p2

Explanation Resolves: https://fedorahosted.org/sssd/ticket/XXXX
author: Ondrej Kos <okos@redhat.com> 2013-08-28 14:14:27 +0200
committer: Ondrej Kos <okos@redhat.com> 2013-08-28 14:14:27 +0200
commit: 429d685e8dd5f8a21c3dedb7a7c9d60f263744b5 (patch)
tree: e7d603d4d3f12e3edc0a159c7af07c8e5c91b0f9
parent: d0d3d79486aa1e1e065c63a8fde9a86d937d6b26 (diff)
download: sssd-429d685e8dd5f8a21c3dedb7a7c9d60f263744b5.tar.gz
sssd-429d685e8dd5f8a21c3dedb7a7c9d60f263744b5.tar.xz
sssd-429d685e8dd5f8a21c3dedb7a7c9d60f263744b5.zip
1 files changed, 27 insertions, 11 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c
index e5649a2b..bd201f9b 100644
--- a/src/providers/ldap/sdap_async_initgroups_ad.c
+++ b/src/providers/ldap/sdap_async_initgroups_ad.c
@@ -371,6 +371,7 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq)
     char **sysdb_grouplist;
     char **add_groups;
     char **del_groups;
+    bool use_id_mapping;
     const char *attrs[] = { SYSDB_NAME, NULL };
     const char *group_name;
     struct tevent_req *req =
@@ -399,6 +400,9 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq)
         goto done;
     }
 
+    use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(state->opts->idmap_ctx,
+                                                               sid_str);
+
     /* Get the list of group SIDs */
     ret = sysdb_attrs_get_el_ext(users[0], AD_TOKENGROUPS_ATTR,
                                  false, &el);
@@ -464,20 +468,32 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq)
             DEBUG(SSSDBG_TRACE_FUNC, ("Skipping built-in object.\n"));
             ret = EOK;
             continue;
-        } else if (ret != EOK) {
-            DEBUG(SSSDBG_MINOR_FAILURE,
-                  ("Could not convert SID to GID: [%s]. Skipping\n",
-                   strerror(ret)));
-            continue;
         }
 
-        DEBUG(SSSDBG_TRACE_LIBS,
-              ("Processing membership GID [%lu]\n",
-               gid));
+        if (use_id_mapping) {
+            if (ret != EOK) {
+                DEBUG(SSSDBG_MINOR_FAILURE,
+                      ("Could not convert SID to GID: [%s]. Skipping\n",
+                       strerror(ret)));
+                continue;
+            }
+
+            DEBUG(SSSDBG_TRACE_LIBS,
+                  ("Processing membership GID [%lu]\n",
+                   gid));
+            /* Check whether this GID already exists in the sysdb */
+            ret = sysdb_search_group_by_gid(tmp_ctx, state->sysdb, state->domain,
+                                            gid, attrs, &msg);
+        } else {
+            DEBUG(SSSDBG_TRACE_LIBS,
+                  ("Processing membership group SID [%s]\n",
+                   sid_str));
+
+            ret = sysdb_search_group_by_sid_str(tmp_ctx, state->sysdb,
+                                                state->domain, sid_str, attrs,
+                                                &msg);
+        }
 
-        /* Check whether this GID already exists in the sysdb */
-        ret = sysdb_search_group_by_gid(tmp_ctx, state->sysdb, state->domain,
-                                        gid, attrs, &msg);
         if (ret == EOK) {
             group_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
             if (!group_name) {
author	Ondrej Kos <okos@redhat.com>	2013-08-28 14:14:27 +0200
committer	Ondrej Kos <okos@redhat.com>	2013-08-28 14:14:27 +0200
commit	429d685e8dd5f8a21c3dedb7a7c9d60f263744b5 (patch)
tree	e7d603d4d3f12e3edc0a159c7af07c8e5c91b0f9
parent	d0d3d79486aa1e1e065c63a8fde9a86d937d6b26 (diff)
download	sssd-429d685e8dd5f8a21c3dedb7a7c9d60f263744b5.tar.gz sssd-429d685e8dd5f8a21c3dedb7a7c9d60f263744b5.tar.xz sssd-429d685e8dd5f8a21c3dedb7a7c9d60f263744b5.zip