1 files changed, 14 insertions, 26 deletions

diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index 454d302ea..fb1912d2b 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -510,9 +510,9 @@ static int sdap_save_group(TALLOC_CTX *memctx,
     TALLOC_CTX *tmpctx = NULL;
     bool posix_group;
     bool use_id_mapping;
+    bool need_filter;
     char *sid_str;
     struct sss_domain_info *subdomain;
-    int32_t ad_group_type;
 
     tmpctx = talloc_new(NULL);
     if (!tmpctx) {
@@ -579,32 +579,20 @@ static int sdap_save_group(TALLOC_CTX *memctx,
     DEBUG(SSSDBG_TRACE_FUNC, "Processing group %s\n", group_name);
 
     posix_group = true;
-    if (opts->schema_type == SDAP_SCHEMA_AD) {
-        ret = sysdb_attrs_get_int32_t(attrs, SYSDB_GROUP_TYPE, &ad_group_type);
-        if (ret != EOK) {
-            DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_int32_t failed.\n");
-            goto done;
-        }
+    ret = sdap_check_ad_group_type(dom, opts, attrs, group_name,
+                                   &need_filter);
+    if (ret != EOK) {
+        goto done;
+    }
+    if (need_filter) {
+        posix_group = false;
+        gid = 0;
 
-        DEBUG(SSSDBG_TRACE_ALL, "AD group [%s] has type flags %#x.\n",
-                                 group_name, ad_group_type);
-        /* Only security groups from AD are considered for POSIX groups.
-         * Additionally only global and universal group are taken to account
-         * for trusted domains. */
-        if (!(ad_group_type & SDAP_AD_GROUP_TYPE_SECURITY)
-                || (IS_SUBDOMAIN(dom)
-                    && (!((ad_group_type & SDAP_AD_GROUP_TYPE_GLOBAL)
-                        || (ad_group_type & SDAP_AD_GROUP_TYPE_UNIVERSAL))))) {
-            posix_group = false;
-            gid = 0;
-            DEBUG(SSSDBG_TRACE_FUNC, "Filtering AD group [%s].\n",
-                                      group_name);
-            ret = sysdb_attrs_add_bool(group_attrs, SYSDB_POSIX, false);
-            if (ret != EOK) {
-                DEBUG(SSSDBG_OP_FAILURE,
-                      "Error: Failed to mark group as non-posix!\n");
-                return ret;
-            }
+        ret = sysdb_attrs_add_bool(group_attrs, SYSDB_POSIX, false);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE,
+                  "Error: Failed to mark group as non-posix!\n");
+            return ret;
         }
     }