diff options
Diffstat (limited to 'src/providers/ldap')
-rw-r--r-- | src/providers/ldap/ldap_id.c | 15 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 2 |
2 files changed, 15 insertions, 2 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 642ae5c29..d65bd5f6a 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -1392,7 +1392,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, break; case BE_REQ_INITGROUPS: /* init groups for user */ - if (ar->filter_type != BE_FILTER_NAME) { + if (ar->filter_type != BE_FILTER_NAME + && ar->filter_type != BE_FILTER_SECID) { ret = EINVAL; state->err = "Invalid filter type"; goto done; @@ -1402,11 +1403,21 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, state->err = "Invalid attr type"; goto done; } + if (ar->filter_type == BE_FILTER_SECID && ar->extra_value != NULL + && strcmp(ar->extra_value, EXTRA_NAME_IS_SID) != 0) { + DEBUG(SSSDBG_OP_FAILURE, + "Unexpected extra value [%s] for BE_FILTER_SECID.\n", + ar->extra_value); + ret = EINVAL; + state->err = "Invalid extra value"; + goto done; + } subreq = groups_by_user_send(state, be_ctx->ev, id_ctx, sdom, conn, ar->filter_value, - ar->extra_value, + (ar->filter_type == BE_FILTER_SECID) + ? EXTRA_NAME_IS_SID : ar->extra_value, noexist_delete); break; diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index ae617b9c4..5c5be5eab 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2716,6 +2716,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) { search_attr = state->opts->user_map[SDAP_AT_USER_PRINC].name; + } else if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_SID) == 0) { + search_attr = state->opts->user_map[SDAP_AT_USER_OBJECTSID].name; } else { search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name; } |