SSSD / sssd

Clone

2569984 LDAP/AD: resolve domain local groups for remote users

4 files Authored by sbose 7 years ago, Committed by jhrozek 7 years ago,
raw patch tree parent
4 files changed. 569 lines added. 7 lines removed.
src/db/sysdb.h
file modified
+1 -0
src/providers/ldap/sdap_async_initgroups.c
file modified
+151 -7
src/providers/ldap/sdap_async_initgroups_ad.c
file modified
+407 -0
src/providers/ldap/sdap_async_private.h
file modified
+10 -0 
    LDAP/AD: resolve domain local groups for remote users
    
    If a user from a trusted domain in the same forest is a direct or
    indirect member of domain local groups from the local domain those
    memberships must be resolved as well. Since those domain local groups
    are not valid in the trusted domain a DC from the trusted domain which
    is used to lookup the user data is not aware of them. As a consequence
    those memberships must be resolved against a local DC in a second step.
    
    Resolves https://fedorahosted.org/sssd/ticket/3206
    
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
file modified
+1 -0
file modified
+151 -7
file modified
+407 -0
file modified
+10 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.