SSSD / sssd

Clone

4cd1cb2 AD: cross-domain membership fix

6 files Authored by sbose 10 years ago, Committed by jhrozek 10 years ago,
raw patch tree parent
6 files changed. 261 lines added. 30 lines removed.
src/providers/ad/ad_id.c
file modified
+2 -17
src/providers/ad/ad_init.c
file modified
+2 -0
src/providers/ldap/sdap_async.h
file modified
+1 -0
src/providers/ldap/sdap_async_groups.c
file modified
+61 -1
src/providers/ldap/sdap_async_initgroups.c
file modified
+47 -3
src/providers/ldap/sdap_async_initgroups_ad.c
file modified
+148 -9 
    AD: cross-domain membership fix
    
    A recent patch directed all call related to group membership lookups to
    the AD LDAP port to fix an issue related to missing group memberships in
    the Global Catalog. As a side-effect it broke cross-domain
    group-memberships because those cannot be resolved by the connection to
    the LDAP port.
    
    The patch tires to fix this by restoring the original behaviour in the
    top-level lookup calls in the AD provider and switching to the LDAP port
    only for the LDAP request which is expected to return the full group
    membership.
    
    Additionally this patch contains a related fix for the tokenGroups with
    Posix attributes patch. The original connection, typically a Global
    Catalog connection in the AD case is passed down the stack so that the
    group lookup after the tokenGroups request can run over the same
    connection.
file modified
+2 -17
file modified
+2 -0
file modified
+1 -0
file modified
+61 -1
file modified
+47 -3
file modified
+148 -9
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.