diff options
| author | Pavel Reichl <pavel.reichl@redhat.com> | 2013-11-14 21:34:51 +0000 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-11-29 15:48:00 +0100 |
| commit | 2743db79b1d1f72ba7aaafde02e3f0b888e6dacd (patch) | |
| tree | 8f3a17bffc06b966119bd4dfb2ae1237c7fa53dd /src/providers/ldap | |
| parent | 83011d97d17bd00e99ccf1e0302167a6bc0db84e (diff) | |
| download | sssd-2743db79b1d1f72ba7aaafde02e3f0b888e6dacd.tar.gz sssd-2743db79b1d1f72ba7aaafde02e3f0b888e6dacd.tar.xz sssd-2743db79b1d1f72ba7aaafde02e3f0b888e6dacd.zip | |
SSSD: Improved domain detection
A bit more elegant way of detection of what domain the group member belongs to
Resolves:
https://fedorahosted.org/sssd/ticket/2132
Diffstat (limited to 'src/providers/ldap')
| -rw-r--r-- | src/providers/ldap/ldap_common.c | 39 |
1 files changed, 28 insertions, 11 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index e29a52197..482271b8c 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -68,23 +68,40 @@ sdap_domain_get_by_dn(struct sdap_options *opts, const char *dn) { struct sdap_domain *sditer = NULL; - char *dc = NULL; + struct sdap_domain *sdmatch = NULL; + TALLOC_CTX *tmp_ctx = NULL; + int match_len; + int best_match_len = 0; - dc = strstr(dn, "dc="); - if (dc == NULL) { - dc = strstr(dn, "DC="); - if (dc == NULL) { - return NULL; - } + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return NULL; } DLIST_FOR_EACH(sditer, opts->sdom) { - if (strcasecmp(sditer->basedn, dc) == 0) { - return sditer; + if (sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, sditer->search_bases, + NULL, &match_len) + || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, + sditer->user_search_bases, NULL, &match_len) + || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, + sditer->group_search_bases, NULL, &match_len) + || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, + sditer->netgroup_search_bases, NULL, &match_len) + || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, + sditer->sudo_search_bases, NULL, &match_len) + || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, + sditer->service_search_bases, NULL, &match_len) + || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, + sditer->autofs_search_bases, NULL, &match_len)) { + if (best_match_len < match_len) { + /*this is a longer match*/ + best_match_len = match_len; + sdmatch = sditer; + } } } - - return NULL; + talloc_free(tmp_ctx); + return sdmatch; } errno_t |