From 1997df3e5ef39ba81ac0f258d7f5ec94e9c0fee6 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Mon, 29 Aug 2011 08:51:05 -0400
Subject: HBAC: Properly skip all non-group memberOf entries

---
 src/providers/ipa/ipa_hbac_users.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/providers/ipa/ipa_hbac_users.c b/src/providers/ipa/ipa_hbac_users.c
index 9b7cadb2e..56259da5a 100644
--- a/src/providers/ipa/ipa_hbac_users.c
+++ b/src/providers/ipa/ipa_hbac_users.c
@@ -73,7 +73,8 @@ get_ipa_groupname(TALLOC_CTX *mem_ctx,
 
     if (ldb_dn_get_comp_num(dn) < 4) {
         /* RDN, groups, accounts, and at least one DC= */
-        ret = EINVAL;
+        /* If it's fewer, it's not a group DN */
+        ret = ENOENT;
         goto done;
     }
 
-- 
cgit