adamwill / 389-ds-base

Forked from 389-ds-base 4 years ago
Clone

5324aec Ticket #47642 - Windows Sync group issues

Authored and Committed by nhosoi 10 years ago
    Ticket #47642 - Windows Sync group issues
    
    Bug Description: When an entry is moved on AD, and the entry is
    a member of a group, the value of the member in the group is
    automatically updated.  But Windows Sync Control request only
    returns the renamed entry; it does not return the group having
    the member in it even though the value is updated.  This is
    because an AD group stores DNT (Distinguish Name Tag -- ID in
    integer) instead of the dn itself.  Since the rename operation
    does not change DNT, the group entry on AD has no change, either.
    
    On the DS side, the group entry stores the full DN which needs
    to be adjusted to the renamed DN to complete the synchronization
    with AD.
    
    Fix Description: Once rename operation is received from AD,
    windows_update_local_entry searches groups having a member value
    matches the pre-renamed dn on DS, and replaces the old dn with the
    renamed one.
    
    Thanks to tbordaz@redhat.com for pointing out the possibility of
    NULL dereference.  The problem is fixed, as well.
    
    Thanks to rmeggins@redhat.com for suggesting to escape the search
    filter value.  It was added.
    
    https://fedorahosted.org/389/ticket/47642
    (cherry picked from commit 98ddd817e26f236adebd80270ec71d7ec372c20e)
    (cherry picked from commit 86515d1b18a96b9d7e6143f870b343030a7af5a7)
    (cherry picked from commit ab4893cb851533d89e1b02c91972255a48776ce4)