diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-05-29 16:01:23 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-07 00:14:13 +0200 |
commit | d27d7f2c270b69d0805633c4bedcf6d806acd5cd (patch) | |
tree | 1b62806ff69b94e1f753a3abd933858a307a08ec /src/providers | |
parent | a79c0a639c4ab26eacbc29f9f42bc95421e33f6e (diff) | |
download | sssd-d27d7f2c270b69d0805633c4bedcf6d806acd5cd.tar.gz sssd-d27d7f2c270b69d0805633c4bedcf6d806acd5cd.tar.xz sssd-d27d7f2c270b69d0805633c4bedcf6d806acd5cd.zip |
LDAP: Do not store separate GID for subdomain users
As the subdomains are MPG domains, we don't want to store a separate GID
for the subdomain users, but rather just create a UPG.
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ldap/sdap_async_users.c | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index e4d224cc8..a368965f6 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -267,13 +267,20 @@ int sdap_save_user(TALLOC_CTX *memctx, } if (use_id_mapping) { - ret = sdap_get_idmap_primary_gid(opts, attrs, sid_str, dom_sid_str, - &gid); - if (ret) { - DEBUG(SSSDBG_CRIT_FAILURE, - ("Cannot get the GID for [%s] in domain [%s].\n", - name, dom->name)); - goto done; + if (IS_SUBDOMAIN(dom) == false) { + ret = sdap_get_idmap_primary_gid(opts, attrs, sid_str, dom_sid_str, + &gid); + if (ret) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Cannot get the GID for [%s] in domain [%s].\n", + name, dom->name)); + goto done; + } + } else { + /* For subdomain users, only create the private group as + * the subdomain is an MPG domain + */ + gid = 0; } /* Store the GID in the ldap_attrs so it doesn't get @@ -294,9 +301,10 @@ int sdap_save_user(TALLOC_CTX *memctx, } /* check that the gid is valid for this domain */ - if (OUT_OF_ID_RANGE(gid, dom->id_min, dom->id_max)) { - DEBUG(2, ("User [%s] filtered out! (primary gid out of range)\n", - name)); + if (IS_SUBDOMAIN(dom) == false && + OUT_OF_ID_RANGE(gid, dom->id_min, dom->id_max)) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("User [%s] filtered out! (primary gid out of range)\n", name)); ret = EINVAL; goto done; } |