From 8455d5ab61184e0d126fc074a9ce6e98391eb909 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Sat, 17 Nov 2012 23:55:13 +0100 Subject: LDAP: Only convert direct parents' ghost attribute to member https://fedorahosted.org/sssd/ticket/1612 This patch changes the handling of ghost attributes when saving the actual user entry. Instead of always linking all groups that contained the ghost attribute with the new user entry, the original member attributes are now saved in the group object and the user entry is only linked with its direct parents. As the member attribute is compared against the originalDN of the user, if either the originalDN or the originalMember attributes are missing, the user object is linked with all the groups as a fallback. The original member attributes are only saved if the LDAP schema supports nesting. --- src/providers/ipa/ipa_hbac_private.h | 1 - 1 file changed, 1 deletion(-) (limited to 'src/providers/ipa/ipa_hbac_private.h') diff --git a/src/providers/ipa/ipa_hbac_private.h b/src/providers/ipa/ipa_hbac_private.h index bb1ea4ec1..f313ca132 100644 --- a/src/providers/ipa/ipa_hbac_private.h +++ b/src/providers/ipa/ipa_hbac_private.h @@ -34,7 +34,6 @@ #define IPA_UNIQUE_ID "ipauniqueid" #define IPA_MEMBER "member" -#define SYSDB_ORIG_MEMBER "orig_member" #define HBAC_HOSTS_SUBDIR "hbac_hosts" #define HBAC_HOSTGROUPS_SUBDIR "hbac_hostgroups" -- cgit