summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/sdap_async_initgroups.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ldap/sdap_async_initgroups.c')
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c26
1 files changed, 20 insertions, 6 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index ffb8f7e1f..1f06e01d9 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -647,12 +647,26 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb,
}
in_transaction = true;
- ret = sdap_add_incomplete_groups(sysdb, domain, opts, groupnamelist,
- groups, count);
- if (ret != EOK) {
- DEBUG(SSSDBG_TRACE_FUNC, "Could not add incomplete groups [%d]: %s\n",
- ret, strerror(ret));
- goto done;
+ if (domain->ignore_group_members == true && opts->schema_type == SDAP_SCHEMA_IPA_V1) {
+ /* If groupmembers are ignored, there's no point in saving the groups
+ * as incomplete, at least not for the IPA schema. We're able to dereference
+ * the objects, so let's be done with it
+ */
+ ret = sdap_save_groups(tmp_ctx, sysdb, domain, opts,
+ groups, count, false, NULL, true,
+ NULL);
+ if (ret != EOK) {
+ goto done;
+ }
+ } else {
+ ret = sdap_add_incomplete_groups(sysdb, domain, opts, groupnamelist,
+ groups, count);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Could not add incomplete groups [%d]: %s\n",
+ ret, strerror(ret));
+ goto done;
+ }
}
ret = sysdb_transaction_commit(sysdb);
generated by cgit (git 2.34.1) at 2024-04-26 20:52:06 +0000