From a2c1db6b43374e7811bcf12d4b90640b96e695f2 Mon Sep 17 00:00:00 2001
From: Pavel Březina <pbrezina@redhat.com>
Date: Tue, 10 Sep 2013 14:45:52 +0200
Subject: sdap: store base dn in sdap_domain

Groups may contain members from different domains. Remembering
base dn in domain object gives us the ability to simply lookup
correct domain by comparing object dn with domain base dn.

Resolves:
https://fedorahosted.org/sssd/ticket/2064
---
 src/providers/ldap/ldap_common.c | 35 ++++++++++++++++++++---------------
 src/providers/ldap/sdap.h        |  2 ++
 2 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 241496384..1db524696 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -69,6 +69,7 @@ sdap_domain_add(struct sdap_options *opts,
                 struct sdap_domain **_sdom)
 {
     struct sdap_domain *sdom;
+    errno_t ret;
 
     sdom = talloc_zero(opts, struct sdap_domain);
     if (sdom == NULL) {
@@ -77,11 +78,27 @@ sdap_domain_add(struct sdap_options *opts,
     sdom->dom = dom;
     sdom->head = &opts->sdom;
 
+    /* Convert the domain name into search base */
+    ret = domain_to_basedn(sdom, sdom->dom->name, &sdom->basedn);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE,
+            ("Cannot convert domain name [%s] to base DN [%d]: %s\n",
+            dom->name, ret, strerror(ret)));
+        goto done;
+    }
+
     talloc_set_destructor((TALLOC_CTX *)sdom, sdap_domain_destructor);
     DLIST_ADD_END(opts->sdom, sdom, struct sdap_domain *);
 
     if (_sdom) *_sdom = sdom;
-    return EOK;
+    ret = EOK;
+
+done:
+    if (ret != EOK) {
+        talloc_free(sdom);
+    }
+
+    return ret;
 }
 
 errno_t
@@ -91,7 +108,6 @@ sdap_domain_subdom_add(struct sdap_id_ctx *sdap_id_ctx,
 {
     struct sss_domain_info *dom;
     struct sdap_domain *sdom, *sditer;
-    char *basedn;
     errno_t ret;
 
     for (dom = get_next_domain(parent, true);
@@ -120,16 +136,6 @@ sdap_domain_subdom_add(struct sdap_id_ctx *sdap_id_ctx,
             sdom = sditer;
         }
 
-        /* Convert the domain name into search base */
-        ret = domain_to_basedn(sdom, sdom->dom->name, &basedn);
-        if (ret != EOK) {
-            DEBUG(SSSDBG_OP_FAILURE,
-                ("Cannot convert domain name [%s] to base DN [%d]: %s\n",
-                dom->name, ret, strerror(ret)));
-            talloc_free(basedn);
-            return ret;
-        }
-
         /* Update search bases */
         talloc_zfree(sdom->search_bases);
         sdom->search_bases = talloc_array(sdom, struct sdap_search_base *, 2);
@@ -138,9 +144,8 @@ sdap_domain_subdom_add(struct sdap_id_ctx *sdap_id_ctx,
         }
         sdom->search_bases[1] = NULL;
 
-        ret = sdap_create_search_base(sdom, basedn, LDAP_SCOPE_SUBTREE, NULL,
-                                      &sdom->search_bases[0]);
-        talloc_free(basedn);
+        ret = sdap_create_search_base(sdom, sdom->basedn, LDAP_SCOPE_SUBTREE,
+                                      NULL, &sdom->search_bases[0]);
         if (ret) {
             DEBUG(SSSDBG_OP_FAILURE, ("Cannot create new sdap search base\n"));
             return ret;
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index abc9052f6..c53471b9b 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -372,6 +372,8 @@ enum dc_functional_level {
 struct sdap_domain {
     struct sss_domain_info *dom;
 
+    char *basedn;
+
     struct sdap_search_base **search_bases;
     struct sdap_search_base **user_search_bases;
     struct sdap_search_base **group_search_bases;
-- 
cgit