From 4da27d52078497c5c095f4a4cd9975fe5c83c330 Mon Sep 17 00:00:00 2001 From: Pavel Reichl Date: Thu, 21 Aug 2014 19:03:08 +0100 Subject: AD: process non-posix nested groups w/o tokenGroups MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When initgr is performed for AD not supporting tokenGroups, do not filter out groups without gid attribute or with gid equal to zero. Resolves: https://fedorahosted.org/sssd/ticket/2343 Reviewed-by: Michal Židek (cherry picked from commit 981bf55532fbec91a106f82d7daf32094c76dfe0) --- src/providers/ldap/sdap_async_initgroups.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 22b94ca03..92bc9e2b8 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -1587,11 +1587,7 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send( "(%s=*))", opts->group_map[SDAP_AT_GROUP_OBJECTSID].name); } else { - /* When not ID-mapping, make sure there is a non-NULL UID */ - state->base_filter = talloc_asprintf_append(state->base_filter, - "(&(%s=*)(!(%s=0))))", - opts->group_map[SDAP_AT_GROUP_GID].name, - opts->group_map[SDAP_AT_GROUP_GID].name); + state->base_filter = talloc_asprintf_append(state->base_filter, ")"); } if (!state->base_filter) { talloc_zfree(req); -- cgit