diff options
Diffstat (limited to 'src/providers/ldap/sdap_async_nested_groups.c')
-rw-r--r-- | src/providers/ldap/sdap_async_nested_groups.c | 31 |
1 files changed, 10 insertions, 21 deletions
diff --git a/src/providers/ldap/sdap_async_nested_groups.c b/src/providers/ldap/sdap_async_nested_groups.c index 1eba35ae8..08e199869 100644 --- a/src/providers/ldap/sdap_async_nested_groups.c +++ b/src/providers/ldap/sdap_async_nested_groups.c @@ -240,32 +240,21 @@ sdap_nested_group_hash_group(struct sdap_nested_group_ctx *group_ctx, { struct sdap_attr_map *map = group_ctx->opts->group_map; gid_t gid; - errno_t ret = ENOENT; - int32_t ad_group_type; + errno_t ret; bool posix_group = true; bool use_id_mapping; bool can_find_gid; + bool need_filter; - if (group_ctx->opts->schema_type == SDAP_SCHEMA_AD) { - ret = sysdb_attrs_get_int32_t(group, SYSDB_GROUP_TYPE, &ad_group_type); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_int32_t failed.\n"); - return ret; - } + ret = sdap_check_ad_group_type(group_ctx->domain, group_ctx->opts, + group, "", &need_filter); + if (ret != EOK) { + return ret; + } - DEBUG(SSSDBG_TRACE_ALL, "AD group has type flags %#x.\n", - ad_group_type); - /* Only security groups from AD are considered for POSIX groups. - * Additionally only global and universal group are taken to account - * for trusted domains. */ - if (!(ad_group_type & SDAP_AD_GROUP_TYPE_SECURITY) - || (IS_SUBDOMAIN(group_ctx->domain) - && (!((ad_group_type & SDAP_AD_GROUP_TYPE_GLOBAL) - || (ad_group_type & SDAP_AD_GROUP_TYPE_UNIVERSAL))))) { - posix_group = false; - gid = 0; - DEBUG(SSSDBG_TRACE_FUNC, "Filtering AD group.\n"); - } + if (need_filter) { + posix_group = false; + gid = 0; } use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping( |