Delete missing attributes from netgroups to be stored

https://fedorahosted.org/sssd/ticket/1136

1 files changed, 26 insertions, 1 deletions

diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c
index 931a1f86a..a5f30623d 100644
--- a/src/providers/ldap/sdap_async_netgroups.c
+++ b/src/providers/ldap/sdap_async_netgroups.c
@@ -49,6 +49,8 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx,
     const char *name = NULL;
     int ret;
     char *timestamp = NULL;
+    const char **ldap_attrs = NULL;
+    char **missing = NULL;
 
     ret = sysdb_attrs_get_el(attrs,
                              opts->netgroup_map[SDAP_AT_NETGROUP_NAME].sys_name,
@@ -127,7 +129,30 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx,
         goto fail;
     }
 
-    ret = sysdb_add_netgroup(ctx, name, NULL, netgroup_attrs,
+    ret = build_attrs_from_map(attrs, opts->netgroup_map, SDAP_OPTS_NETGROUP,
+                               &ldap_attrs);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to retrieve attributes from map\n"));
+        goto fail;
+    }
+
+    /* Make sure that any attributes we requested from LDAP that we
+     * did not receive are also removed from the sysdb
+     */
+    ret = list_missing_attrs(attrs, opts->netgroup_map, SDAP_OPTS_NETGROUP,
+                             ldap_attrs, attrs, &missing);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to list missing attributes\n"));
+        goto fail;
+    }
+
+    /* Remove missing attributes */
+    if (missing && !missing[0]) {
+        /* Nothing to remove */
+        talloc_zfree(missing);
+    }
+
+    ret = sysdb_add_netgroup(ctx, name, NULL, netgroup_attrs, missing,
                              dom->netgroup_timeout, now);
     if (ret) goto fail;