diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2011-03-11 05:06:48 -0500 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-03-17 11:34:00 -0400 |
commit | 6ebae9d53672aba7fab0543e392d87de95cea24c (patch) | |
tree | a16540b4ff68874ff7c28b6977734a119c1fca5b /src/providers/ldap/sdap_async_accounts.c | |
parent | f6750918324f4afcd505673baccb78f3963ce63e (diff) | |
download | sssd_unused-6ebae9d53672aba7fab0543e392d87de95cea24c.tar.gz sssd_unused-6ebae9d53672aba7fab0543e392d87de95cea24c.tar.xz sssd_unused-6ebae9d53672aba7fab0543e392d87de95cea24c.zip |
Ignore users and groups that lack mandatory attributes
https://fedorahosted.org/sssd/ticket/824
Diffstat (limited to 'src/providers/ldap/sdap_async_accounts.c')
-rw-r--r-- | src/providers/ldap/sdap_async_accounts.c | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c index 8e459598..3fedf07d 100644 --- a/src/providers/ldap/sdap_async_accounts.c +++ b/src/providers/ldap/sdap_async_accounts.c @@ -2007,10 +2007,12 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, return NULL; } - filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))", + filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(%s=*))", opts->group_map[SDAP_AT_GROUP_MEMBER].name, clean_name, - opts->group_map[SDAP_OC_GROUP].name); + opts->group_map[SDAP_OC_GROUP].name, + opts->group_map[SDAP_AT_GROUP_NAME].name, + opts->group_map[SDAP_AT_GROUP_GID].name); if (!filter) { talloc_zfree(req); return NULL; @@ -2211,8 +2213,10 @@ static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx, return NULL; } - state->filter = talloc_asprintf(state, "(objectclass=%s)", - opts->group_map[SDAP_OC_GROUP].name); + state->filter = talloc_asprintf(state, "(&(objectclass=%s)(%s=*)(%s=*))", + opts->group_map[SDAP_OC_GROUP].name, + opts->group_map[SDAP_AT_GROUP_NAME].name, + opts->group_map[SDAP_AT_GROUP_GID].name); if (!state->filter) { talloc_zfree(req); return NULL; @@ -3103,8 +3107,10 @@ static errno_t sdap_nested_group_lookup_group(struct tevent_req *req) } filter = talloc_asprintf( - sdap_attrs, "(objectclass=%s)", - state->opts->group_map[SDAP_OC_GROUP].name); + sdap_attrs, "(&(objectclass=%s)(%s=*)(%s=*))", + state->opts->group_map[SDAP_OC_GROUP].name, + state->opts->group_map[SDAP_AT_GROUP_NAME].name, + state->opts->group_map[SDAP_AT_GROUP_GID].name); if (!filter) { talloc_free(sdap_attrs); return ENOMEM; @@ -3435,10 +3441,12 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send( return NULL; } - filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))", + filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(%s=*))", opts->group_map[SDAP_AT_GROUP_MEMBER].name, clean_orig_dn, - opts->group_map[SDAP_OC_GROUP].name); + opts->group_map[SDAP_OC_GROUP].name, + opts->group_map[SDAP_AT_GROUP_NAME].name, + opts->group_map[SDAP_AT_GROUP_GID].name); if (!filter) { talloc_zfree(req); return NULL; @@ -3839,10 +3847,12 @@ static errno_t rfc2307bis_nested_groups_step(struct tevent_req *req) } filter = talloc_asprintf( - tmp_ctx, "(&(%s=%s)(objectclass=%s))", + tmp_ctx, "(&(%s=%s)(objectclass=%s)(%s=*)(%s=*))", state->opts->group_map[SDAP_AT_GROUP_MEMBER].name, clean_orig_dn, - state->opts->group_map[SDAP_OC_GROUP].name); + state->opts->group_map[SDAP_OC_GROUP].name, + state->opts->group_map[SDAP_AT_GROUP_NAME].name, + state->opts->group_map[SDAP_AT_GROUP_GID].name); if (!filter) { ret = ENOMEM; goto error; |