diff options
author | Sumit Bose <sbose@redhat.com> | 2015-12-21 15:51:09 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-01-12 10:03:47 +0100 |
commit | 9a2f018c0f68a3ada4cea4128a861a7f85893f22 (patch) | |
tree | 504802987478d333a2814685d962d3568e876a8d /src/providers/ipa/ipa_s2n_exop.c | |
parent | a1c6869c67fcf4971ac843315b97bf46893ca92d (diff) | |
download | sssd-9a2f018c0f68a3ada4cea4128a861a7f85893f22.tar.gz sssd-9a2f018c0f68a3ada4cea4128a861a7f85893f22.tar.xz sssd-9a2f018c0f68a3ada4cea4128a861a7f85893f22.zip |
ldap: remove originalMeberOf if there is no memberOf
Since originalMemerberOf is not mapped directly to an original attribute
and is handled specially it is not automatically removed if there is no
memberOf in the original object anymore. This patch put
originalMemerberOf on the list of attribute which should be removed in
that case.
Resolves https://fedorahosted.org/sssd/ticket/2917
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers/ipa/ipa_s2n_exop.c')
-rw-r--r-- | src/providers/ipa/ipa_s2n_exop.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index d101a437d..1d233cd52 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -1764,6 +1764,8 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, struct sysdb_attrs *gid_override_attrs = NULL; char ** exop_grouplist; struct ldb_message *msg; + struct ldb_message_element *el = NULL; + const char *missing[] = {NULL, NULL}; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -1993,6 +1995,12 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, } } + ret = sysdb_attrs_get_el_ext(attrs->sysdb_attrs, + SYSDB_ORIG_MEMBEROF, false, &el); + if (ret == ENOENT) { + missing[0] = SYSDB_ORIG_MEMBEROF; + } + ret = sysdb_transaction_start(dom->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); @@ -2004,7 +2012,9 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, attrs->a.user.pw_uid, gid, attrs->a.user.pw_gecos, attrs->a.user.pw_dir, attrs->a.user.pw_shell, - NULL, attrs->sysdb_attrs, NULL, + NULL, attrs->sysdb_attrs, + missing[0] == NULL ? NULL + : discard_const(missing), dom->user_timeout, now); if (ret == EEXIST && dom->mpg == true) { /* This handles the case where getgrgid() was called for |