diff options
author | Pavel Březina <pbrezina@redhat.com> | 2013-09-11 12:41:43 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-30 22:45:26 +0100 |
commit | 85eb8a5e98e208393b205615e3895a64905eacf2 (patch) | |
tree | 7c9b1abeeb0b9c2bfa4548e180094d5b2af53927 | |
parent | d81ce5550ba1fdebd958483d7322052c8b39c33b (diff) | |
download | sssd-85eb8a5e98e208393b205615e3895a64905eacf2.tar.gz sssd-85eb8a5e98e208393b205615e3895a64905eacf2.tar.xz sssd-85eb8a5e98e208393b205615e3895a64905eacf2.zip |
ghosts: pick correct domain for every member
Groups may contain members from different domains. We need
to make sure that we store subdomain users with correct
domain name.
Resolves:
https://fedorahosted.org/sssd/ticket/2064
-rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index ccf716ec8..c2a19faab 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -2016,6 +2016,8 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, const char *username; char *clean_orig_dn; const char *original_dn; + struct sss_domain_info *user_dom; + struct sdap_domain *sdap_dom; TALLOC_CTX *tmp_ctx; struct ldb_message **msgs; @@ -2056,14 +2058,6 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, in_transaction = true; for (i = 0; i < num_users; i++) { - ret = sdap_get_user_primary_name(tmp_ctx, opts, users[i], - domain, &username); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("User entry %d has no name attribute. Skipping\n", i)); - continue; - } - ret = sysdb_attrs_get_el(users[i], SYSDB_ORIG_DN, &el); if (el->num_values == 0) { ret = EINVAL; @@ -2083,6 +2077,17 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, goto done; } + sdap_dom = sdap_domain_get_by_dn(opts, original_dn); + user_dom = sdap_dom == NULL ? domain : sdap_dom->dom; + + ret = sdap_get_user_primary_name(tmp_ctx, opts, users[i], + user_dom, &username); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("User entry %d has no name attribute. Skipping\n", i)); + continue; + } + /* Check for the specified origDN in the sysdb */ filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_ORIG_DN, @@ -2091,7 +2096,7 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - ret = sysdb_search_users(tmp_ctx, sysdb, domain, filter, + ret = sysdb_search_users(tmp_ctx, user_dom->sysdb, user_dom, filter, search_attrs, &count, &msgs); talloc_zfree(filter); talloc_zfree(clean_orig_dn); @@ -2120,7 +2125,7 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_add_string(attrs, SYSDB_NAME, username); if (ret) goto done; - ret = sysdb_set_user_attr(sysdb, domain, sysdb_name, + ret = sysdb_set_user_attr(user_dom->sysdb, user_dom, sysdb_name, attrs, SYSDB_MOD_REP); if (ret != EOK) goto done; } else { |