diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-26 11:23:20 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-26 16:06:57 +0200 |
commit | 5e195ddf368b705f674ece2faf64261f66e20c23 (patch) | |
tree | e28fe963f7ad87c0805793149e8c8db67ad3e6eb /src/sbus | |
parent | bb755dcacd126adad8c60e8cbea11566de67affe (diff) | |
download | sssd-5e195ddf368b705f674ece2faf64261f66e20c23.tar.gz sssd-5e195ddf368b705f674ece2faf64261f66e20c23.tar.xz sssd-5e195ddf368b705f674ece2faf64261f66e20c23.zip |
LDAP: Don't add a user member twice when adding a primary group
https://fedorahosted.org/sssd/ticket/2406
In the AD case, deployments sometimes add groups as parents of the
primary GID group. These groups are then returned during initgroups
in the tokenGroups attribute and member/memberof links are established
between the user and the group. However, any update of these groups
would remove the links, so a sequence of calls: id -G user; id user; id
-G user would return different group memberships.
Our code errored out in the rare case when the user was *also* an LDAP
member of his primary group.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Diffstat (limited to 'src/sbus')
0 files changed, 0 insertions, 0 deletions