diff options
| -rw-r--r-- | src/providers/ldap/sdap_async_netgroups.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index df233d956..e1d69ad76 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -138,6 +138,22 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, goto fail; } + /* We store memberNisNetgroup from LDAP as originalMemberNisNetgroup in + * sysdb. It may contain simple name or DN. That's the reason why we always + * translate/generate simple name and store it in SYSDB_NETGROUP_MEMBER + * (memberNisNetgroup) in sysdb which is internally used for searching + * netgropus. + * We need to ensure if originalMemberNisNetgroup is missing, + * memberNisNetgroup is missing too. + */ + if (string_in_list(SYSDB_ORIG_NETGROUP_MEMBER, missing, false)) { + ret = add_string_to_list(attrs, SYSDB_NETGROUP_MEMBER, &missing); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add string into list\n"); + goto fail; + } + } + ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, missing, dom->netgroup_timeout, now); if (ret) goto fail; |