03bc962 nss: use real primary gid if the value is overriden

3 files Authored by pbrezina 4 years ago, Committed by mzidek 4 years ago,
    nss: use real primary gid if the value is overriden
    
    SYSDB_PRIMARY_GROUP_GIDNUM contains original primary group id from AD
    because any possible override may not be known at the time of storing
    the user.
    
    Now we try to lookup group by its originalADgidNumber and if it is found
    we will replace the original id with real primary group id.
    
    Steps to reproduce:
    1. Enroll SSSD to IPA domain with AD trust
    2. Add ID override to Domain Users `ipa idoverridegroup-add 'Default Trust View' "Domain Users@ad.vm" --gid=40000000`
    3. On IPA server: Remove cache for the overrides to apply immediately and restart SSSD `sssctl cache-remove --stop --start`
    4. On IPA server: Resolve user `id Administrator@ad.vm`
    
    There will be visible both new and old gids without the patch.
    
    Resolves:
    https://pagure.io/SSSD/sssd/issue/4124
    
    Reviewed-by: Sumit Bose <sbose@redhat.com>
    
        
file modified
+7 -0
file modified
+31 -9