diff options
| author | Ondrej Kos <okos@redhat.com> | 2013-08-15 14:04:09 +0200 |
|---|---|---|
| committer | Ondrej Kos <okos@redhat.com> | 2013-08-20 15:06:58 +0200 |
| commit | 3740d51ad8ee54b52550f16188da0279c42ce4a3 (patch) | |
| tree | 804c783cb1d55c6c078791f698f6b5f36a6eee81 | |
| parent | edcf38f274b5e9022d4d92d294a9267bec13b882 (diff) | |
| download | sssd-3740d51ad8ee54b52550f16188da0279c42ce4a3.tar.gz sssd-3740d51ad8ee54b52550f16188da0279c42ce4a3.tar.xz sssd-3740d51ad8ee54b52550f16188da0279c42ce4a3.zip | |
SDAP: save group objectSID when schema=AD
The SID is needed to be stored even when id mapping is disabled
Resolves:
https://fedorahosted.org/sssd/ticket/1568 (part)
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 45 |
1 files changed, 35 insertions, 10 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 5242c1ad..6bc9579d 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -50,6 +50,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, time_t now; char *sid_str; bool use_id_mapping; + struct sysdb_attrs *group_attrs; /* There are no groups in LDAP but we should add user to groups ?? */ if (ldap_groups_count == 0) return EOK; @@ -114,6 +115,17 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, goto done; } + if (opts->schema_type == SDAP_SCHEMA_AD) { + ret = sdap_attrs_get_sid_str( + tmp_ctx, opts->idmap_ctx, ldap_groups[ai], + opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name, + &sid_str); + if (ret != EOK) goto done; + + DEBUG(SSSDBG_TRACE_INTERNAL, + ("Group [%s] has objectSID [%s]\n", groupname, sid_str)); + } + if (strcmp(groupname, missing[i]) == 0) { posix = true; @@ -121,16 +133,6 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, DEBUG(SSSDBG_TRACE_LIBS, ("Mapping group [%s] objectSID to unix ID\n", groupname)); - ret = sdap_attrs_get_sid_str( - tmp_ctx, opts->idmap_ctx, ldap_groups[ai], - opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name, - &sid_str); - if (ret != EOK) goto done; - - DEBUG(SSSDBG_TRACE_INTERNAL, - ("Group [%s] has objectSID [%s]\n", - groupname, sid_str)); - /* Convert the SID into a UNIX group ID */ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &gid); @@ -181,6 +183,29 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, if (ret != EOK) { goto done; } + + group_attrs = sysdb_new_attrs(tmp_ctx); + if (group_attrs == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_attrs_add_string(group_attrs, SYSDB_SID_STR, + sid_str); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not add SID string: " + "[%s]\n", strerror(ret))); + goto done; + } + + ret = sysdb_set_group_attr(sysdb, domain, groupname, group_attrs, + SYSDB_MOD_REP); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not save SID string " + "[%s] to sysdb.\n")); + goto done; + } + break; } } |