diff options
author | Pavel Reichl <preichl@redhat.com> | 2014-08-22 13:56:32 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-09-04 12:54:59 +0200 |
commit | 6d61ba983def0c9ffbf964a84c7289323b849f18 (patch) | |
tree | 36b6f69709791c27e3911716b10187751f4d6946 /src/providers | |
parent | 89f0313c25b18ec8922e7aa145c5ed2297d276e7 (diff) | |
download | sssd-6d61ba983def0c9ffbf964a84c7289323b849f18.tar.gz sssd-6d61ba983def0c9ffbf964a84c7289323b849f18.tar.xz sssd-6d61ba983def0c9ffbf964a84c7289323b849f18.zip |
AD: process non-posix nested groups using tokenGroups
When initgr is performed for AD supporting tokenGroups, do not skip
non-posix groups.
Resolves:
https://fedorahosted.org/sssd/ticket/2343
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups_ad.c | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index 9b07507bf..574579d9e 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -1152,8 +1152,7 @@ sdap_ad_tokengroups_get_posix_members(TALLOC_CTX *mem_ctx, TALLOC_CTX *tmp_ctx = NULL; struct sss_domain_info *domain = NULL; struct ldb_message *msg = NULL; - const char *attrs[] = {SYSDB_NAME, SYSDB_POSIX, NULL}; - const char *is_posix = NULL; + const char *attrs[] = {SYSDB_NAME, NULL}; const char *name = NULL; char *sid = NULL; char **valid_groups = NULL; @@ -1200,12 +1199,6 @@ sdap_ad_tokengroups_get_posix_members(TALLOC_CTX *mem_ctx, ret = sysdb_search_group_by_sid_str(tmp_ctx, domain->sysdb, domain, sid, attrs, &msg); if (ret == EOK) { - is_posix = ldb_msg_find_attr_as_string(msg, SYSDB_POSIX, NULL); - if (is_posix != NULL && strcmp(is_posix, "FALSE") == 0) { - /* skip non-posix group */ - continue; - } - /* we will update membership of this group */ name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); if (name == NULL) { |