SSSD / sssd

Clone

8280c52 AD: filter domain local groups for trusted/sub domains

4 files Authored by sbose 10 years ago, Committed by jhrozek 10 years ago,
raw patch tree parent
4 files changed. 138 lines added. 64 lines removed.
src/providers/ldap/sdap.h
file modified
+8 -0
src/providers/ldap/sdap_async_groups.c
file modified
+100 -60
src/providers/ldap/sdap_async_initgroups_ad.c
file modified
+4 -2
src/providers/ldap/sdap_async_nested_groups.c
file modified
+26 -2 
    AD: filter domain local groups for trusted/sub domains
    
    In Active Directory groups with a domain local scope should only be used
    inside of the specific domain. Since SSSD read the group memberships
    from LDAP server of the user's domain the domain local groups are
    included in the LDAP result. Those groups should be filtered out if the
    domain is a sub/trusted domain, i.e. is not the domain the client
    running SSSD is joined to.
    
    The groups will still be in the cache but marked as non-POSIX groups and
    no GID will be assigned.
    
    Fixes https://fedorahosted.org/sssd/ticket/2178
file modified
+8 -0
file modified
+100 -60
file modified
+4 -2
file modified
+26 -2
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.