diff options
Diffstat (limited to 'src/providers/ipa/ipa_subdomains_id.c')
-rw-r--r-- | src/providers/ipa/ipa_subdomains_id.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 15776d2e1..1253510dc 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -386,14 +386,8 @@ struct tevent_req *ipa_get_subdom_acct_send(TALLOC_CTX *memctx, case BE_REQ_GROUP: case BE_REQ_BY_SECID: case BE_REQ_USER_AND_GROUP: - ret = EOK; - break; case BE_REQ_INITGROUPS: - ret = ENOTSUP; - DEBUG(SSSDBG_TRACE_FUNC, "Initgroups requests are not handled " \ - "by the IPA provider but are resolved " \ - "by the responder directly from the " \ - "cache.\n"); + ret = EOK; break; default: ret = EINVAL; @@ -434,6 +428,22 @@ static void ipa_get_subdom_acct_connected(struct tevent_req *subreq) return; } + if (state->entry_type == BE_REQ_INITGROUPS) { + /* With V1 of the extdom plugin a user lookup will resolve the full + * group membership of the user. */ + if (sdap_is_extension_supported(sdap_id_op_handle(state->op), + EXOP_SID2NAME_V1_OID)) { + state->entry_type = BE_REQ_USER; + } else { + DEBUG(SSSDBG_TRACE_FUNC, "Initgroups requests are not handled " \ + "by the IPA provider but are resolved " \ + "by the responder directly from the " \ + "cache.\n"); + tevent_req_error(req, ENOTSUP); + return; + } + } + req_input = talloc(state, struct req_input); if (req_input == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc failed.\n"); |