3 files changed, 8 insertions, 4 deletions

diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c
index ee15afa5c..b409542d6 100644
--- a/src/providers/ipa/ipa_auth.c
+++ b/src/providers/ipa/ipa_auth.c
@@ -358,6 +358,7 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req)
     attrs[1] = NULL;
 
     ret = sysdb_search_user_by_name(state, state->be_req->be_ctx->sysdb,
+                                    state->be_req->be_ctx->domain,
                                     state->pd->user, attrs, &user_msg);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, ("sysdb_search_user_by_name failed.\n"));
diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c
index 73789bd1e..9ccab7846 100644
--- a/src/providers/ipa/ipa_hbac_common.c
+++ b/src/providers/ipa/ipa_hbac_common.c
@@ -410,6 +410,7 @@ done:
 static errno_t
 hbac_eval_user_element(TALLOC_CTX *mem_ctx,
                        struct sysdb_ctx *sysdb,
+                       struct sss_domain_info *domain,
                        const char *username,
                        struct hbac_request_element **user_element);
 
@@ -462,10 +463,10 @@ hbac_ctx_to_eval_request(TALLOC_CTX *mem_ctx,
             ret = ENOMEM;
             goto done;
         }
-        ret = hbac_eval_user_element(eval_req, user_dom->sysdb,
+        ret = hbac_eval_user_element(eval_req, user_dom->sysdb, user_dom,
                                      pd->user, &eval_req->user);
     } else {
-        ret = hbac_eval_user_element(eval_req, sysdb,
+        ret = hbac_eval_user_element(eval_req, sysdb, domain,
                                      pd->user, &eval_req->user);
     }
     if (ret != EOK) goto done;
@@ -515,6 +516,7 @@ done:
 static errno_t
 hbac_eval_user_element(TALLOC_CTX *mem_ctx,
                        struct sysdb_ctx *sysdb,
+                       struct sss_domain_info *domain,
                        const char *username,
                        struct hbac_request_element **user_element)
 {
@@ -543,7 +545,8 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx,
      * This will give us the list of both POSIX and
      * non-POSIX groups that this user belongs to.
      */
-    ret = sysdb_search_user_by_name(tmp_ctx, sysdb, users->name, attrs, &msg);
+    ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain,
+                                    users->name, attrs, &msg);
     if (ret != EOK) {
         DEBUG(1, ("Could not determine user memberships for [%s]\n",
                   users->name));
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
index 7a6156776..744dc46c2 100644
--- a/src/providers/ipa/ipa_selinux.c
+++ b/src/providers/ipa/ipa_selinux.c
@@ -141,7 +141,7 @@ ipa_selinux_create_op_ctx(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
     }
     op_ctx->be_req = be_req;
 
-    ret = sss_selinux_extract_user(op_ctx, sysdb, username, &op_ctx->user);
+    ret = sss_selinux_extract_user(op_ctx, sysdb, domain, username, &op_ctx->user);
     if (ret != EOK) {
         goto fail;
     }