summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/sdap_async_groups.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ldap/sdap_async_groups.c')
-rw-r--r--src/providers/ldap/sdap_async_groups.c25
1 files changed, 18 insertions, 7 deletions
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index 00ac3e991..ccf716ec8 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -449,13 +449,6 @@ static int sdap_save_group(TALLOC_CTX *memctx,
goto done;
}
- ret = sdap_get_group_primary_name(tmpctx, opts, attrs, dom, &group_name);
- if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("Failed to get group name\n"));
- goto done;
- }
- DEBUG(SSSDBG_TRACE_FUNC, ("Processing group %s\n", group_name));
-
/* Always store SID string if available */
ret = sdap_attrs_get_sid_str(tmpctx, opts->idmap_ctx, attrs,
opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name,
@@ -477,6 +470,24 @@ static int sdap_save_group(TALLOC_CTX *memctx,
sid_str = NULL;
}
+ /* If this object has a SID available, we will determine the correct
+ * domain by its SID. */
+ if (sid_str != NULL) {
+ dom = find_subdomain_by_sid(get_domains_head(dom), sid_str);
+ if (dom == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("SID %s does not belong to any known "
+ "domain\n", sid_str));
+ return ERR_DOMAIN_NOT_FOUND;
+ }
+ }
+
+ ret = sdap_get_group_primary_name(tmpctx, opts, attrs, dom, &group_name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Failed to get group name\n"));
+ goto done;
+ }
+ DEBUG(SSSDBG_TRACE_FUNC, ("Processing group %s\n", group_name));
+
use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx,
dom->name,
sid_str);