1 files changed, 36 insertions, 4 deletions

diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index e8d23c9dc..fead21a4f 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -290,6 +290,8 @@ int sdap_get_map(TALLOC_CTX *memctx,
 
 /* =Parse-msg============================================================= */
 
+static bool objectclass_matched(struct sdap_attr_map *map,
+                                const char *objcl, int len);
 int sdap_parse_entry(TALLOC_CTX *memctx,
                      struct sdap_handle *sh, struct sdap_msg *sm,
                      struct sdap_attr_map *map, int attrs_num,
@@ -357,9 +359,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
         }
 
         for (i = 0; vals[i]; i++) {
-            /* the objectclass is always the first name in the map */
-            if (strncasecmp(map[0].name,
-                            vals[i]->bv_val, vals[i]->bv_len) == 0) {
+            if (objectclass_matched(map, vals[i]->bv_val, vals[i]->bv_len)) {
                 /* ok it's an entry of the right type */
                 break;
             }
@@ -511,6 +511,25 @@ done:
     return ret;
 }
 
+static bool objectclass_matched(struct sdap_attr_map *map,
+                                const char *objcl, int len)
+{
+    if (len == 0) {
+        len = strlen(objcl) + 1;
+    }
+
+    if (strncasecmp(map[SDAP_OC_GROUP].name, objcl, len) == 0) {
+        return true;
+    }
+
+    if (map[SDAP_OC_GROUP_ALT].name != NULL
+        && strncasecmp(map[SDAP_OC_GROUP_ALT].name, objcl, len) == 0) {
+        return true;
+    }
+
+    return false;
+}
+
 /* Parses an LDAPDerefRes into sdap_deref_attrs structure */
 errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx,
                          struct sdap_attr_map_info *minfo,
@@ -610,7 +629,7 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx,
 
         for (i=0; ocs[i]; i++) {
             /* the objectclass is always the first name in the map */
-            if (strcasecmp(minfo[mi].map[0].name, ocs[i]) == 0) {
+            if (objectclass_matched(minfo[mi].map, ocs[i], 0)) {
                 DEBUG(SSSDBG_TRACE_ALL,
                       "Found map for objectclass '%s'\n", ocs[i]);
                 map = minfo[mi].map;
@@ -1458,3 +1477,16 @@ errno_t sdap_get_netgroup_primary_name(TALLOC_CTX *memctx,
                                  opts->netgroup_map[SDAP_AT_NETGROUP_NAME].name,
                                  attrs, dom, _netgroup_name);
 }
+
+char *sdap_make_oc_list(TALLOC_CTX *mem_ctx, struct sdap_attr_map *map)
+{
+    if (map[SDAP_OC_GROUP_ALT].name == NULL) {
+        return talloc_asprintf(mem_ctx, "objectClass=%s",
+                               map[SDAP_OC_GROUP].name);
+    } else {
+        return talloc_asprintf(mem_ctx,
+                               "|(objectClass=%s)(objectClass=%s)",
+                               map[SDAP_OC_GROUP].name,
+                               map[SDAP_OC_GROUP_ALT].name);
+    }
+}