>From bdb1f114fc1b733141b068cad160a845693d92fc Mon Sep 17 00:00:00 2001 From: Pavel Reichl Date: Tue, 22 Sep 2015 04:41:18 -0400 Subject: [PATCH] SDAP: Relax POSIX check Relax the check on UID or GID just to control presence. Add the objectclasses for user and group to filter to make check more reliable. Resolves: https://fedorahosted.org/sssd/ticket/2800 --- src/providers/ldap/sdap_async.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 97c9ea5df61a6516ca74bb73edc9a116b1266c71..b81431f79f21755469bb9ff123d695a2a166e353 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -2586,9 +2586,12 @@ sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev, state->attrs[2] = opts->group_map[SDAP_AT_GROUP_GID].name; state->attrs[3] = NULL; - state->filter = talloc_asprintf(state, "(|(%s=*)(%s=*))", + state->filter = talloc_asprintf(state, + "(|(&(%s=*)(objectclass=%s))(&(%s=*)(objectclass=%s)))", opts->user_map[SDAP_AT_USER_UID].name, - opts->group_map[SDAP_AT_GROUP_GID].name); + opts->user_map[SDAP_OC_USER].name, + opts->group_map[SDAP_AT_GROUP_GID].name, + opts->group_map[SDAP_OC_GROUP].name); if (state->filter == NULL) { ret = ENOMEM; goto fail; @@ -2671,9 +2674,8 @@ static errno_t sdap_posix_check_parse(struct sdap_handle *sh, errno = 0; strtouint32(vals[0]->bv_val, &endptr, 10); if (errno || *endptr || (vals[0]->bv_val == endptr)) { - DEBUG(SSSDBG_OP_FAILURE, + DEBUG(SSSDBG_MINOR_FAILURE, "POSIX attribute is not a number: %s\n", vals[0]->bv_val); - goto done; } state->has_posix = true; -- 2.4.3