389-ds-base

Clone
Source Code
GIT

9093f58 Ticket #47310 - Attribute "dsOnlyMemberUid" not allowed when syncing nested posix groups from AD with posixWinsync

Authored and Committed by nhosoi 10 years ago
raw patch tree parent
2 files changed. 20 lines added. 16 lines removed.
ldap/servers/plugins/posix-winsync/posix-group-func.c
file modified
+17 -13
ldap/servers/plugins/posix-winsync/posix-winsync.c
file modified
+3 -3 
    Ticket #47310 - Attribute "dsOnlyMemberUid" not allowed when syncing nested posix groups from AD with posixWinsync
    
    Bug description: When Posix Winsync API plug-in is configured
    with posixWinsyncMapMemberUid and posixWinsyncMapNestedGrouping
    enabled (true), Posix Group added to AD is synchronized to DS
    with mapped dsOnlyMemberUid and memberUid.  When adding a Posix
    Group with the nested group member, addGroupMembership function
    adds "dynamicGroup" to objectClass to allow the Posix Group entry
    to have dsOnlyMemberUid.  The add should be made against the entry
    in the memory since the entry is not yet stored in the database,
    but it was trying to modify against the backend.
    
    Fix description: This patch directly adds "dynamicGroup" to the
    objectclass valueset, by which the attribute "dsOnlyMemberUid"
    is allowed to add to the entry.
    
    In addition,
    1) when reflecting the mapped memberUid on DS to AD, the logic
    was corrected to "if dsOnlyMemberUid matches memberUid",
    2) when the Posix Group is nested in the multiple levels, the
    mapped memberUid was not retrieved.  The code was added.
    
    Reviewed by Rich (Thank you!!)
    
    https://fedorahosted.org/389/ticket/47310
file modified
+17 -13
file modified
+3 -3
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.