diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2016-06-20 16:55:54 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-07-07 10:26:58 +0200 |
| commit | 5e87a8bd1f577f503b59d35eee1443f64a74f372 (patch) | |
| tree | abf7781c800cc6f7f07b9dd9c74101520a9c67d8 | |
| parent | 147bb3266aa9238c771c3c40d130eaa48eae1752 (diff) | |
| download | sssd-5e87a8bd1f577f503b59d35eee1443f64a74f372.tar.gz sssd-5e87a8bd1f577f503b59d35eee1443f64a74f372.tar.xz sssd-5e87a8bd1f577f503b59d35eee1443f64a74f372.zip | |
LDAP: Delete cache entry if not found by UPN
Previously, the user account was only looked by name when the LDAP
provider didn't match any entry on the server side. This patch removes
the entry from the cache with the matching function, either by name or
by UPN.
Reviewed-by: Sumit Bose <sbose@redhat.com>
| -rw-r--r-- | src/providers/ldap/ldap_id.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 6d5861208..1ffed79e0 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -51,6 +51,7 @@ struct users_get_state { const char *filter_value; int filter_type; + bool name_is_upn; char *filter; const char **attrs; @@ -445,6 +446,8 @@ static void users_get_done(struct tevent_req *subreq) uid_t uid; int dp_error = DP_ERR_FATAL; int ret; + const char *del_name; + struct ldb_message *msg; ret = sdap_get_users_recv(subreq, NULL, NULL); talloc_zfree(subreq); @@ -508,6 +511,22 @@ static void users_get_done(struct tevent_req *subreq) tevent_req_error(req, ret); return; case BE_FILTER_NAME: + if (state->name_is_upn == true) { + ret = sysdb_search_user_by_upn(state, state->domain, + state->filter_value, + NULL, &msg); + if (ret != EOK) { + break; + } + del_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); + } else { + del_name = state->filter_value; + } + + if (del_name == NULL) { + break; + } + ret = sysdb_delete_user(state->domain, state->filter_value, 0); if (ret != EOK && ret != ENOENT) { tevent_req_error(req, ret); |