 +68,40 @@ sdap_domain_get_by_dn(struct sdap_options *opts, const char *dn) { struct sdap_domain *sditer = NULL; - char *dc = NULL; + struct sdap_domain *sdmatch = NULL; + TALLOC_CTX *tmp_ctx = NULL; + int match_len; + int best_match_len = 0; - dc = strstr(dn, "dc="); - if (dc == NULL) { - dc = strstr(dn, "DC="); - if (dc == NULL) { - return NULL; - } + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return NULL; } DLIST_FOR_EACH(sditer, opts->sdom) { - if (strcasecmp(sditer->basedn, dc) == 0) { - return sditer; + if (sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, sditer->search_bases, + NULL, &match_len) + || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, + sditer->user_search_bases, NULL, &match_len) + || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, + sditer->group_search_bases, NULL, &match_len) + || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, + sditer->netgroup_search_bases, NULL, &match_len) + || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, + sditer->sudo_search_bases, NULL, &match_len) + || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, + sditer->service_search_bases, NULL, &match_len) + || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, + sditer->autofs_search_bases, NULL, &match_len)) { + if (best_match_len < match_len) { + /*this is a longer match*/ + best_match_len = match_len; + sdmatch = sditer; + } } } - - return NULL; + talloc_free(tmp_ctx); + return sdmatch; } errno_t |