URL:
https://github.com/SSSD/sssd/pull/85
Title: #85: SYSDB: Removing of sysdb_try_to_find_expected_dn()
sumit-bose commented:
"""
I think sdap_object_in_domain() and sdap_domain_get_by_dn() are working as expected, only
the debug message in the code-block you cited should be corrected to some thing like
"The original DN of the group cannot be related to any search base".
sdap_object_in_domain() assumes by default that the given object belongs to the given
group which can be seen in the handling of the missing DN. So it makes sense that if the
DN cannot be matched to any search bases to assume the same, i.e. 'return
true;'.
When test_user_is_from_another_domain() is run there is only one domain,
"domain.test.com", available in opts->sdom when sdap_domain_get_by_dn() is
called. The search base does not match to the DN of the object from
"another_domain.test.com" and NULL is returned. If you setup the test so that
there is at least "another_domain.test.com" in the opt->sdom list as well
sdap_domain_get_by_dn() can return the domain and in sdap_object_in_domain() false can be
returned because the domains are not the same.
HTH
bye,
Sumit
"""
See the full comment at
https://github.com/SSSD/sssd/pull/85#issuecomment-273496307