diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2011-03-16 12:59:33 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-03-23 04:58:37 -0400 |
| commit | 7196eba0014cfd954ab86bf86ae5e151ed9d7600 (patch) | |
| tree | 2a80c8d59a484506f0d8a57a3f1476ea90f954d8 /src | |
| parent | 0c9ebc7363f47b153b1ca6087447d2fb492f9eb7 (diff) | |
| download | sssd-7196eba0014cfd954ab86bf86ae5e151ed9d7600.tar.gz sssd-7196eba0014cfd954ab86bf86ae5e151ed9d7600.tar.xz sssd-7196eba0014cfd954ab86bf86ae5e151ed9d7600.zip | |
RFC2307bis: Ignore aliases for groups
Groups in ldap with multiple values for their groupname attribute
will now be compared against the RDN of the entry to determine the
"primary" group name. We will save only this primary group name to
the ldb cache.
Diffstat (limited to 'src')
| -rw-r--r-- | src/providers/ldap/sdap_async_accounts.c | 40 |
1 files changed, 26 insertions, 14 deletions
diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c index afa286705..0784965ac 100644 --- a/src/providers/ldap/sdap_async_accounts.c +++ b/src/providers/ldap/sdap_async_accounts.c @@ -836,9 +836,9 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx, const char *name; int ret; - ret = sysdb_attrs_get_string(attrs, - opts->group_map[SDAP_AT_GROUP_NAME].sys_name, - &name); + ret = sysdb_attrs_primary_name(ctx, attrs, + opts->group_map[SDAP_AT_GROUP_NAME].name, + &name); if (ret != EOK) { goto fail; } @@ -2232,7 +2232,9 @@ static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx, state->grp_attrs = grp_attrs; state->op = NULL; - ret = sysdb_attrs_get_string(user, SYSDB_NAME, &state->username); + ret = sysdb_attrs_primary_name(sysdb, user, + opts->user_map[SDAP_AT_USER_NAME].name, + &state->username); if (ret != EOK) { DEBUG(1, ("User entry had no username\n")); talloc_free(req); @@ -2834,11 +2836,12 @@ static struct tevent_req *sdap_nested_group_process_send( */ key.type = HASH_KEY_STRING; - ret = sysdb_attrs_get_string( - group, - opts->group_map[SDAP_AT_GROUP_NAME].sys_name, - &groupname); - if (ret != EOK) goto immediate; + ret = sysdb_attrs_primary_name(sysdb, group, + opts->group_map[SDAP_AT_GROUP_NAME].name, + &groupname); + if (ret != EOK) { + goto immediate; + } key.str = talloc_strdup(state, groupname); if (!key.str) { @@ -3802,8 +3805,11 @@ static errno_t rfc2307bis_nested_groups_step(struct tevent_req *req) goto error; } - ret = sysdb_attrs_get_string(state->groups[state->group_iter], - SYSDB_NAME, &name); + ret = sysdb_attrs_primary_name( + state->sysdb, + state->groups[state->group_iter], + state->opts->group_map[SDAP_AT_GROUP_NAME].name, + &name); if (ret != EOK) { goto error; } @@ -3842,7 +3848,8 @@ static errno_t rfc2307bis_nested_groups_step(struct tevent_req *req) DEBUG(6, ("Saving incomplete group [%s] to the sysdb\n", groupnamelist[0])); - ret = sdap_add_incomplete_groups(state->sysdb, state->dom, groupnamelist, + ret = sdap_add_incomplete_groups(state->sysdb, state->opts, + state->dom, groupnamelist, grouplist, 1); if (ret != EOK) { goto error; @@ -4051,12 +4058,17 @@ static errno_t rfc2307bis_nested_groups_update_sysdb( } in_transaction = true; - ret = sysdb_attrs_get_string(state->groups[state->group_iter], - SYSDB_NAME, &name); + ret = sysdb_attrs_primary_name( + state->sysdb, + state->groups[state->group_iter], + state->opts->group_map[SDAP_AT_GROUP_NAME].name, + &name); if (ret != EOK) { goto error; } + DEBUG(6, ("Processing group [%s]\n", name)); + attrs = talloc_array(tmp_ctx, const char *, 2); if (!attrs) { ret = ENOMEM; |