ldap: remove originalMeberOf if there is no memberOf

Since originalMemerberOf is not mapped directly to an original attribute
and is handled specially it is not automatically removed if there is no
memberOf in the original object anymore. This patch put
originalMemerberOf on the list of attribute which should be removed in
that case.

Resolves https://fedorahosted.org/sssd/ticket/2917

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

1 files changed, 7 insertions, 1 deletions

diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 35de9c0a7..27b62a635 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -780,7 +780,7 @@ errno_t list_missing_attrs(TALLOC_CTX *mem_ctx,
     /* Allocate the maximum possible values for missing_attrs, to
      * be on the safe side
      */
-    missing = talloc_array(tmp_ctx, char *, attr_count);
+    missing = talloc_array(tmp_ctx, char *, attr_count + 2);
     if (!missing) {
         ret = ENOMEM;
         goto done;
@@ -831,6 +831,12 @@ errno_t list_missing_attrs(TALLOC_CTX *mem_ctx,
             /* Attribute could not be found. Add to the missing list */
             missing[k] = talloc_steal(missing, sysdb_name);
             k++;
+
+            /* Remove originalMemberOf as well if MemberOf is missing */
+            if (strcmp(sysdb_name, SYSDB_MEMBEROF) == 0) {
+                missing[k] = talloc_strdup(missing, SYSDB_ORIG_MEMBEROF);
+                k++;
+            }
         }
     }