24d8c85 SYSDB: Augment sysdb_try_to_find_expected_dn to match search base as well

Authored and Committed by jhrozek 4 years ago
    SYSDB: Augment sysdb_try_to_find_expected_dn to match search base as well
    
    In cases where the domain name in sssd.conf does not match the AD
    domain, our previous matching process wouldn't match. This patch
    augments the matching as follows:
        - the search base is known to sysdb_try_to_find_expected_dn and is
          expected to be non-NULL
        - the existing matching is ran first
        - during the search base, matching, all the non-DC components are
          stripped from the search base to 'canonicalize' the search base
        - if only a single entry that matches with a non-DC DN component
          (matching with a DC component would mean the DN comes from a
          different domain) then this entry is a match and is returned
    
    Resolves:
    https://fedorahosted.org/sssd/ticket/3199
    
    Reviewed-by: Sumit Bose <sbose@redhat.com>
    
        
file modified
+1 -0
file modified
+99 -0