diff options
author | Ondrej Kos <okos@redhat.com> | 2013-08-28 14:14:27 +0200 |
---|---|---|
committer | Ondrej Kos <okos@redhat.com> | 2013-08-28 14:14:27 +0200 |
commit | 429d685e8dd5f8a21c3dedb7a7c9d60f263744b5 (patch) | |
tree | e7d603d4d3f12e3edc0a159c7af07c8e5c91b0f9 | |
parent | d0d3d79486aa1e1e065c63a8fde9a86d937d6b26 (diff) | |
download | sssd-429d685e8dd5f8a21c3dedb7a7c9d60f263744b5.tar.gz sssd-429d685e8dd5f8a21c3dedb7a7c9d60f263744b5.tar.xz sssd-429d685e8dd5f8a21c3dedb7a7c9d60f263744b5.zip |
p2
Explanation
Resolves:
https://fedorahosted.org/sssd/ticket/XXXX
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups_ad.c | 38 |
1 files changed, 27 insertions, 11 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index e5649a2b..bd201f9b 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -371,6 +371,7 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq) char **sysdb_grouplist; char **add_groups; char **del_groups; + bool use_id_mapping; const char *attrs[] = { SYSDB_NAME, NULL }; const char *group_name; struct tevent_req *req = @@ -399,6 +400,9 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq) goto done; } + use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(state->opts->idmap_ctx, + sid_str); + /* Get the list of group SIDs */ ret = sysdb_attrs_get_el_ext(users[0], AD_TOKENGROUPS_ATTR, false, &el); @@ -464,20 +468,32 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq) DEBUG(SSSDBG_TRACE_FUNC, ("Skipping built-in object.\n")); ret = EOK; continue; - } else if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not convert SID to GID: [%s]. Skipping\n", - strerror(ret))); - continue; } - DEBUG(SSSDBG_TRACE_LIBS, - ("Processing membership GID [%lu]\n", - gid)); + if (use_id_mapping) { + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("Could not convert SID to GID: [%s]. Skipping\n", + strerror(ret))); + continue; + } + + DEBUG(SSSDBG_TRACE_LIBS, + ("Processing membership GID [%lu]\n", + gid)); + /* Check whether this GID already exists in the sysdb */ + ret = sysdb_search_group_by_gid(tmp_ctx, state->sysdb, state->domain, + gid, attrs, &msg); + } else { + DEBUG(SSSDBG_TRACE_LIBS, + ("Processing membership group SID [%s]\n", + sid_str)); + + ret = sysdb_search_group_by_sid_str(tmp_ctx, state->sysdb, + state->domain, sid_str, attrs, + &msg); + } - /* Check whether this GID already exists in the sysdb */ - ret = sysdb_search_group_by_gid(tmp_ctx, state->sysdb, state->domain, - gid, attrs, &msg); if (ret == EOK) { group_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); if (!group_name) { |