s3:winbind:idmap_ldap: warn about duplicate SID->XID mappings (bug #6387)

With the current infrastructure, we should not return error on
duplicate mappings but just warn instead (because an error would
trigger the attempt to create yet another mapping).

Michael
(cherry picked from commit 3111d78001f458cfcaf81123a1d1c23d5927a6c2)
(cherry picked from commit 5328f600bbc6535d8880b1b0c74bcfbd9b7a162a)

1 files changed, 11 insertions, 2 deletions

diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index 63108040fd0..88ece8c7de4 100644
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -1257,8 +1257,6 @@ again:
 			continue;
 		}
 
-		TALLOC_FREE(sidstr);
-
 		/* now try to see if it is a uid, if not try with a gid
 		 * (gid is more common, but in case both uidNumber and
 		 * gidNumber are returned the SID is mapped to the uid
@@ -1276,6 +1274,7 @@ again:
 		if ( ! tmp) { /* no ids ?? */
 			DEBUG(5, ("no uidNumber, "
 				  "nor gidNumber attributes found\n"));
+			TALLOC_FREE(sidstr);
 			continue;
 		}
 
@@ -1286,11 +1285,21 @@ again:
 			DEBUG(5, ("Requested id (%u) out of range (%u - %u). "
 				  "Filtered!\n", id,
 				  ctx->filter_low_id, ctx->filter_high_id));
+			TALLOC_FREE(sidstr);
 			TALLOC_FREE(tmp);
 			continue;
 		}
 		TALLOC_FREE(tmp);
 
+		if (map->status == ID_MAPPED) {
+			DEBUG(1, ("WARNING: duplicate %s mapping in LDAP. "
+			      "overwriting mapping %s -> %u with %s -> %u\n",
+			      (type == ID_TYPE_UID) ? "UID" : "GID",
+			      sidstr, map->xid.id, sidstr, id));
+		}
+
+		TALLOC_FREE(sidstr);
+
 		/* mapped */
 		map->xid.type = type;
 		map->xid.id = id;