From a68e17d8fdc265d40e6f4a7d21a6d287a4bf23d5 Mon Sep 17 00:00:00 2001
From: Michal Zidek <mzidek@redhat.com>
Date: Wed, 15 Jun 2016 17:05:01 +0200
Subject: SDAP: Store SID members during AD initgroups with a qualified name

This is to be consistent with how we name groups normally. We rename the
groupnames when resolving the groups by ID anyway, but if we fail to do
so, at least be consistent.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
 src/providers/ldap/sdap_async_initgroups_ad.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src/providers')

diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c
index 92cedb05f..ad54c1fb8 100644
--- a/src/providers/ldap/sdap_async_initgroups_ad.c
+++ b/src/providers/ldap/sdap_async_initgroups_ad.c
@@ -916,7 +916,12 @@ errno_t sdap_ad_save_group_membership_with_idmapping(const char *username,
             /* This is a new group. For now, we will store it under the name
              * of its SID. When a direct lookup of the group or its GID occurs,
              * it will replace this temporary entry. */
-            name = sid;
+            name = sss_create_internal_fqname(tmp_ctx, sid, domain->name);
+            if (name == NULL) {
+                ret = ENOMEM;
+                goto done;
+            }
+
             ret = sysdb_add_incomplete_group(domain, name, gid,
                                              NULL, sid, NULL, false, now);
             if (ret != EOK) {
-- 
cgit