summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/sdap_access.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ldap/sdap_access.c')
-rw-r--r--src/providers/ldap/sdap_access.c19
1 files changed, 16 insertions, 3 deletions
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
index 88b52e26b..b198e0435 100644
--- a/src/providers/ldap/sdap_access.c
+++ b/src/providers/ldap/sdap_access.c
@@ -139,6 +139,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx,
struct tevent_req *req;
struct ldb_result *res;
const char *attrs[] = { "*", NULL };
+ struct sss_domain_info *user_dom;
req = tevent_req_create(mem_ctx, &state, struct sdap_access_req_ctx);
if (req == NULL) {
@@ -162,9 +163,21 @@ sdap_access_send(TALLOC_CTX *mem_ctx,
goto done;
}
- /* Get original user DN */
- ret = sysdb_get_user_attr(state, be_req->sysdb,
- pd->user, attrs, &res);
+ /* Get original user DN, take care of subdomain users as well */
+ if (strcasecmp(pd->domain, be_req->be_ctx->domain->name) != 0) {
+ user_dom = new_subdomain(state, be_req->be_ctx->domain, pd->domain,
+ NULL, NULL);
+ if (user_dom == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("new_subdomain failed.\n"));
+ ret = ENOMEM;
+ goto done;
+ }
+ ret = sysdb_get_user_attr(state, user_dom->sysdb,
+ pd->user, attrs, &res);
+ } else {
+ ret = sysdb_get_user_attr(state, be_req->sysdb,
+ pd->user, attrs, &res);
+ }
if (ret != EOK) {
if (ret == ENOENT) {
/* If we can't find the user, return permission denied */
generated by cgit (git 2.34.1) at 2024-04-28 13:19:17 +0000