LDAP: Fixing of removing netgroup from cache

There were problem with local key which wasn't properly removed.
This patch fixes it.

Resolves:
https://fedorahosted.org/sssd/ticket/2841

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

1 files changed, 16 insertions, 0 deletions

diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c
index df233d956..e1d69ad76 100644
--- a/src/providers/ldap/sdap_async_netgroups.c
+++ b/src/providers/ldap/sdap_async_netgroups.c
@@ -138,6 +138,22 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx,
         goto fail;
     }
 
+    /* We store memberNisNetgroup from LDAP as originalMemberNisNetgroup in
+     * sysdb. It may contain simple name or DN. That's the reason why we always
+     * translate/generate simple name and store it in SYSDB_NETGROUP_MEMBER
+     * (memberNisNetgroup) in sysdb which is internally used for searching
+     * netgropus.
+     * We need to ensure if originalMemberNisNetgroup is missing,
+     * memberNisNetgroup is missing too.
+     */
+    if (string_in_list(SYSDB_ORIG_NETGROUP_MEMBER, missing, false)) {
+        ret = add_string_to_list(attrs, SYSDB_NETGROUP_MEMBER, &missing);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add string into list\n");
+            goto fail;
+        }
+    }
+
     ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, missing,
                              dom->netgroup_timeout, now);
     if (ret) goto fail;