1 files changed, 20 insertions, 4 deletions

diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
index 60245d8ca..7990d8c57 100644
--- a/src/providers/ipa/ipa_subdomains_id.c
+++ b/src/providers/ipa/ipa_subdomains_id.c
@@ -629,6 +629,7 @@ struct ipa_get_ad_acct_state {
     char *object_sid;
     struct sysdb_attrs *override_attrs;
     struct ldb_message *obj_msg;
+    struct ldb_message_element *ghosts;
 };
 
 static void ipa_get_ad_acct_ad_part_done(struct tevent_req *subreq);
@@ -1208,7 +1209,6 @@ static errno_t ipa_check_ghost_members(struct tevent_req *req)
                                                 struct ipa_get_ad_acct_state);
     errno_t ret;
     struct tevent_req *subreq;
-    struct ldb_message_element *ghosts = NULL;
 
 
     if (state->obj_msg == NULL) {
@@ -1224,14 +1224,14 @@ static errno_t ipa_check_ghost_members(struct tevent_req *req)
         }
     }
 
-    ghosts = ldb_msg_find_element(state->obj_msg, SYSDB_GHOST);
+    state->ghosts = ldb_msg_find_element(state->obj_msg, SYSDB_GHOST);
 
-    if (ghosts != NULL) {
+    if (state->ghosts != NULL) {
         /* Resolve ghost members */
         subreq = ipa_resolve_user_list_send(state, state->ev,
                                             state->ipa_ctx,
                                             state->obj_dom->name,
-                                            ghosts);
+                                            state->ghosts);
         if (subreq == NULL) {
             DEBUG(SSSDBG_OP_FAILURE, "ipa_resolve_user_list_send failed.\n");
             return ENOMEM;
@@ -1275,6 +1275,7 @@ static errno_t ipa_get_ad_apply_override_step(struct tevent_req *req)
     size_t groups_count = 0;
     struct ldb_message **groups = NULL;
     const char *attrs[] = SYSDB_INITGR_ATTRS;
+    const char *overide_name;
 
     if (state->override_attrs != NULL) {
         /* We are in ipa-server-mode, so the view is the default view by
@@ -1312,6 +1313,21 @@ static errno_t ipa_get_ad_apply_override_step(struct tevent_req *req)
         }
     }
 
+
+    /* check if there is a override name which should replace the orignal
+     * name in the memberUid sttribute. */
+    ret = sysdb_attrs_get_string(state->override_attrs, SYSDB_NAME,
+                                 &overide_name);
+    if (ret == EOK) {
+        ret = sysdb_refresh_group_memberships(state->obj_dom,
+                                              state->obj_msg->dn);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE,
+                  "sysdb_replace_override_name_in_memberuid failed, "
+                  "ignored, member names might not show overrides.\n");
+        }
+    }
+
     /* Replace ID with name in search filter */
     if ((entry_type == BE_REQ_USER && state->ar->filter_type == BE_FILTER_IDNUM)
             || (entry_type == BE_REQ_INITGROUPS