diff options
| author | Pavel Reichl <preichl@redhat.com> | 2014-06-17 17:16:14 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-07-21 11:30:12 +0200 |
| commit | b12e2500237f33c44807d7e5b377ec06007c7252 (patch) | |
| tree | 8569539e1149889123202c594313d48ab611ef28 /src/util | |
| parent | 32381402a4a9afc003782c9e2301fc59c9bda2a9 (diff) | |
| download | sssd-b12e2500237f33c44807d7e5b377ec06007c7252.tar.gz sssd-b12e2500237f33c44807d7e5b377ec06007c7252.tar.xz sssd-b12e2500237f33c44807d7e5b377ec06007c7252.zip | |
LDAP: tokengroups do not work with id_provider=ldap
With plain LDAP provider we already have a sdap_handle, so it should be possible
that in the case where sdom->pvt == NULL sdap_id_op_connect_send() can be
skipped and sdap_get_ad_tokengroups_send() can be already send with the
sdap_handle passed to sdap_ad_tokengroups_initgr_mapping_send(). So we should
only fail if sdom->pvt == NULL and sh == NULL.
if find_subdomain_by_sid() failed we can check if there is only one domain in
the domain list (state->domain) and in this case continue with this domain since
the LDAP provider does not know about sub-domains and hence can only have one
configured domain.
Resolves:
https://fedorahosted.org/sssd/ticket/2345
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/util')
| -rw-r--r-- | src/util/domain_info_utils.c | 14 | ||||
| -rw-r--r-- | src/util/util.h | 5 |
2 files changed, 19 insertions, 0 deletions
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c index a0fb7b2ab..2a8768439 100644 --- a/src/util/domain_info_utils.c +++ b/src/util/domain_info_utils.c @@ -153,6 +153,20 @@ struct sss_domain_info *find_subdomain_by_sid(struct sss_domain_info *domain, return NULL; } +struct sss_domain_info* +sss_get_domain_by_sid_ldap_fallback(struct sss_domain_info *domain, + const char* sid) +{ + /* LDAP provider doesn't know about sub-domains and hence can only + * have one configured domain + */ + if (strcmp(domain->provider, "ldap") == 0) { + return domain; + } else { + return find_subdomain_by_sid(get_domains_head(domain), sid); + } +} + struct sss_domain_info * find_subdomain_by_object_name(struct sss_domain_info *domain, const char *object_name) diff --git a/src/util/util.h b/src/util/util.h index b605f230a..52135e6b0 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -516,6 +516,11 @@ struct sss_domain_info *find_subdomain_by_name(struct sss_domain_info *domain, bool match_any); struct sss_domain_info *find_subdomain_by_sid(struct sss_domain_info *domain, const char *sid); + +struct sss_domain_info* +sss_get_domain_by_sid_ldap_fallback(struct sss_domain_info *domain, + const char* sid); + struct sss_domain_info * find_subdomain_by_object_name(struct sss_domain_info *domain, const char *object_name); |