diff options
Diffstat (limited to 'src/providers/ad/ad_id.c')
-rw-r--r-- | src/providers/ad/ad_id.c | 29 |
1 files changed, 8 insertions, 21 deletions
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c index 7a86afdb7..0280d755c 100644 --- a/src/providers/ad/ad_id.c +++ b/src/providers/ad/ad_id.c @@ -188,12 +188,6 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom, struct be_acct_req *ar) { struct sdap_id_conn_ctx **clist; - struct sdap_domain *sdom; - struct ad_id_ctx *subdom_id_ctx; - - /* LDAP, GC, sentinel */ - clist = talloc_zero_array(breq, struct sdap_id_conn_ctx *, 3); - if (clist == NULL) return NULL; switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_USER: /* user */ @@ -201,24 +195,17 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx, case BE_REQ_USER_AND_GROUP: /* get SID */ case BE_REQ_GROUP: /* group */ case BE_REQ_INITGROUPS: /* init groups for user */ - /* Always try GC first */ - clist[0] = ad_ctx->gc_ctx; - if (IS_SUBDOMAIN(dom) == true) { - clist[0]->ignore_mark_offline = false; - /* Subdomain users are only present in GC. */ - break; - } - /* fall back to ldap if gc is not available */ - clist[0]->ignore_mark_offline = true; - - /* With root domain users we have the option to - * fall back to LDAP in case ie POSIX attributes - * are used but not replicated to GC - */ - clist[1] = ad_ctx->ldap_ctx; + clist = ad_gc_conn_list(breq, ad_ctx, dom); + if (clist == NULL) return NULL; break; + default: + /* Requests for other object should only contact LDAP by default */ + clist = talloc_zero_array(breq, struct sdap_id_conn_ctx *, 2); + if (clist == NULL) return NULL; + clist[0] = ad_ctx->ldap_ctx; + clist[1] = NULL; break; } |