From 0febc32cf0b544361aa094d2f1dc767191bd8118 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Fri, 11 Mar 2011 05:06:48 -0500
Subject: Require existence of GID number and name in group searches

https://fedorahosted.org/sssd/ticket/824
---
 src/providers/ldap/ldap_id.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'src/providers/ldap/ldap_id.c')

diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index 9a2342800..776df1ac2 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -335,9 +335,12 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
         goto fail;
     }
 
-    state->filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))",
-                                    attr_name, clean_name,
-                                    ctx->opts->group_map[SDAP_OC_GROUP].name);
+    state->filter =
+            talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(%s=*))",
+                            attr_name, clean_name,
+                            ctx->opts->group_map[SDAP_OC_GROUP].name,
+                            ctx->opts->group_map[SDAP_AT_GROUP_NAME].name,
+                            ctx->opts->group_map[SDAP_AT_GROUP_GID].name);
     if (!state->filter) {
         DEBUG(2, ("Failed to build filter\n"));
         ret = ENOMEM;
-- 
cgit