529a544 Ticket #47488 - Users from AD sub OU does not sync to IPA

Authored and Committed by nhosoi 7 years ago
    Ticket #47488 - Users from AD sub OU does not sync to IPA
    Bug description: When processing a DN from AD, the DN is passed to
    a helper function is_subject_of_agreement_remote (windows_protocol_
    util.c) to check if the DN is a subject of the sync service or not.
    The helper function was checking if the AD DN is just one-level
    child of the agreement subtree top (nsds7WindowsReplicaSubtree) but
    not the subtree-level descendents.  Note: the DN is an original one
    in AD, which has not be flattened yet.  Therefore, the AD entry was
    determined not to be synchronized.
    Fix description: This bug was fixed in the master tree with the
    ticket #521 - modrdn + NSMMReplicationPlugin - Consumer failed to
    replay change.
     3) is_subject_of_agreement_remote (windows_protocol_util.c):
        When checking if the entry was in the subtree defined in the
        agreement or not, it returned true only if the entry is a
        direct child of the agreement subtree top. This patch returns
        true if the entry is the further descendent of the subtree.
    The fix is back ported to 389-ds-base-1.3.1 branch.
    Reviewed by Rich (Thank you!!)