diff options
Diffstat (limited to 'src/providers')
| -rw-r--r-- | src/providers/ldap/ldap_id.c | 9 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 6 |
2 files changed, 13 insertions, 2 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index d8dc3b299..d4f9d2d8a 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -379,6 +379,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, enum idmap_error_code err; char *sid; bool use_id_mapping = dp_opt_get_bool(ctx->opts->basic, SDAP_ID_MAPPING); + const char *member_filter[2]; req = tevent_req_create(memctx, &state, struct groups_get_state); if (!req) return NULL; @@ -477,9 +478,15 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, goto fail; } + member_filter[0] = (const char *)ctx->opts->group_map[SDAP_AT_GROUP_MEMBER].name; + member_filter[1] = NULL; + /* TODO: handle attrs_type */ ret = build_attrs_from_map(state, ctx->opts->group_map, SDAP_OPTS_GROUP, - NULL, &state->attrs, NULL); + state->domain->ignore_group_members ? + (const char **)member_filter : NULL, + &state->attrs, NULL); + if (ret != EOK) goto fail; ret = groups_get_retry(req); diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index e4dc4dfb2..55111783c 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -1795,8 +1795,12 @@ static void sdap_get_groups_done(struct tevent_req *subreq) if (state->check_count == 0) { DEBUG(9, ("All groups processed\n")); + /* If ignore_group_members is set for the domain, don't update + * group memberships in the cache. + */ ret = sdap_save_groups(state, state->sysdb, state->dom, state->opts, - state->groups, state->count, true, NULL, + state->groups, state->count, + !state->dom->ignore_group_members, NULL, &state->higher_usn); if (ret) { DEBUG(2, ("Failed to store groups.\n")); |