734e732 CONFDB: Fix standalone application domains

Authored and Committed by jhrozek 6 years ago
    CONFDB: Fix standalone application domains
    
    When a standalone application domain was configured, for example:
    
    -------------------------------------------------
    [sssd]
    domains = appdomain
    
    [application/appdomain]
    id_provider=ldap
    ldap_uri = ldap://dc.ipa.test
    ldap_search_base = cn=accounts,dc=ipa,dc=test
    ldap_schema = rfc2307bis
    sudo_provider = none
    
    ldap_sasl_mech = gssapi
    krb5_realm = IPA.TEST
    krb5_server = dc.ipa.test
    
    ldap_user_uid_number = telephonenumber
    ldap_user_gid_number = mobile
    ldap_user_extra_attrs = location:l
    -------------------------------------------------
    
    We would, when unrolling the application section into a domain section,
    first add a domain stub, equivalent to:
    -----------------------------
    [domain/appdomain]
    domain_type = application
    -----------------------------
    
    Which in config.ldb also contains cn. Then, whem we would add the parameters
    from the [application] section, but try to add the cn again.
    
    This didn't happen when inheriting from a POSIX domain, because there we
    would set LDB_FLAG_REPLACE for any attributes that exist in the inherited
    domain.
    
    This patch skips the cn attribute both when replacing an inherited
    domain's attributes and when writing a standalone application domain.
    
    Resolves:
    https://pagure.io/SSSD/sssd/issue/3355
    
    Reviewed-by: Pavel Březina <pbrezina@redhat.com>
    
        
file modified
+22 -4