mayorga / 389-ds-base

Forked from 389-ds-base 7 years ago
Clone

ba095d0 Ticket #47488 - Users from AD sub OU does not sync to IPA

1 file Authored by nhosoi 10 years ago, Committed by rmeggins 10 years ago,
    Ticket #47488 - Users from AD sub OU does not sync to IPA
    
    Bug description: When processing a DN from AD, the DN is passed to
    a helper function is_subject_of_agreement_remote (windows_protocol_
    util.c) to check if the DN is a subject of the sync service or not.
    The helper function was checking if the AD DN is just one-level
    child of the agreement subtree top (nsds7WindowsReplicaSubtree) but
    not the subtree-level descendents.  Note: the DN is an original one
    in AD, which has not be flattened yet.  Therefore, the AD entry was
    determined not to be synchronized.
    
    Fix description: This bug was fixed in the master tree with the
    ticket #521 - modrdn + NSMMReplicationPlugin - Consumer failed to
    replay change.
     3) is_subject_of_agreement_remote (windows_protocol_util.c):
        When checking if the entry was in the subtree defined in the
        agreement or not, it returned true only if the entry is a
        direct child of the agreement subtree top. This patch returns
        true if the entry is the further descendent of the subtree.
    The fix is back ported to 389-ds-base-1.3.1 branch.
    
    Reviewed by Rich (Thank you!!)
    
    https://fedorahosted.org/389/ticket/47488
    (cherry picked from commit 529a544a2fe9961d9286e191346fb5faca27d38b)
    (cherry picked from commit 26c669dcad15f9dbbfdff6fbeffac579099b7718)
    (cherry picked from commit 81f26a33df3c5f369097d673edfe52535ce77cc4)