SSSD / sssd

Clone

b12e250 LDAP: tokengroups do not work with id_provider=ldap

4 files Authored by preichl 9 years ago, Committed by jhrozek 9 years ago,
raw patch tree parent
4 files changed. 93 lines added. 13 lines removed.
src/providers/ldap/sdap_async_groups.c
file modified
+3 -2
src/providers/ldap/sdap_async_initgroups_ad.c
file modified
+71 -11
src/util/domain_info_utils.c
file modified
+14 -0
src/util/util.h
file modified
+5 -0 
    LDAP: tokengroups do not work with id_provider=ldap
    
    With plain LDAP provider we already have a sdap_handle, so it should be possible
    that in the case where sdom->pvt == NULL sdap_id_op_connect_send() can be
    skipped and sdap_get_ad_tokengroups_send() can be already send with the
    sdap_handle passed to sdap_ad_tokengroups_initgr_mapping_send(). So we should
    only fail if sdom->pvt == NULL and sh == NULL.
    
    if find_subdomain_by_sid() failed we can check if there is only one domain in
    the domain list (state->domain) and in this case continue with this domain since
    the LDAP provider does not know about sub-domains and hence can only have one
    configured domain.
    
    Resolves:
    https://fedorahosted.org/sssd/ticket/2345
    
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
file modified
+3 -2
file modified
+71 -11
file modified
+14 -0
file modified
+5 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.