summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/sdap_async_initgroups.c
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2015-04-22 16:57:37 +0200
committerJakub Hrozek <jhrozek@redhat.com>2015-04-29 11:33:22 +0200
commitf70a1adbfc30b9acc302027439fb8157e0c6ea2a (patch)
treeb65879cc54087e6e7fcc5aea4e2b86a4de3d1683 /src/providers/ldap/sdap_async_initgroups.c
parent82a958e6592c4a4078e45b7197bbe4751b70f511 (diff)
downloadsssd-f70a1adbfc30b9acc302027439fb8157e0c6ea2a.tar.gz
sssd-f70a1adbfc30b9acc302027439fb8157e0c6ea2a.tar.xz
sssd-f70a1adbfc30b9acc302027439fb8157e0c6ea2a.zip
IPA: allow initgroups by SID for AD users
If a user from a trusted AD domain is search with the help of an override name the SID from the override anchor is used to search the user in AD. Currently the initgroups request only allows searches by name. With this patch a SID can be used as well. Resolves https://fedorahosted.org/sssd/ticket/2632 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers/ldap/sdap_async_initgroups.c')
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index ae617b9c4..5c5be5eab 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -2716,6 +2716,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) {
search_attr = state->opts->user_map[SDAP_AT_USER_PRINC].name;
+ } else if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_SID) == 0) {
+ search_attr = state->opts->user_map[SDAP_AT_USER_OBJECTSID].name;
} else {
search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name;
}
generated by cgit (git 2.34.1) at 2024-05-03 17:17:46 +0000