diff options
Diffstat (limited to 'src/providers/ldap/sdap_async_initgroups.c')
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 7678c7b36..4c379fdfd 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -49,7 +49,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, bool posix; time_t now; char *sid_str; - bool use_id_mapping = dp_opt_get_bool(opts->basic, SDAP_ID_MAPPING); + bool use_id_mapping; /* There are no groups in LDAP but we should add user to groups ?? */ if (ldap_groups_count == 0) return EOK; @@ -89,6 +89,9 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, goto done; } + use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx, + domain->domain_id); + ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -2522,6 +2525,8 @@ struct sdap_get_initgr_state { size_t user_base_iter; struct sdap_search_base **user_search_bases; + + bool use_id_mapping; }; static errno_t sdap_get_initgr_next_base(struct tevent_req *req); @@ -2590,6 +2595,10 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, return NULL; } + state->use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping( + state->opts->idmap_ctx, + state->dom->domain_id); + ret = sdap_get_initgr_next_base(req); done: @@ -2649,8 +2658,6 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) const char *orig_dn; const char *cname; bool in_transaction = false; - bool use_id_mapping = - dp_opt_get_bool(state->opts->basic, SDAP_ID_MAPPING); DEBUG(9, ("Receiving info for the user\n")); @@ -2753,7 +2760,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) return; } - if (use_id_mapping + if (state->use_id_mapping && state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) { /* Take advantage of AD's tokenGroups mechanism to look up all * parent groups in a single request. @@ -2835,7 +2842,6 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) char *dom_sid_str; char *group_sid_str; struct sdap_options *opts = state->opts; - bool use_id_mapping = dp_opt_get_bool(opts->basic, SDAP_ID_MAPPING); DEBUG(9, ("Initgroups done\n")); @@ -2852,7 +2858,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) case SDAP_SCHEMA_RFC2307BIS: case SDAP_SCHEMA_AD: - if (use_id_mapping + if (state->use_id_mapping && state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) { ret = sdap_get_ad_tokengroups_initgroups_recv(subreq); } @@ -2886,7 +2892,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) * the user may not be an explicit member of that group */ - if (use_id_mapping) { + if (state->use_id_mapping) { DEBUG(SSSDBG_TRACE_LIBS, ("Mapping primary group to unix ID\n")); |