summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa/ipa_subdomains_id.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ipa/ipa_subdomains_id.c')
-rw-r--r--src/providers/ipa/ipa_subdomains_id.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
index 5517602a6..9a90bc2d6 100644
--- a/src/providers/ipa/ipa_subdomains_id.c
+++ b/src/providers/ipa/ipa_subdomains_id.c
@@ -304,17 +304,21 @@ ipa_get_ad_acct_send(TALLOC_CTX *mem_ctx,
}
sdap_id_ctx = ad_id_ctx->sdap_id_ctx;
- /* Currently only LDAP port for AD is used because POSIX
- * attributes are not replicated to GC by default
+ /* We read users and groups from GC. From groups, we may switch to
+ * using LDAP connection in the group request itself, but in order
+ * to resolve Universal group memberships, we also need the GC
+ * connection
*/
-
- if ((state->ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_INITGROUPS) {
+ switch (state->ar->entry_type & BE_REQ_TYPE_MASK) {
+ case BE_REQ_INITGROUPS:
+ case BE_REQ_GROUP:
clist = ad_gc_conn_list(req, ad_id_ctx, state->user_dom);
if (clist == NULL) {
ret = ENOMEM;
goto fail;
}
- } else {
+ break;
+ default:
clist = talloc_zero_array(req, struct sdap_id_conn_ctx *, 2);
if (clist == NULL) {
ret = ENOMEM;
generated by cgit (git 2.34.1) at 2024-05-06 08:25:07 +0000